Browser security is now the hidden control plane for identity risk

At a glance

What this is: This browser security report argues that the browser has become the enterprise’s most overlooked endpoint, with GenAI, extensions, and active sessions now driving data leakage and identity risk.

Why it matters: It matters because IAM, NHI, and security teams must extend governance into the browser session, where identity use, copy/paste, and AI interactions now bypass legacy controls.

By the numbers:

• 77% users paste data into prompts, 82% use personal accounts, and 40% of uploaded files contain PII/PCI.
• GenAI now accounting for 32% of all corporate to personal data movement.
• 99% of enterprise users have at least one extension installed, with more than half having high or critical permissions.

👉 Read LayerX Security's analysis of browser-based identity and data risk

Context

The browser has become the place where identity, data, and AI now intersect, but most security and IAM programmes still treat it as a delivery layer rather than a control plane. That gap matters because the browser holds the active session, the prompt, the clipboard, and the extension permissions that increasingly determine whether data leaves the enterprise.

For identity teams, the problem is no longer only authentication at login. It is what happens after access is granted, when users move between corporate and personal accounts, paste into GenAI tools, and run extensions that can see cookies and tabs. Traditional controls were designed for managed endpoints and sanctioned applications, not for the browser as the operating environment.

Key questions

Q: How should security teams govern browser sessions that outlive authentication?

A: Security teams should treat the authenticated session as the control point, not the login event. That means monitoring cookie reuse, account switching, and token replay in real time, especially where SaaS apps and personal accounts coexist. Browser-native visibility is essential because traditional IdP logs do not show how access is actually used after sign-in.

Q: Why do browser extensions create identity and data risk for enterprises?

A: Browser extensions can read pages, inspect cookies, and interact with SaaS content, so they often operate with more effective privilege than teams expect. A compromised or sideloaded extension can expose sessions and data without triggering endpoint or network alerts. Security teams should govern extensions as privileged software with continuous permission review.

Q: What breaks when GenAI prompts become the main exfiltration channel?

A: File-centric DLP loses coverage when users move data through prompts, copy/paste, and browser-based AI tools instead of attachments or uploads. The organisation may still believe it is controlling sensitive data, but the real leak path has shifted to interaction data. Controls need to inspect the browser action itself, not only the file object.

Q: Who is accountable when browser-based identity risk causes a data leak?

A: Accountability typically sits with the teams that own identity, endpoint, and data controls together, because the browser collapses those boundaries. IAM, DLP, and security architecture can no longer be managed as separate silos if sessions, extensions, and prompts are the real leak points. Frameworks such as the NHI Lifecycle Management Guide can help align ownership across access and runtime control.

Technical breakdown

Browser sessions as the real identity boundary

Modern identity risk often begins after successful authentication, inside the browser session rather than at the login prompt. Cookies, session tokens, cached credentials, and account switching let users continue operating without fresh verification, which means a stolen or shared session can bypass the assurance created by SSO and MFA. In practice, the browser becomes the execution layer for identity, while the IdP only proves the starting point. That is why session visibility, token replay detection, and account-context awareness matter more than static access approval alone.

Practical implication: monitor active browser sessions for token reuse, cross-account movement, and unmanaged access paths.

Extensions as an embedded software supply chain

Browser extensions are not simple add-ons. They often run with permissions that let them read pages, inspect tabs, access cookies, and observe user behavior across SaaS applications. That makes the extension ecosystem an internal supply chain problem, because a compromised or sideloaded extension can expose enterprise data without touching traditional network or endpoint controls. The risk is amplified when extension publishers use weak distribution hygiene, frequent permission changes, or no clear governance ownership. Security teams need to think of extensions as code with runtime access, not as cosmetic browser features.

Practical implication: govern extensions like third-party software, with approval, review, and continuous permission monitoring.

GenAI prompts as a new exfiltration channel

Browser-based GenAI changes the data-loss model because users no longer need to upload files to leak information. Copy/paste into prompts, personal account usage, and AI browsers that summarize or reason over content create a fileless exfiltration path that legacy DLP rarely sees. This is especially problematic when prompts contain PII, PCI, source code, or confidential business context, because the data can leave the enterprise as conversational input rather than as a document transfer. The control problem is therefore interaction-aware protection, not just file inspection.

Practical implication: extend DLP and policy enforcement to prompts, clipboard actions, drag-and-drop, and AI browser contexts.

Threat narrative

Attacker objective: The objective is to steal data or hijack active browser identities while remaining outside the enterprise visibility layer.

