Browser-based threats are evolving. While it’s still important for security teams to protect their organizations against issues like data leakage, risky browser extensions, and identity threats, they also need to tackle a new challenge: browser-based AI. To explore this issue, we caught up with Or Eshed, CEO and Co-Founder at LayerX Security, on the Expert Insights Podcast. Over the last two years, the kingpins of AI have decided that the browser is the place to consume AI, says Eshed, with 90% of AI apps currently being consumed primarily or secondarily in the browser. That’s because browsers are agnostic, and they enable users to deploy and interact with AI applications at speed. However, while many browser-based AI tools enable productivity, they also introduce a host of new security risks, including prompt injection, questions around authorization, bias, and data leakage. “Employees can upload sensitive data to an AI tool that isn’t secure, and that AI model may train on your data and ‘burp’ that somewhere else,” says Eshed. What’s The Solution? Banning browser-based GenAI tools isn’t the answer, says Eshed. “A colleague in the CISO community told me that, just after ChatGPT emerged on the market, they did a survey asking who was planning on block ChatGPT, and half of the attendants raised their hands. They did another survey with the same question a couple of months ago, and under 10% raised their hands, because it’s impossible.” Instead, CISOs today need to work out how to enable the secure use of browser-based AI tools, without limiting user productivity. The Bottom Line: “In many cases, the most secure thing is to just avoid the risk. If you go to the beach, you may get sunburned; the safest thing to do is stay home. But you do want to go on vacation and have a good time! You just need to find the balance.” Final Advice: Eshed’s advice for security teams looking to tackle browser-based threats is to first identify how much business is being carried out in the browser, because you can’t protect what you aren’t aware of. “Most security teams don’t have any idea what shadow SaaS is being used in the browser or what their employees are doing. And with those unknown unknowns, you don’t really know how much impact [a browser-based threat] might have.” The Expert Insights Podcast brings you insights and knowledge from cybersecurity and technology experts. Each episode, we conduct in-depth interviews with top cybersecurity leaders from leading vendors, practitioners and security teams. Guests include CEOs, Directors, CISOs, and more from innovative tech companies. We dive deep into the cybersecurity issues and trends that matter to your business. For more interviews with industry experts, visit our podcast page here. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit podcasts.expertinsights.com
