Agentic browsers: what do IAM and security teams do now?

TL;DR: Agentic browsers can read web content, navigate SaaS tools, and act on behalf of users, which creates a new enterprise attack surface that traditional security tooling cannot easily quantify, according to Zenity. The governing problem is not malware but ungoverned autonomy across managed and unmanaged devices, where browser agents can reach sensitive data, tokens, and identity systems before teams notice.

NHIMG editorial — based on content published by Zenity: Your Browser is Becoming an Agent. Zenity Keeps It From Becoming a Threat

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.

Questions worth separating out

Q: How should security teams govern agentic browsers in enterprise environments?

A: Start by treating agentic browsers as a governed access path, not as ordinary endpoint software.

Q: Why do agentic browsers create more risk than ordinary browser extensions?

A: They are not just reading pages; they are interpreting instructions and taking actions through authenticated sessions.

Q: What breaks when indirect prompt injection reaches a browser agent?

A: The trust boundary breaks first.

Practitioner guidance

• Inventory browser-based agents across the estate Identify agentic browsers on managed and unmanaged devices, then classify which ones can read local files, reach SaaS tools, or operate under user sessions.
• Restrict the actions agentic browsers can propagate Block or step up approval for high-risk actions such as permission changes, code edits, token exposure, and identity admin tasks when a browser agent is the actor.
• Separate local read access from execution privilege Do not assume that a browser agent needs broad local visibility to complete a task.

What's in the full article

Zenity's full article covers the operational detail this post intentionally leaves for the source:

• Detection logic for identifying agentic browsers across managed and unmanaged devices.
• Policy examples for blocking risky browser actions before they reach enterprise systems.
• Behavioural indicators that show when a browser agent is reading, inferring, or acting on sensitive content.
• Deployment notes for running browser protection in detect mode before moving to prevention.

👉 Read Zenity's analysis of agentic browser threat exposure →

Agentic browsers: what do IAM and security teams do now?

Explore further

View Full Forum →  |  NHI Foundation Course →