Why AI Is Driving a Rethink of Enterprise Security Boundaries in the Browser
Published
Key Takeaways
- Island frames the browser as a natural control point for identity-aware enterprise policy.
- Browser extensions introduce emerging risks through excessive permissions and in-session data exposure.
- Rogers warns AI accelerates data movement, weakening traditional device-based controls.
- Semi-managed and BYOD endpoints often fall outside classic device controls.
- Encrypted traffic limits network inspection, pushing enforcement closer to users, sessions, and data.
Bradon Rogers, Chief Customer Officer at Island, says that enterprise security controls are shifting away from networks and devices toward the browser session and identity context.
The browser and application session are the new security perimeter as work moves into SaaS, semi-managed devices, and through AI-driven workflows.
Rogers has over two decades of experience in senior customer-facing and product leadership roles across the security industry, spanning multiple enterprise security platforms.
He discusses real shifts CISOs are dealing with, including the rise of BYOD, encrypted traffic reducing network visibility, and browser-centric SaaS.
Rogers stresses identity-first policy, in-session controls, browser-based enforcement, and governance of extensions and AI agents. The interview explains why network and device-centric controls are failing in practice, and how AI tools bypass access controls.
Vishwa: Enterprise security seems to be moving from “trust the network” to governing activity at the last mile. What is driving that shift, and how should CISOs adjust their control models in 2026?
Bradon: Three forces are driving this shift:
- most work now happens inside identity-aware web sessions
- semi-managed/BYOD endpoints sit outside classic device control and
- AI accelerates data movement across many apps
In 2026, treat the application session as the unit of trust, not the subnet. Govern where work actually happens, across user, session, and data, using policy that evaluates posture in real time, including user, device, network, and data sensitivity.
Apply controls to: mask, watermark data, restrict actions, or step-up authority as needed.
Make identity and groups first-class inputs to policy (department, geography, people-manager vs. individual contributor (IC), contractor vs. employee) so engagement with the application differs based on role and broader context.
Vishwa: Agentic AI raises major auditability concerns. What does “auditable AI” actually look like in an enterprise setting, and which controls matter most at scale?
Bradon: In agentic workflows, auditable AI means you can:
- reconstruct who asked what
- what context was retrieved
- which model/ agent and tool chain ran, and
- what outputs/ actions were produced
Concretely, log prompts, retrieved context, model or agent version, tools invoked, and outputs; enforce pre-and post-processing for redaction and secrecy levels; and enable full replay for review.
At scale, prioritize role- and group-based access to models/tools, allow-listed connectors, DLP on inputs/outputs, and standardized telemetry into SIEM/ GRC so findings map to policies, owners, and identity groups (e.g., finance-US managers vs. engineering-EU ICs).
Vishwa: The browser layer is back in focus. What changed in 2025 to re-elevate the browser as a primary security boundary?
Bradon: Encrypted-by-default transports (QUIC/HTTP/3) reduced the value of network inspection, device diversity exploded, and SaaS moved most work into the web UI. AI accelerates this even further, given its natural habitat is the browser.
As a result, the application or browser layer is a very natural primary boundary for policy and telemetry. Adversaries have accelerated this shift by exploiting the extension ecosystem in new ways (e.g., ownership transfers, auto-update hijacks, and high-permission “assistants” that exfiltrate DOM/clipboard data), making in-session controls and extension governance essential.
Vishwa: Many organizations still treat consumer browsers as if they were enterprise platforms. What failure modes did that create in 2025, and what does a realistic alternative look like?
Treating consumer browsers as enterprise platforms produced profile sprawl, weak assurance of who is actually behind a session, uneven patching on personal devices, and blind spots around copy/paste, downloads, helper apps, and extensions.
A realistic alternative leverages the browser’s mechanics as the trust anchor with consistent identity and posture checks, enforceable data-handling (masking, blocks, watermarks), verifiable extension policies, and activity logs tied to enterprise identity, roles, device awareness, geolocation, tenancy, network, etc., not just device IDs or simple group memberships.
Vishwa: The extension ecosystem remains a “wild west.” What new or under-appreciated risks do you expect to surface in Q1?
Bradon: Expect weaponized ownership transfers of trusted add-ons, DOM-scraping plugins that export sensitive context to external services, and utilities with overly broad permissions used in regulated workflows.
Mitigate with tight dynamic risk scoring, allow-lists, permission-aware approvals, continuous monitoring of hashes/owners, disabling eval-style behaviors in sensitive apps, and enforcing app-scoped boundaries (e.g., permitted in personal webmail tabs but blocked in work email tabs), all keyed to enterprise context such as idenitfy, device, geolocation, network, app, tenant, etc. .
Vishwa: How should enterprises rethink partner and contractor access now that semi-managed endpoints are becoming the weakest link in distributed environments?
Bradon: Assume you can’t harden the OS, because you don’t manage it. Gate strong identity and device posture, then enforce in-session DLP (mask/block/watermark), constrain file actions to approved cloud or encrypted local storage, and restrict lateral movement.
Codify obligations and audits in contracts, and route access through group-aware policies (partner vs. contractor, geography, data domain) while giving a low-friction “safe path” so people don’t resort to workarounds.
Vishwa: Modernization budgets remain tight. Which legacy components can realistically be displaced in 2026 to free up funding for stronger, more durable security controls?
Bradon: You can often retire broad VPN for a wide set of applications, generic VDI for knowledge workers, overlapping web gateways, and redundant DLP points that miss modern app flows.
Keep specialized remote access for actual client-server use cases, shift routine SaaS to identity- and session-centric controls, and consolidate inspection where it still adds demonstrable value, measured by group-level risk reduction and support load.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular