* [Blog](https://www.paloaltonetworks.com.au/blog)
* [SASE](https://www.paloaltonetworks.com.au/blog/sase/)
* [Product Features](https://www.paloaltonetworks.com.au/blog/sase/category/product-features/)
* Agentic Browsers: The New...

# Agentic Browsers: The New Frontier in Web Security Risks

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsase%2Fagentic-browsers-the-new-frontier-in-web-security-risks%2F)  
[](https://twitter.com/share?text=Agentic+Browsers%3A+The+New+Frontier+in+Web+Security+Risks&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsase%2Fagentic-browsers-the-new-frontier-in-web-security-risks%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsase%2Fagentic-browsers-the-new-frontier-in-web-security-risks%2F&title=Agentic+Browsers%3A+The+New+Frontier+in+Web+Security+Risks&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/sase/agentic-browsers-the-new-frontier-in-web-security-risks/&ts=markdown)  
\[\](mailto:?subject=Agentic Browsers: The New Frontier in Web Security Risks)  
Link copied  
By [Monique Lance](https://www.paloaltonetworks.com/blog/author/monique-lance/?ts=markdown "Posts by Monique Lance"), [Alona Blend](https://www.paloaltonetworks.com/blog/author/alona-blend/?ts=markdown "Posts by Alona Blend") and [Shlomi Zrahia](https://www.paloaltonetworks.com/blog/author/shlomi-zrahia/?ts=markdown "Posts by Shlomi Zrahia")  
Nov 07, 2025  
5 minutes  
[Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)  
[AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown)  
[Prisma Browser](https://www.paloaltonetworks.com/blog/tag/prisma-browser/?ts=markdown)  
[Prisma Browser Extension](https://www.paloaltonetworks.com/blog/tag/prisma-browser-extension/?ts=markdown)

AI isn't just changing applications---it's changing the browser itself. A new wave of agentic browsers, like Perplexity Comet, ChatGPT Atlas, and Dia, are emerging with one goal: turn the browser into an intelligent assistant that can research, reason and automate multi-step workflows for users.

It's an exciting shift for productivity and creativity, but with it comes a dramatic shift in the enterprise attack surface.

As we saw with the consumer browser, it became the enterprise workspace before it was ever built to secure one. Now agentic browsers, or AI browsers, accelerate that evolution by introducing autonomous activity security teams can't see or control---leaving organizations without essential protection and more exposed to threats. What's more, core protections in Chrome and Edge, such as protection against malicious URLs, malware protection, safe browsing and password protections have been removed by many AI browsers.

[Prisma Browser Extension](https://www.paloaltonetworks.com/blog/sase/the-new-cybersecurity-duo-prisma-access-browser-and-its-extension/) working with [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser) gives organizations a way to govern AI browsing while reducing risk exposure.

## **A New Security Blind Spot Emerges**

Most organizations have no visibility into which AI browsers users are installing. However, the problem doesn't stop there. Shadow AI isn't just about SaaS apps--- it now lives inside the browser itself. Endpoint agents and extensions can't consistently monitor what runs in AI sidebar tools, AI-triggered actions on the page, leading to data leaks, prompt injection, and automation abuse. For example, researchers found that [ChatGPT Atlas bypassed standard encryption practices](https://cybersecuritynews.com/chatgpt-atlas-exposes-users/), exposing private authentication data which resulted in unauthorized access to user accounts.

On top of that, modifying the Chromium codebase and layering new capabilities can introduce vulnerabilities that other browsers don't have, unless done with rigorous security engineering. Research conducted by Palo Alto Networks shows that side panels in multiple AI browsers can be hijacked by malicious extensions. In some cases, the researchers were able to escalate privileges, including unauthorized access to a user's camera and microphone.

In summary, this means agentic browsers can do more than just remove basic protections ---they also expand your attack surface and can open the door to entirely new threats your organization hasn't been exposed to before.

## **Secure AI-Browsing with Prisma Browser Extension**

Put simply, if organizations insist on running agentic browsers, at minimum security leaders need a way to see, understand, and control how these browsers enter and operate within the environment. Prisma Browser Extension gives organizations a way to govern AI browsing while reducing risk.

Prisma Browser Extension brings back the security controls that many AI browsers remove, tracking browser activity in real time and allowing your organization to regain some control. Prisma Browser Extension provides these benefits against agentic or AI browsers:

* \*\*Discover \& Govern AI Browsers:\*\*Detects agentic browsers in use, assesses the level of risk and blocks risky workflows.
* **Restore In-Browser Visibility:** Expose AI risks before they escalate by gaining visibility into user activity such as navigation, uploads, copy/paste actions and what extensions are in use.
* **Protect Against Phishing Attacks:** Enhances your ability to mitigate phishing risks with real-time advanced URL filtering and policy-based controls. Users are automatically notified with alerts when they encounter dangerous sites, helping to prevent them from falling victim to social engineering attacks.
* **Mitigate Threats**: Powerful malware inspection powered by Precision AI blocks malicious files.
* **Manage Extensions:** View and control which extensions can be installed across all AI browsers, the permissions provided to each extension, and the transfer of sensitive data. Organizations can block malicious or risky extensions based on various criteria, such as risk level.
* **Enhance Forensic Capabilities:** Collect detailed user activity logs and security events, providing valuable insights for forensic investigations and compliance audits. These events give SOC teams in-browser visibility they don't have today, enabling organizations to analyze incidents, identify risky behavior patterns, and respond to security threats more effectively.

And when AI browsers try to access enterprise applications, Prisma Browser Extension doesn't just block --- it redirects users seamlessly to Prisma Browser, ensuring sensitive work happens in a secure, policy-enforced environment, with the advanced security controls of Prisma Browser. At the same time, it educates users with real-time in-browser prompts that warn them of risky activity before they proceed.

## **Prisma Browser: The Secure Control Point**

When an application is opened in Prisma Browser, it automatically inherits the browser's security features:

* **A secure modern workspace**to protect work on any device, including anti-tampering controls, account takeover preventions, device posture checks and policy enforcement.
* **Enterprise-grade data loss prevention (DLP)** with 10x fewer false positives than traditional tools and identity controls that help prevent data leakage and strengthen access security

Prisma Browser and its extension work together to provide a robust combination of productivity and security that requires minimal user training or adaptation. You can roll out the extension to any AI browser in minutes, requiring no end-user involvement.

This hybrid approach allows users to explore AI tools freely if necessary, while ensuring business-critical access and data remain securely isolated within a protected browser environment, safe from the inherent security risks associated with agentic browsers. With Prisma Browser and Prisma Browser Extension, you can govern AI-browsing, reduce risk, and protect data in sensitive enterprise applications.

[Register for Ignite: What's Next](https://start.paloaltonetworks.com/ignite-whats-next.html) to learn more about the latest advancements to Prisma Browser and more.

*** ** * ** ***

## Related Blogs

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Unlock Frictionless Private App Access with Prisma Browser Connector](https://www.paloaltonetworks.com.au/blog/sase/unlock-frictionless-private-app-access-with-prisma-browser-connector/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Seamless and Secure RDP and SSH Access Using Prisma Browser](https://www.paloaltonetworks.com.au/blog/sase/seamless-and-secure-rdp-and-ssh-access-using-prisma-browser/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown)

[#### Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar](https://www.paloaltonetworks.com.au/blog/2025/12/prisma-browser-secures-leadership-in-frost-radar/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Data Loss Prevention](https://www.paloaltonetworks.com/blog/category/data-loss-prevention/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)

[#### Eight Data Security Problems Finally Solved in the Browser Era](https://www.paloaltonetworks.com.au/blog/sase/eight-data-security-problems-finally-solved-in-the-browser-era/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Complete Web Protection Starts in the Browser](https://www.paloaltonetworks.com.au/blog/sase/complete-web-protection-starts-in-the-browser/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)

[#### Prisma Browser Innovations: AI-Powered Security for Enterprise Work](https://www.paloaltonetworks.com.au/blog/sase/prisma-browser-innovations-ai-powered-security-for-enterprise-work/)

### Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language