Become a TechRadar Insider
Security teams built their entire model around human users, people who pause before clicking, who notice when something looks off, who can be trained to spot suspicious downloads. That model worked because humans, however imperfect, bring judgment to every interaction.
CEO of Menlo Security.
That assumption is breaking. The newest enterprise user doesn't have judgment at all. Gartner estimates that in 2026 that 40% of enterprise applications will include integrated, task-specific AI agents, up from less than 5% last year.
Now, the next billion users will be agents — accessing applications, navigating cloud services, and interacting with data through browser sessions at a faster speed than ever.
The security infrastructure governing non-human users hasn’t kept pace, and the controls built for human restraint and predictable behavior are failing to hold up as autonomous agents execute tasks in milliseconds.
The visibility gap you didn’t plan for
Agents are operating at a scale that no human can match, creating a huge visibility gap. Traditional security assumes that human users act intentionally and follow recognizable patterns.
Authentication systems prove users are who they claim to be. Behavioral analytics flag unusual patterns. Data loss prevention systems assume someone will notice when sensitive information appears in the wrong place.
AI agents break every one of those assumptions. They don’t hesitate before opening a file or notice when a prompt looks suspicious. They execute blindly, trusting the contents of digital inputs as instructions and lacking the intuition to know otherwise.
Many of these agents operate through headless browsers or interact directly with web protocols, working outside the visible sessions that traditional security tools are designed to monitor.
Most organizations still treat agents as extensions of human users. Only 22% of security teams manage them as independent identities with distinct risk profiles.
If you’re applying the same permissions and policies to agents that you use for human users, you’re creating exposure at a scale that compounds with every new agent deployment. Your security team won't see the breach until it's system wide.
When risk moves faster than your controls
There's a stark difference between an agent that suggests and one that acts. When agents move from assistance to execution, the nature of enterprise risk changes fundamentally. Actions that once required human review and took place in minutes can now happen autonomously in seconds.
A compromised agent can move laterally across systems at machine speed — exfiltrating data, escalating privileges, or iinitiating unauthorized wire transfers with no human oversight.
The triggers don't even have to be dramatic.
A manipulated prompt could lead an agent to initiate unauthorized payments or extract sensitive data.
Over-privileged API access gives a compromised agent the keys to systems it was never meant to touch.
Malformed input could trigger unintended workflows across connected systems.
If security controls aren’t embedded at the point where actions occur, oversight becomes purely reactive. In an environment defined by machine-speed execution, reactive isn’t sufficient because containment is starting after the damage is done.
Why the browser is now the control point
Here’s the shift that changes everything for security leaders: Over 85% of enterprise workflows now occur in the browser, according to IDC research.
That makes the browser both the primary attack surface and the most important enforcement point for security policy. As agents operate through web applications and process digital content, the browser becomes where their decisions happen.
Risk shifts from traditional endpoints into live web sessions where access, data handling, and execution converge. Attackers are taking advantage of this shift, embedding malicious instructions in documents and website content to target the exact layer where agents process inputs.
Subtle manipulations hidden in files or webpages can redirect agent behavior without raising flags for human reviewers.
Traditional controls assume static inspection points — periodic checks, endpoint scans, network-layer filters. Agentic workflows don't pause for inspection. They execute continuously, inside live sessions, at a speed that static controls weren't built to match. Attackers already understand this.
Malicious instructions embedded in documents or web content can redirect agent behavior without triggering a single alert for human reviewers.
That's why the browser has to become the control plane — not a checkpoint before the session, but the enforcement layer inside it.
When both human users and agents operate through browser-based workflows, the only way to maintain consistent visibility and policy enforcement is to govern all activity at the session level, in real time, regardless of whether the actor is human or autonomous.
The era of managing human and agent sessions as separate systems with separate controls is over.
What security leaders should reassess now
The path forward starts with an honest assessment of where your current model breaks down.
Most security teams have granted agents the same access, permissions, and monitoring treatment as human users — because that was the fastest path to deployment. That shortcut is now a liability.
Agents need distinct identity management: separate authentication, authorization, and behavioral monitoring built around how agents actually operate, not how humans do.
Right now, most teams are trying to govern agent activity by stitching together tools that were built to protect humans, and none of them can see inside a browser session where agents are actually executing. The result is a visibility gap that compounds with every new agent deployment.
Closing it requires session-level visibility across encrypted traffic, user interactions, and file activity that network and endpoint tools were never designed to capture.
Security and productivity don’t have a trade off against each other, and with agents they can’t afford to. When security is embedded directly into the browser session, web content is isolated and inspected before it reaches users or agents. Protection stays invisible to your workforce.
Agents operate within governed boundaries without performance drag. The security model stops being the thing that slows the enterprise down and starts being what makes it safe to move faster.
Building trust with autonomous users
Agents are becoming central to how work gets done, operating with speed and autonomy that legacy security models weren't built to manage. The enterprises that succeed will move security controls directly into the execution layer — the browser — to gain visibility into live activity and contain risk before it spreads.
The security model that protected your organization last year was built for humans. The agents now operating inside your systems didn't exist when you built it. The window to close that gap is narrowing.
The question facing every security leader is no longer whether agents will reshape your enterprise, because they already have. The question now is whether your security model has reshaped with them.
We've featured the best endpoint protection software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit