Agentic browsers and identity risk: are your controls keeping up?

TL;DR: Agentic browsers shift the browser from passive display to autonomous execution, which lets AI agents use active cookies, autofill data, and session context to complete tasks while also widening phishing, prompt injection, and compliance exposure, according to JumpCloud. The central problem is that existing IAM and browser-security controls assume a human remains the decision-maker, but the agent now becomes the actor.

NHIMG editorial — based on content published by JumpCloud: agentic browsers and the changing browser attack surface

By the numbers:

• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
• Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.

Questions worth separating out

Q: What breaks when agentic browsers can act inside a human session?

A: The browser stops being a passive interface and becomes a delegated actor with the user’s live privilege.

Q: Why do agentic browsers complicate zero trust architecture?

A: Zero Trust assumes each action can be verified continuously, but agentic browsers reuse legitimate sessions while making independent decisions inside them.

Q: How can security teams measure whether browser-agent risk is controlled?

A: Look for evidence that high-risk tasks cannot be completed without a human checkpoint, that browser actions are fully logged, and that sensitive portals are excluded from agentic completion.

Practitioner guidance

• Define browser action boundaries Classify which browser actions may be completed by software and which require a human confirm step before submission, payment, or permission changes.
• Separate session use from sensitive task execution Prevent agentic browsers from carrying live cookies into HR, finance, admin, and internal control-plane portals unless the action is explicitly approved and logged.
• Require auditable prompts and action logs Demand logs that capture prompts, page targets, intermediate actions, and any context retained across sessions.

What's in the full article

JumpCloud's full analysis covers the operational detail this post intentionally leaves for the source:

• Step-by-step examples of how agentic browsers interpret DOM content and execute multi-step tasks
• Specific threat patterns such as indirect prompt injection, Cometjacking, and confused deputy behaviour
• Questions security leaders can use to assess browser memory handling, audit logging, and action attribution
• Practical guidance on where Zero Trust checks should sit when a browser acts on behalf of a user

👉 Read JumpCloud's analysis of agentic browsers and enterprise identity risk →

Agentic browsers and identity risk: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →