Browser-layer visibility is becoming essential for AI governance

At a glance

What this is: This is an analysis of how converging AI regulations are forcing organisations to prove control over employee AI use, with browser-layer visibility emerging as the practical evidence source.

Why it matters: It matters because IAM, NHI, and human identity teams now need evidence across app use, consent, data handling, and authentication rather than relying on IdP logs or annual training records alone.

By the numbers:

• The average organisation has 16 unique AI apps in active use, 17 unique AI browser extensions, and 17 unique AI OAuth integrations connected into just Google Workspace and Microsoft 365.
• Some organisations reach as high as 40 unique AI apps, 163 AI extensions, and 55 OAuth connections to AI apps respectively.

👉 Read Push Security's analysis of browser-layer controls for AI regulation and compliance

Context

AI governance is no longer just about policy language or annual training. The issue is evidence: regulators are increasingly asking organisations to show which AI tools employees use, what data they expose, and how access is controlled at the point of interaction.

That creates a direct identity problem for IAM, NHI, and security teams. If AI usage is happening through browser sessions, OAuth consent, and shadow extensions, then the control surface sits outside the visibility of traditional directory and network tools.

The organisations most exposed are not necessarily the most advanced adopters. They are the ones with growing AI use but no browser-layer telemetry to prove inventory, literacy, data handling, or third-party oversight.

Key questions

Q: How should security teams govern employee AI use without full browser visibility?

A: They should treat browser-layer telemetry as the primary evidence source for AI governance. That means correlating app use, extensions, OAuth grants, and user interactions so policy can be enforced where the activity happens. Without that layer, inventory, literacy, and data controls remain partial and difficult to prove.

Q: Why do AI tools create new identity governance problems for IAM teams?

A: AI tools create persistent trust relationships through user-driven access, especially when OAuth consent, browser sessions, and weak authentication are involved. IAM teams must therefore govern not only who can sign in, but also what third-party services inherit access and what data flows through those sessions.

Q: What breaks when AI literacy training is separated from the workflow?

A: The organisation loses evidence that guidance was received at the moment risk occurred. Annual training can show completion, but it cannot prove that an employee saw the right warning before pasting sensitive data into an AI tool or approving a risky integration.

Q: How do organisations know whether their AI governance controls are actually working?

A: They should look for auditable proof of discovery, point-of-use enforcement, and consent tracking inside the browser. If the organisation can show which AI tools were used, what guidance was delivered, and which integrations were authorised, the controls are becoming measurable rather than theoretical.

Technical breakdown

AI inventory and shadow AI discovery in the browser

AI inventory is the foundation of most new AI obligations because you cannot classify or govern what you cannot see. In practice, employee use of AI tools often appears first in the browser through web apps, extensions, and OAuth grants, not through procurement or asset records. Browser-layer telemetry captures the actual interaction path, including the apps accessed, the integrations approved, and the services that became part of the corporate trust boundary without formal review.

Practical implication: build discovery around observed browser activity, not just sanctioned app lists or IdP reports.

AI data exposure control at the point of interaction

Regulators are converging on controls for what data enters AI tools, especially personal, health, and decision-related information. The technical problem is that clipboard content, pasted text, and uploads often escape detection once they leave the browser session. A browser control layer can inspect the interaction before submission, which is different from downstream DLP because it acts where the exposure begins, not after the data has already moved into a third-party service.

Practical implication: enforce prompts, warnings, or blocking on sensitive browser-side AI interactions before the submission completes.

AI-resistant authentication and third-party AI trust

AI-specific risk does not stop at the prompt box. Employee use of AI tools frequently creates persistent OAuth relationships, and those relationships can sit alongside weak or missing MFA. The result is a blended identity surface where authentication strength, consent grants, and delegated permissions all matter at once. Browser visibility helps identify both the quality of the login path and the services that inherited access through the user’s own approval.

Practical implication: review AI-related OAuth grants and MFA posture together, because delegated access can outlive the session that created it.

Breaches seen in the wild

• ASP.NET machine keys RCE attack — 3,000+ exposed ASP.NET machine keys enabled remote code execution.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Browser-layer visibility has become the control plane for AI governance. The emerging regulatory pattern is not asking organisations to classify AI in the abstract. It is asking them to prove what employees actually used, what data they exposed, and whether access was controlled at the moment of use. Traditional IAM and network controls do not see enough of that behaviour to satisfy the burden of evidence. Practitioners should treat browser telemetry as the operational layer that turns AI policy into auditable control.

Shadow AI is now a governance and identity issue, not just an inventory problem. The article’s own figures show how quickly unmanaged AI sprawl grows across apps, extensions, and OAuth integrations. That means the trust boundary is being expanded by user behaviour faster than procurement or security review can keep up. The implication is that AI governance programmes need to recognise browser-mediated adoption as a structural source of unmanaged identity relationships, not a side effect of innovation.

