Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity mesh in AI browsers: are your session controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: AI-powered browsers can summarize, autofill, and execute multi-step workflows through natural language, but Lasso Security says that same capability can let prompts propagate across authenticated SaaS sessions and trigger unintended actions. The governance problem is no longer browser convenience, but whether existing identity, session, and policy controls can constrain an AI agent that inherits user privileges mid-session.

NHIMG editorial — based on content published by Lasso Security: The Rise of AI Browsers, Smarter, Faster, and Far More Dangerous

Questions worth separating out

Q: How should security teams govern AI browsers that can act across authenticated sessions?

A: Treat the browser agent as an identity-bearing runtime, not just a client.

Q: Why do AI browsers complicate least privilege?

A: They complicate least privilege because the agent often inherits the user’s authenticated reach inside the browser and can reuse that authority across multiple applications.

Q: What breaks when prompt injection reaches an AI browser agent?

A: What breaks is the assumption that only trusted inputs can drive trusted actions.

Practitioner guidance

  • Separate agent and user session authority Do not allow AI browser agents to inherit every authenticated session by default.
  • Add runtime policy checks for cross-domain actions Block or challenge agent-driven form submission, API calls, and navigation when the target application differs from the source context.
  • Log prompt lineage with browser telemetry Capture the input source, intermediate transformations, and tool invocation path for every agent action.

What's in the full article

Lasso Security's full post covers the operational detail this post intentionally leaves for the source:

  • The controlled-test attack flow showing how a prompt in one SaaS platform propagated into actions in another authenticated platform.
  • The browser-side distinctions between augmented traditional browsers and AI-native browsers, including where session context broadens the attack surface.
  • The detection challenge created by natural-language inputs and browser-process execution, which makes malicious activity resemble ordinary user behaviour.
  • The specific guardrail patterns the vendor proposes, including runtime policy enforcement and guardrail injection.

👉 Read Lasso Security's analysis of AI browser identity mesh and cross-session risk →

Identity mesh in AI browsers: are your session controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Identity mesh is the governance gap AI browsers expose. The browser is no longer just a rendering layer, because the agent can carry authenticated state across multiple applications in one session. That means the practical control boundary is no longer the tab or the app, but the trust relationship between prompt input, session context, and action execution. Practitioners should treat browser session continuity as an identity problem, not only an endpoint problem.

A few things that frame the scale:

  • 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.

A question worth separating out:

Q: Who is accountable when an AI browser agent makes an unauthorized action?

A: Accountability sits with the programme that allowed the agent to inherit user authority without sufficient action constraints and auditability. If the browser can execute multi-step workflows across authenticated systems, teams need clear ownership for policy, logging, and incident response. Without that, the action is treated as user behaviour even when the decision came from the agent.

👉 Read our full editorial: AI browsers create identity mesh risk across authenticated sessions



   
ReplyQuote
Share: