Notifications
Clear all
Topic starter
15/05/2026 8:26 pm
TL;DR: WebMCP lets websites hand structured tools to browser agents inside live sessions, which shifts trust from static SaaS permissions toward runtime agent activity, according to Valence Security. That makes identity, browser visibility, and delegated access governance central to AI agent security rather than optional controls.
NHIMG editorial — based on content published by Valence Security: WebMCP Security and browser session power for AI agents
Questions worth separating out
Q: How should security teams govern browser-based AI agents in SaaS environments?
A: Security teams should govern browser-based AI agents as runtime actors, not as ordinary users or static integrations.
Q: Why do AI agents complicate zero trust architecture in SaaS?
A: AI agents complicate Zero Trust Architecture because they can inherit trust from a live session and then act at machine speed across multiple SaaS resources.
Q: What is the difference between user session security and NHI governance for AI agents?
A: User session security focuses on protecting the authenticated browser or application session.
Practitioner guidance
- Map browser-mediated agent workflows Inventory where AI agents act inside live SaaS sessions, then document which identities, tokens, and integrations they inherit.
- Separate human and agent identities Create distinct identities for autonomous agents, with unique lifecycle ownership, access reviews, and revocation paths.
- Correlate browser, identity, and SaaS telemetry Feed browser events, SaaS audit logs, and identity-provider signals into the same detection pipeline so agent-driven actions can be distinguished from normal user behavior.
With 91.6% of secrets still valid five days after notification, per Ultimate Guide to NHIs, delayed remediation compounds the risk of agent misuse?
👉 Read Valence Security's analysis of WebMCP and browser-based AI agent risk →
Explore further
15/05/2026 8:27 pm
WebMCP turns the browser into a runtime trust boundary, not just a display layer. Once structured tools are available inside a live session, the security question shifts from authentication to delegated execution. That change matters because conventional IAM controls were built to govern identities, not live agent behaviour inside an authenticated browser context. Practitioners should treat browser-mediated tool use as a separate policy domain.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which leaves most machine identities outside reliable governance, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: When should teams use just-in-time access for AI agents?
A: Teams should use just-in-time access when an AI agent needs elevated permissions for a narrow task such as administration, export, or remediation. JIT reduces the time a powerful credential exists and lowers blast radius, but it only works if the request, approval, and revocation steps are automated and auditable.
👉 Read our full editorial: WebMCP and AI agents are expanding the SaaS trust boundary
