The Browser: The New Frontier of Enterprise Security in 2025

In 2025, the browser will have officially claimed its place as the core workspace for modern enterprises. As remote work, Saas adoption, and AI-powered tools proliferate, organisations now face an overlooked yet urgent security challenge: securing the browser.

In my research on this topic, I discovered a compelling report by Keep Aware, titled 'The State of Browser Security 2025.' This report clearly demonstrates that traditional security models, which have historically focused on the network perimeter, endpoints, and email, are failing to keep up with the demands of the current threat landscape.

Here’s a comprehensive breakdown of the report’s key findings, along with an analysis of their implications for your organisation. Understanding these insights is crucial for making informed decisions that will drive your success and growth in the coming months.

1. The Browser Is the New Attack Surface

Forget email—browser-based malware now accounts for 70% of all attacks, compared to just 15% via email. Attackers are exploiting the trust we place in SaaS tools and cloud platforms to launch stealthy, browser-native attacks that evade traditional defences.

In the current digital environment, malware is increasingly sophisticated and often does not come as a traditional downloadable file. Instead, it is meticulously reconstructed within the web browser itself through various methods, including the use of JavaScript loaders, HTML injections, and dynamic manipulation of the Document Object Model (DOM).

JavaScript loaders enable attackers to dynamically load malicious code, while HTML injections can embed harmful scripts directly into web pages that users visit. The manipulation of the DOM allows these scripts to alter the content and functionality of the web page in real time, further evading detection.

Traditional security tools, such as Secure Web Gateways and Endpoint Detection and Response (EDR) systems, face significant challenges in identifying these types of threats. This is primarily because the malicious activities take place within the browser’s sandbox environment, preventing them from being recognised as threats by conventional security measures that rely on file downloads or external interactions. As a result, these advanced malware techniques can operate undetected, posing serious risks to both users and organisations.

2. Generative AI: Productivity Meets Risk

With 75% of global knowledge workers using generative AI tools, many organisations are now unintentionally exposing sensitive data to third-party AI models. Employees paste confidential information into tools like ChatGPT or install browser extensions that request excessive permissions, all without security oversight.

The report highlights a concerning trend: 10% of AI prompts currently involve sensitive data, and 5% include file uploads. Alarmingly, the majority of companies lack clear visibility into the types of information being exchanged or stored, leaving them vulnerable to potential risks associated with data privacy and security.

3. Data Loss Prevention Needs a Browser Makeover

Conventional Data Loss Prevention (DLP) tools often fail to monitor the complex ways data moves within web browsers. In today’s digital landscape, employees often find themselves transferring information by copying and pasting it into various Software as a Service (SaaS) applications, uploading files to their personal accounts, or employing AI-driven tools, often without the necessary corporate oversight or guidance.

A particularly striking statistic highlights this concerning trend: a staggering 34% of upload events occurring on managed devices are directed towards personal accounts. This troubling figure suggests that even employees with the best intentions may inadvertently compromise sensitive information while trying to carry out their everyday work tasks. The lack of visibility into these actions poses significant risks to organisational data security.

4. Extensions: The Silent Threat

The majority of employees utilise more than four browser extensions in their daily work, yet many companies lack a comprehensive understanding of the specific functions and potential risks associated with these tools. Research indicates that approximately 10% of browser extensions are categorised as high-risk. These extensions request extensive permissions that can grant them access to all websites visited, the ability to store and retrieve cookies, and even the power to capture and monitor desktop activity.

Additionally, there is an escalating concern regarding the security of these extensions due to the threat of supply chain attacks. Even a previously trusted extension can become malicious after an update or a change in ownership, often without any prior notification to the organisation's security teams. This lack of awareness can expose companies to significant security vulnerabilities, making it essential for organisations to regularly review and monitor the extensions used by their employees to ensure they align with security protocols and best practices.

5. Shadow IT (Shadow AI) Is the Rule, Not the Exception

Employees now adopt tools faster than IT can review them. From personal file-sharing apps to unauthorised AI assistants, the report describes a world where users have 2–3 identities (work, personal, freelance) and usage spans dozens of Saas tools, many of which are unsanctioned.

Without browser-level context, security teams can’t distinguish between safe and risky use of trusted apps like Google Drive or Microsoft Teams.

What Needs to Change

Keep Aware proposes a comprehensive new security model that is built into web browsers. This innovative approach is designed to enhance protection while users conduct their work online. Here’s a detailed breakdown of the key components of this model:

• Real-Time Browser Telemetry: This feature enables the continuous monitoring of activities within the browser, allowing for the identification and assessment of potential threats at the Document Object Model (DOM) level. By observing interactions with web pages and applications in real-time, this telemetry can quickly detect unusual or harmful activities, ensuring prompt responses to emerging threats.

• Context-Aware Data Loss Prevention (DLP): This advanced protection mechanism differentiates between legitimate business operations and actions that pose a risk to data security. By understanding the context in which data is being accessed or shared, organisations can implement tailored policies that prevent accidental data breaches while still allowing seamless workflow for authorised users.

• Extension Management Focused on Permissions: Rather than merely tracking the presence of browser extensions, this model emphasises managing their permissions effectively. By scrutinising what permissions are granted to each extension, organisations can mitigate the risk of malicious extensions accessing sensitive information or performing unauthorised actions.

• AI Governance for Usage Visibility and Policy Enforcement: This component leverages artificial intelligence to provide insight into how users interact with online tools and data. By ensuring visibility into usage patterns and enforcing security policies, organisations can better safeguard their data while maintaining compliance with regulatory requirements.

In summary, this new model of security advocates for a shift from traditional perimeter defences to a more nuanced approach that protects the actual environments where work occurs, within the browser itself. This evolution is essential for addressing the unique challenges of today’s digital landscape, where the browser often serves as the primary interface for business activities.