AI literacy requirements will fail if they remain detached from the point of interaction. Several frameworks now expect organisations to show that employees understand AI use in context, not just in annual training records. A one-time course does not prove that a user received the right guidance when they were about to paste sensitive data into a public AI tool. Practitioners should assume that compliance evidence must be generated at the workflow edge, or the literacy obligation will remain non-evidentiary.

AI-resistant authentication and third-party AI risk are converging into one identity control problem. The same browser session that exposes weak MFA can also create a durable AI trust relationship through OAuth consent. That means authentication, delegated access, and third-party oversight can no longer be managed in separate programmes if the organisation wants credible AI governance. Security teams should align identity controls around the browser session as the common point where access is initiated, extended, and evidenced.

AI governance will be judged by demonstrable enforcement, not policy intent. Regulators are moving toward a model where organisations must show that AI use was visible, governed, and constrained in real time. Browser-layer control closes the gap between what a policy says and what the user actually did. Practitioners should expect the next wave of AI compliance to reward evidence-rich control planes and expose programmes that still depend on retrospective reporting.

From our research:

• The average organisation has 16 unique AI apps in active use, 17 unique AI browser extensions, and 17 unique AI OAuth integrations connected into just Google Workspace and Microsoft 365, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
• DeepSeek accidentally embedded over 11,000 secrets in its training data and left a database exposed online, revealing more than one million sensitive records including chat histories, backend credentials, and API keys.
• Browser-layer visibility should be read alongside Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs, because AI consent and access relationships also need lifecycle control.

What this signals

Shadow AI discovery will become a baseline control requirement: once organisations realise that AI use shows up first in the browser, the old split between sanctioned applications and unsanctioned behaviour becomes too blunt to govern. A programme that cannot see browser-side AI use cannot credibly claim inventory completeness, especially when AI adoption is already producing multiple untracked access paths. That is why the control conversation is moving from policy to evidence, and why browser telemetry is becoming a prerequisite for defensible governance.

The practical signal for security teams is that AI oversight will increasingly look like identity governance for a distributed, user-driven trust graph. Browser-layer controls, OAuth review, and contextual policy prompts need to work together because each closes a different part of the compliance gap. For identity teams, this is also a reminder that the boundary between human choice and machine-mediated access is now operationally porous, which makes point-of-use enforcement more valuable than retrospective review.

Ephemeral AI adoption debt: the longer AI tools, extensions, and consent grants remain untracked, the more difficult it becomes to prove who had access to what, when, and under which policy. Organisations should expect auditors and regulators to ask for evidence that maps usage to control, not just policy to training. The governance response is to make browser-layer visibility part of identity operations, not a separate security project.

For practitioners

• Inventory AI use from browser telemetry Correlate browser sessions, extensions, and OAuth grants to build an AI inventory that reflects actual employee behaviour rather than sanctioned app lists.
• Enforce data checks before AI submission Inspect pasted text, uploads, and form input at the browser layer so sensitive data is warned on or blocked before it leaves the workstation.
• Tie AI literacy to point-of-use guidance Use contextual banners and acknowledgements inside the browser so policy guidance is delivered when the employee is interacting with the AI tool, not weeks earlier in training.
• Review OAuth consent and MFA together Track which AI services were granted persistent access, who authorised them, and whether the login path used phishing-resistant MFA or weaker fallback methods.

Key takeaways

• AI governance is becoming an evidence problem, because regulators want proof of real employee behaviour rather than policy statements.
• Browser-layer telemetry exposes the identity, data, and consent relationships that traditional IAM and network tools miss.
• Teams that cannot connect AI discovery, point-of-use guidance, and OAuth oversight will struggle to show compliance as requirements tighten.

Key terms

• Browser-layer visibility: Browser-layer visibility is the ability to observe user activity where it actually happens in the web session, including app use, input, consent, and extensions. For AI governance, it becomes the evidence layer that shows what employees used, what data they exposed, and what access they granted.
• Shadow AI: Shadow AI is the use of AI tools, extensions, or integrations that are not fully known, approved, or governed by the organisation. In practice it creates hidden identity and data relationships that bypass procurement, IAM review, and normal control evidence.
• OAuth integration: An OAuth integration is a delegated trust relationship that lets one service access another on a user’s behalf. In AI environments, these integrations can persist beyond the original session and become a standing access path if they are not reviewed and revoked.
• AI literacy evidence: AI literacy evidence is proof that employees received relevant guidance about approved AI use, data handling, and risk at the time it mattered. Annual training completion alone is not enough when regulators want demonstrable, context-aware guidance tied to actual interaction points.

Deepen your knowledge

AI inventory, browser-layer enforcement, and point-of-use policy guidance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is building AI governance from a visibility gap, it is worth exploring.

This post draws on content published by Push Security: AI regulations are converging on browser-layer visibility for compliance. Read the original.