Browser Security
Menlo Security Adds Platform to Secure AI Agents
Menlo Security today launched a platform to secure artificial intelligence (AI) agents running in a browser that accesses a cloud-based environment where they can securely access applications. The company already provides a ...
AI Adoption Is Forcing Security Teams to Rethink Browser Defense
As organizations rush to adopt generative AI tools, the humble web browser has quietly become one of the most critical, and vulnerable, points in the enterprise security stack. Dhawal Sharma, executive vice ...
2025 Year of Browser Bugs Recap: A Year of Unmasking Critical Browser Vulnerabilities
At the beginning of this year, we launched the Year of Browser Bugs (YOBB) project, a commitment to research and share critical architectural vulnerabilities in the browser. Inspired by the iconic Months ...
Convenience or Catastrophe? The Dangers of AI Browsers No One is Talking AboutÂ
AI browsers introduce reasoning-based risks. Learn how cross-origin AI agents dismantle web security and what defenses are needed ...
Comet’s MCP API Allows AI Browsers to Execute Local Commands
SquareX has discovered a critical security vulnerability in Comet, Perplexity’s AI browser, that fundamentally compromises user trust and device security. Our research reveals that Comet has implemented an MCP API that allows ...
SquareX at Security Field Day 14
Showcasing how SquareX Closes the SWG and EDR Visibility GapThe recent Security Field Day 14 provided SquareX with a valuable platform to demonstrate how Browser Detection and Response (BDR) addresses critical gaps ...
SquareX Secures ChatGPT Atlas Browser, Comet and More
Last week, OpenAI released their own AI Browser, ChatGPT Atlas. The past quarter has seen major players like OpenAI, Perplexity and Atlassian releasing or acquiring their own AI Browsers. Even consumer browsers ...
Hidden in Plain Sight: How we followed one malicious extension to uncover a multi-extension…
Hidden in Plain Sight: How we followed one malicious extension to uncover a multi-extension campaignShort read for everyone: we found a malicious Chrome extension that stole login data from a crypto trading ...
AI Sidebar Spoofing: Malicious Extensions Impersonates AI Browser Interface
A few weeks ago, we released a series of attacks that tricked Comet into exfiltrating data, downloading malicious files and providing unauthorized access to enterprise apps, all without the victim’s knowledge. The ...
Why SASE Vendors Are Finally Admitting the Need for Browser Security Solutions
In early September, Palo Alto Networks publicly acknowledged that Secure Web Gateways (SWGs) are architecturally unable to defend against Last Mile Reassembly attacks. SquareX first discovered and disclosed Last Mile Reassembly attacks ...
