Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Browser AI Agents: The New "Weakest Link" that Can Feed Your Credentials and Data to Attackers
https://labs.sqrx.com/browser-ai-agents-the-new-weakest-link-22a38a552d7fOh GREAT. A new giant security attack surface. "Move fast and break things"
Aw 💩.
This is the least techie segment.
Exploiting Browser Agents
To understand why Browser AI Agents are the new weakest link, one must grasp two fundamental truths about these agents. First, they are trained to complete tasks, not to be security aware. The primary objective of Browser AI Agents is to interpret and perform actions based on the user’s instructions as efficiently and accurately as possible, even if certain steps may expose them to security risks. Unlike employees, they do not receive regular security training on identifying malicious behaviour and the latest threat vectors. Additionally, the employees behind these agents are likely not security aware enough to provide the necessary security guardrails in these prompts.
Second, the Browser AI Agents are performing actions on the user’s behalf, frequently with access to the user’s identity, enterprise apps and company data that the employee is granted access to. As a result, there is no way for the browser or service provider to differentiate between the actions performed by the user and the Browser AI Agents. For instance, if the agent sends an email using the user’s account to their colleagues, neither the browser, email service nor recipient will be able to identify that it was sent by a Browser AI Agent to put additional security measures in place, making persistence and lateral movement very easy upon compromise.
In other words, not only do these agents have the same level of access as employees, they have poorer security awareness than an average employee. They do not respond to common warning signs such as suspicious URLs, spelling errors and unusual layouts that many employees commonly use to identify malicious sites. This makes them especially susceptible to any attack designed to target employees, allowing attackers to recycle many of their “basic” attack campaigns that no longer work on many employees.
To illustrate this, below are two case studies of Browser AI Agents falling prey to a simple phishing and OAuth attacks, despite the many malicious indicators throughout the workflow. Both demos were done with Browser Use, the popular open source Browser AI Agent framework used by thousands of organizations today.
To understand why Browser AI Agents are the new weakest link, one must grasp two fundamental truths about these agents. First, they are trained to complete tasks, not to be security aware. The primary objective of Browser AI Agents is to interpret and perform actions based on the user’s instructions as efficiently and accurately as possible, even if certain steps may expose them to security risks. Unlike employees, they do not receive regular security training on identifying malicious behaviour and the latest threat vectors. Additionally, the employees behind these agents are likely not security aware enough to provide the necessary security guardrails in these prompts.
Second, the Browser AI Agents are performing actions on the user’s behalf, frequently with access to the user’s identity, enterprise apps and company data that the employee is granted access to. As a result, there is no way for the browser or service provider to differentiate between the actions performed by the user and the Browser AI Agents. For instance, if the agent sends an email using the user’s account to their colleagues, neither the browser, email service nor recipient will be able to identify that it was sent by a Browser AI Agent to put additional security measures in place, making persistence and lateral movement very easy upon compromise.
In other words, not only do these agents have the same level of access as employees, they have poorer security awareness than an average employee. They do not respond to common warning signs such as suspicious URLs, spelling errors and unusual layouts that many employees commonly use to identify malicious sites. This makes them especially susceptible to any attack designed to target employees, allowing attackers to recycle many of their “basic” attack campaigns that no longer work on many employees.
To illustrate this, below are two case studies of Browser AI Agents falling prey to a simple phishing and OAuth attacks, despite the many malicious indicators throughout the workflow. Both demos were done with Browser Use, the popular open source Browser AI Agent framework used by thousands of organizations today.
Receipts follow.
1 replies
= new reply since forum marked as read
= new reply since forum marked as read
