Work Moved Into the Browser. Security Didn't. AI Is Exposing the Gap

The event that didn't exist

At 2:14 p.m. on a Tuesday, an employee clicks a link.

If you reconstruct the moment from your security stack, nothing happened. A browser process opened an HTTPS connection. The certificate was valid. The destination wasn't flagged. Traffic volume was unremarkable. No detections fired.

Inside the browser session, a different story was unfolding. The page that loaded looked like a routine CAPTCHA with "verify you're human" framing, a prompt to complete a quick check to continue. The instructions told the user to press Windows+R, paste what had already been copied to their clipboard, and hit Enter. In the middle of a busy work day, they did.

What they pasted was a shell script. It executed in the user's own context, with the user's own permissions, as a deliberate action the user performed with their own hands.

Nothing about the browser session looked unusual. The page rendered normal web content. The clipboard write happened entirely inside the tab. The command ran on the endpoint as a legitimate user-initiated process. The EDR saw a shell executing under an authenticated user (indistinguishable from an admin running a troubleshooting script). And yet something meaningful had occurred: something present in every log, and absent from every interpretation.

This isn't a detection failure. Each layer did exactly what it was designed to do. The problem is that the system answered the wrong question. (This is why I started Keep Aware)

Example seen in Keep Aware's ClickFix blog post

The browser is a new kind of operating system

To see why that question disappeared, step back from security and look at how computing itself has changed.

The traditional operating system hasn't gone anywhere. Windows is still Windows. macOS is still macOS. The kernel still schedules processes, and the file system still exists. But above that layer, something else has taken shape: an operating environment running inside the browser that now hosts most of what the business actually does.

The browser has absorbed the five functions that used to define an endpoint: compute (scripts executing in tabs), storage (SaaS reached through those tabs), I/O (DOM events), identity (OAuth tokens and session cookies), and communication. Twenty years ago, all five happened on the desktop. Today, they're distributed across cloud services, with the browser acting as the runtime that ties them together. It's not that the OS changed. It's that a second operating system grew on top of the first one, and it's where work now lives.

The real environment of work, where data is accessed, decisions are made, and actions are executed, is that browser layer. Every category we built security around (network, endpoint, identity) now describes something beneath it.

Security never moved up to where the work happens. That's how the gap was created.

The opaque layer (the browser blind spot)

Every tool in a modern security stack sees something real, and something partial:

• SASE and SSE see connections and traffic: sources, destinations, volumes, policy decisions.
• Email security sees messages, senders, and URLs at delivery.
• EDR sees what Chrome.exe does externally: process behavior, file writes, outbound calls.

Each of these is accurate at its layer. None of them can see inside the continuous use of the browser itself. This is the opaque layer. The logs exist, but interpreting them requires deliberate inference, or frankly, guesswork.

That gap is where most of the browser-based incidents we see at Keep Aware begin, and it's the throughline of our State of Browser Security 2026 report.

The identity assumption that's breaking

Opacity by itself would be a manageable problem if you could still trust who was acting inside it. You can't.

Security models have leaned on a durable assumption for years: once a user is authenticated, actions taken in that session can be attributed to that user. That assumption is starting to fail, not because identity systems are weak, but because the definition of "actor" has changed. Extensions, pasted scripts, and AI agents all operate within the same session, using the same tokens and producing the same logs.

This is the sharper version of the problem: attribution no longer implies agency. And without agency, identity loses much of what made it useful as a control.

AI didn't introduce the risk. It removed the illusion.

It's tempting to cast AI as the disruptive force here. That reading misses what's actually happening. The opaque layer has existed as long as the modern browser has, and phishing kits, malicious extensions, and session hijacking all exploited it long before generative AI was in the picture. What's changed is what you could previously assume: that a human was on the other side of the session, reading the page, making choices, noticing when something felt wrong. AI agents remove that assumption, and they do it at a speed and scale that makes after-the-fact forensics increasingly beside the point.

The question is no longer whether a user made a decision. It's whether a decision was made at all and by whom.

Where meaning still exists

Trace this down through the stack, and something useful emerges. Each layer below the browser loses the ability to resolve meaning. Encrypted traffic hides content from the network. The OS sees a single process. Identity providers stop observing once the token is issued. APIs record actions without context.

The only place the full picture still exists is the interface itself, the moment where something interacts with the system in a way that can be observed as behavior, not just as output. It's where you can see how a page is presented, how a user or agent responds to it, and how decisions unfold in sequence. It's the last place where intent, context, and action still coexist.

This makes it, whether the industry has fully acknowledged it or not, the new control plane for security.

Representation of Keep Aware's threat viewer that displays each user and browser action before a malicious ClickFix attack was prevented.

The shift that follows

Every major change in computing has forced security to realign around the new dominant layer:

• Workloads moved to servers. We built network security.
• Endpoints became central to execution. We built EDR.
• Identity became the perimeter. We built zero trust.
• Work moved into the browser. We're still catching up.

Existing controls don't disappear in this shift; they become incomplete on their own. They can still tell you what happened at their layer, but can't tell you what it meant.

Closing that gap means treating the browser not as an application to be managed, but as the execution environment where meaning is produced and where governance now has to live. That reframes the questions security programs are asking: not whether a user took an action, but whether they understood what they were acting on. Not whether data was accessed, but how and why. Not whether an identity was valid, but whether the actor behind it was what you expected.

It's the work that the next generation of security programs is going to be measured on.

At Keep Aware, this is the problem we're building around—bringing detection, governance, and response into the browser itself, where the work (and the risk) actually lives.

See what we're seeing across the industry. Our State of Browser Security 2026 report breaks down the top challenges security teams are facing inside the browser, with data from real enterprise environments.

Curious how this works in practice? Request a demo to see how Keep Aware gives your team visibility and control at the interface layer.

About the Author: Boerner, a computer engineer turned cybersecurity practitioner, began as a SOC analyst tackling network threats across Texas agencies. Specializing in network and email security, he later honed his expertise at IBM and Darktrace, working with organizations of all sizes. Seeing a critical gap between security teams and employees—where strong defenses still let threats through—he founded Keep Aware to make the browser a cornerstone of enterprise security.