[{"data":1,"prerenderedAt":4022},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":36,"navbar-about-highlight":100,"navbar-resource-highlight":174,"blog/why-your-training-budget-belongs-in-real-time-browser-security":218},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"query":14,"data":15,"variations":20,"lastUpdated":21,"firstPublished":22,"testRatio":23,"createdBy":24,"lastUpdatedBy":25,"folders":26,"meta":27,"rev":35},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner","1c6207a5f24948ab82d4a0b17f251193","published",[],{"type":16,"url":17,"text":18,"link":19},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,1,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2","jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":28,"lastPreviewUrl":29,"breakpoints":30,"hasAutosaves":34},"data","",{"xsmall":31,"small":32,"medium":33},320,640,768,true,"mbcwn6jezf",{"createdDate":37,"id":38,"name":39,"modelId":40,"published":13,"stageModifiedSincePublish":6,"query":41,"data":42,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":23,"createdBy":92,"lastUpdatedBy":93,"folders":94,"meta":95,"rev":99},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"url":29,"ctaText":43,"text":44,"blocks":45,"state":85},"ewrererw","testrfesssssssssss",[46,73],{"@type":47,"@version":48,"id":49,"component":50,"responsiveStyles":63},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":51,"tag":51,"options":52,"isRSC":62},"TopBannerContent",{"text":53,"ctaText":54,"url":55,"mainText":56,"cta":59},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks","Save Your Spot","https://pushsecurity.com/webinar/state-of-browser-security",{"content":57,"fontSize":58},"\u003Cp>Is your stack covered? 51 browser & identity attacks, mapped.\u003C/p>","text-base",{"content":60,"fontSize":58,"url":61},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">See the matrix →\u003C/strong>\u003C/p>\n","https://pushsecurity.com/resources/browser-identity-attacks-matrix/",null,{"large":64},{"display":65,"flexDirection":66,"position":67,"flexShrink":68,"boxSizing":69,"marginTop":70,"marginBottom":70,"fontSize":71,"fontWeight":72},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":74,"@type":47,"tagName":75,"properties":76,"responsiveStyles":80},"builder-pixel-i9jg1vs58sg","img",{"src":77,"aria-hidden":78,"alt":29,"role":79,"width":68,"height":68},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":81},{"height":68,"width":68,"display":82,"opacity":68,"overflow":83,"pointerEvents":84},"block","hidden","none",{"deviceSize":86,"location":87},"large",{"path":29,"query":88},{},{},1778612252607,1774968080803,"ST0tXQM8slWpFrmioqKHmENB2qe2","ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"kind":96,"hasLinks":6,"breakpoints":97,"lastPreviewUrl":98,"hasAutosaves":34,"hasErrors":6},"component",{"xsmall":31,"small":32,"medium":33},"https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","t8s3yynxi59",[101,137],{"createdDate":102,"id":103,"name":104,"modelId":105,"published":13,"stageModifiedSincePublish":6,"query":106,"data":107,"variations":130,"lastUpdated":131,"firstPublished":132,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":133,"meta":134,"rev":136},1776247359804,"9136a8f18b3b4a6ba29b8653a99372b1","testimonial-inductive-automation","20d9eaa352304613b3d1a794b400703d",[],{"link":108,"type":109,"testimonialLink":110,"testimonial":111},{},"testimonial","/customer-stories/inductive-automation",{"@type":112,"id":113,"model":109,"value":114},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79",{"query":115,"folders":116,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":120,"variations":124,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":127,"rev":129},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":121,"jobTitle":122,"quote":118,"image":123},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,{"kind":28,"lastPreviewUrl":29,"breakpoints":128,"hasAutosaves":34},{"small":32,"medium":33},"c1e88tgtd36",{},1776247404986,1776247404973,[],{"breakpoints":135,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},"gdgs71dc6w8",{"createdDate":138,"id":139,"name":140,"modelId":105,"published":13,"meta":141,"stageModifiedSincePublish":6,"query":143,"data":144,"variations":170,"lastUpdated":171,"firstPublished":172,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":173,"rev":136},1776255761419,"05a9322735fc427db12e2740e4302300","Report: 2026 Browser Attack Techniques",{"breakpoints":142,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":145,"link":164,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":147},"192acbb1f9ca4cac918c0ec435a8bae3",{"query":148,"folders":149,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":152,"variations":158,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":161,"rev":163},[],[],1728981467463,"Push does for identity what CrowdStrike did for the endpoint",{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},"https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8b30e8ca50064058bbaef0f3c6164575%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=8b30e8ca50064058bbaef0f3c6164575&alt=media&optimized=true","\u003Cp>Deputy CISO at Microsoft\u003C/p>\u003Cp>Former LinkedIn, Slack, Palantir\u003C/p>","Geoff Belknap","Push does for identity what CrowdStrike did for the endpoint.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F748f0ad0a5064a00a13f4721fcc8dea1",{},1742902158597,1728981782923,{"kind":28,"lastPreviewUrl":29,"breakpoints":162,"hasAutosaves":34},{"small":32,"medium":33},"ml3d7rk52cj",{"text":165,"url":166},"Download now","/resources/browser-attacks-report","resource","Learn about the latest techniques being used in the wild.","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9",{},1776255810913,1776255810900,[],[175,197],{"createdDate":176,"id":177,"name":140,"modelId":178,"published":13,"meta":179,"stageModifiedSincePublish":6,"query":181,"data":182,"variations":192,"lastUpdated":193,"firstPublished":194,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":195,"rev":196},1776256900280,"1f429607996e4e5fae8fe3f9b9610e55","4829faa81e7c4ee8bd2d000e160e8d3c",{"breakpoints":180,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},[],{"testimonial":183,"link":191,"type":167,"title":140,"description":168,"image":169},{"@type":112,"id":146,"model":109,"value":184},{"query":185,"folders":186,"createdDate":150,"id":146,"name":151,"modelId":119,"published":13,"data":187,"variations":188,"lastUpdated":159,"firstPublished":160,"testRatio":23,"createdBy":92,"lastUpdatedBy":24,"meta":189,"rev":163},[],[],{"video":153,"jobTitle":154,"author":155,"qoute":29,"quote":156,"image":157},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":190,"hasAutosaves":34},{"small":32,"medium":33},{"text":165,"url":166},{},1776256937553,1776256937540,[],"hr73f1tfdne",{"createdDate":198,"id":199,"name":200,"modelId":178,"published":13,"stageModifiedSincePublish":6,"query":201,"data":202,"variations":212,"lastUpdated":213,"firstPublished":214,"testRatio":23,"createdBy":24,"lastUpdatedBy":24,"folders":215,"meta":216,"rev":196},1776256949234,"ce043785b71b4ece98eac811ecf4ba10","inductive-automation",[],{"link":203,"type":109,"testimonial":204,"testimonialLink":110},{},{"@type":112,"id":113,"model":109,"value":205},{"query":206,"folders":207,"createdDate":117,"id":113,"name":118,"modelId":119,"published":13,"data":208,"variations":209,"lastUpdated":125,"firstPublished":126,"testRatio":23,"createdBy":92,"lastUpdatedBy":92,"meta":210,"rev":129},[],[],{"author":121,"jobTitle":122,"quote":118,"image":123},{},{"kind":28,"lastPreviewUrl":29,"breakpoints":211,"hasAutosaves":34},{"small":32,"medium":33},{},1776256974140,1776256974130,[],{"breakpoints":217,"kind":28,"lastPreviewUrl":29,"hasAutosaves":6},{"xsmall":31,"small":32,"medium":33},{"id":219,"title":220,"authorsCollection":221,"content":229,"extension":795,"faqItemsCollection":796,"faqTitle":62,"featured":6,"hashTags":62,"meta":798,"metaTitle":799,"ogImage":62,"publishedDate":800,"relatedBlogPostsCollection":801,"slug":3996,"stem":3997,"subtitle":62,"summary":3998,"synopsis":4009,"sys":4010,"tagsCollection":4013,"__hash__":4021},"blog/blog/why-your-training-budget-belongs-in-real-time-browser-security.json","Why