1. Entry occurs when a user installs a permissive browser extension, opens an AI browser, or signs into a SaaS app through a browser session that traditional controls do not inspect.
2. Credential access or abuse follows through session cookies, cached tokens, personal account crossover, or extension access to browser data, allowing identity reuse without a fresh login event.
3. Impact occurs when attackers or unmanaged tools exfiltrate prompt data, cookies, SaaS content, or internal messages through the browser path that DLP, EDR, and SSE do not fully cover.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Browser governance is now identity governance. The browser has become the operating environment where sessions, prompts, extensions, and SaaS accounts intersect, so treating it as a display layer leaves the real control surface ungoverned. Identity teams that stop at the IdP are missing the point at which access becomes behaviour. Practitioners should reframe browser oversight as part of IAM, not adjacent to it.

Identity done at the IdP is a false completion state. Authentication proves the start of access, not the safety of the session that follows. Once a browser session is active, users can switch accounts, replay tokens, and move into unmanaged AI tools without any new decision point for security controls. The implication is that identity assurance must extend into runtime use, not stop at issuance.

Browser extensions are the hidden non-human identity layer inside the endpoint. They often run with standing privileges over cookies, tabs, and page content, which makes them functionally closer to unmanaged machine access than to harmless add-ons. That means extension governance belongs in the same control conversation as secrets, service accounts, and workload identities. Practitioners should treat extension permissions as a privileged access problem.

Prompt-based exfiltration is replacing file-based exfiltration as the default leak path. The article shows that copy/paste into GenAI tools now accounts for a major share of corporate-to-personal movement, which means the most important loss event may never involve a file download. Traditional DLP assumptions were built around attachments and storage, not interactive text transfer. Security teams should expect the clipboard and prompt box to matter more than the upload dialog.

Invisible AI endpoints create a governance gap that spans human, NHI, and autonomous controls. The same browser can carry a human’s session, a managed extension’s privileges, and an AI browser’s summarisation behaviour in one flow, which blurs the boundary between user action and machine-mediated data movement. That convergence makes one control model insufficient across identity types. Practitioners should align browser governance across human identity, non-human access, and emerging agentic interfaces.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to 2024 ESG Report: Managing Non-Human Identities.
• The same research found that 46% confirmed a breach and 26% suspected one, which shows how often machine identity risk is already present before teams recognise it.
• For a broader view of identity control failure, see The State of Non-Human Identity Security for visibility, rotation, and over-privilege patterns that map closely to browser-mediated access.

What this signals

Invisible AI endpoint: browser-based AI and extensions now sit between the user and the enterprise control stack, which means governance has to follow the session rather than the device. As more work moves into prompts and tabs, the organisation’s real exposure is whatever the browser can see, reuse, or forward.

LayerX Security’s data shows that GenAI is already a major corporate-to-personal channel, which should push IAM and security leaders to treat browser interaction telemetry as an operational signal, not a niche privacy problem. The practical shift is toward policy enforcement at the point of paste, prompt, and account crossover.

The browser will increasingly define whether identity controls are enforceable or merely symbolic, especially where unmanaged devices and personal accounts are involved. Security teams that align browser oversight with the NHI Lifecycle Management Guide and related identity governance practices will be better positioned to close the gap between access approval and actual use.

For practitioners

• Treat the browser as a primary control plane Extend visibility into copy/paste, prompts, uploads, tab context, and account type so security teams can see what happens after login.
• Apply session-level identity controls Continuously validate active browser sessions, detect token replay, and flag account crossover between corporate and personal identities.
• Govern extensions as software supply chain assets Score publisher reputation, update cadence, sideload sources, and permission changes, then remove extensions with broad access to cookies or SaaS tabs.
• Enforce browser-native DLP at the interaction layer Block or warn on risky clipboard transfers, drag-and-drop actions, and prompt submissions containing PII, PCI, or confidential business data.

Key takeaways

• The browser has become the operational layer where identity, AI, and data-loss risk now meet, and legacy control stacks do not see enough of it.
• Browser-based prompts, extensions, and session reuse create measurable exfiltration paths that are already outpacing file-centric security assumptions.
• Security teams need to govern the session, the extension, and the prompt as first-class risk surfaces, not as downstream browser behaviour.

Key terms

• Browser-native security: Security controls that operate inside the browser session rather than only at the network, endpoint, or identity provider layers. It covers what users paste, open, upload, and switch between while using SaaS and AI tools.
• Session token: A credential artifact that proves an authenticated browser session is still valid after login. If stolen, replayed, or shared, it can let an attacker act as the user without needing to defeat MFA again.
• Browser extension governance: The practice of approving, monitoring, and revoking browser add-ons based on their permissions, update behavior, and data access. In mature programmes, extensions are treated like third-party software with runtime privileges, not lightweight utilities.
• Prompt-based exfiltration: Data leakage that occurs when users paste sensitive information into GenAI prompts or browser-based AI tools. The content leaves the enterprise through interaction rather than file transfer, which makes traditional file DLP insufficient on its own.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by LayerX Security: Why The Browser Has Become the Enterprise’s Most Overlooked Endpoint. Read the original.