your training budget belongs in real-time browser security",{"items":222},[223],{"fullName":224,"firstName":225,"jobTitle":226,"profilePicture":227},"Mark Orlando","Mark","Field CTO",{"url":228},"https://images.ctfassets.net/y1cdw1ablpvd/592PMwIQQFaa24k5SKBEKF/a33090d0ad95d1e3081f5d16a46ba826/image__68_.png",{"json":230,"links":758},{"nodeType":231,"data":232,"content":233},"document",{},[234,243,250,280,289,295,304,338,345,349,358,365,406,449,468,504,520,523,531,538,555,562,568,575,581,584,592,616,623,642,649,656,685,694,701,708,715,723,726,733,740],{"nodeType":235,"data":236,"content":237},"paragraph",{},[238],{"nodeType":239,"value":240,"marks":241,"data":242},"text","The compliance email arrives on schedule: \"All employees must complete annual security awareness training by Friday.\" Across the organization, hundreds of employees skim through presentations about phishing emails, answer predictable quiz questions, and return to work feeling modestly more informed about cybersecurity.",[],{},{"nodeType":235,"data":244,"content":245},{},[246],{"nodeType":239,"value":247,"marks":248,"data":249},"Two weeks later, an employee in the marketing department — encouraged by the company's AI adoption initiative — searches Google for \"ChatGPT\" to access the tool they'd been told to start using. They click the top result, a sponsored ad pointing to a chatgpt.com URL. The page displays a professional-looking ChatGPT service disruption notice: \"We're experiencing high traffic right now. Download our desktop app to continue.\" They click the download button, which redirects to a pixel-perfect clone of ChatGPT's official download page. The file they install is an infostealer.",[],{},{"nodeType":235,"data":251,"content":252},{},[253,257,266,270,276],{"nodeType":239,"value":254,"marks":255,"data":256},"This scenario is fictional, but the campaign behind it isn't. Push researchers ",[],{},{"nodeType":258,"data":259,"content":261},"hyperlink",{"uri":260},"https://pushsecurity.com/blog/llmshare-malvertising-campaign/",[262],{"nodeType":239,"value":263,"marks":264,"data":265},"detected and blocked exactly this attack",[],{},{"nodeType":239,"value":267,"marks":268,"data":269}," across multiple customer environments. The attackers had used ChatGPT's own code-rendering feature to build a fully designed fake service page hosted on chatgpt.com itself, then drove traffic to it through search ads targeting queries like \"chatgpt,\" \"chatgpt free,\" and common typos. The destination URL was genuine, and the page looked like a real system notice. Every URL reputation check in the world considers chatgpt.com safe, because it ",[],{},{"nodeType":239,"value":271,"marks":272,"data":275},"is",[273],{"type":274},"italic",{},{"nodeType":239,"value":277,"marks":278,"data":279}," safe — except when an attacker builds a weapon inside it.",[],{},{"nodeType":281,"data":282,"content":288},"embedded-entry-block",{"target":283},{"sys":284},{"id":285,"type":286,"linkType":287},"1GYWOyHpZT1rdTm6IGOKu8","Link","Entry",[],{"nodeType":281,"data":290,"content":294},{"target":291},{"sys":292},{"id":293,"type":286,"linkType":287},"33VcchmCetvLzSGcbazex3",[],{"nodeType":235,"data":296,"content":297},{},[298],{"nodeType":239,"value":299,"marks":300,"data":303},"No amount of training prepares someone to suspect a legitimate-looking page on a legitimate domain for a tool they've been explicitly told to use.",[301],{"type":302},"bold",{},{"nodeType":235,"data":305,"content":306},{},[307,311,321,325,334],{"nodeType":239,"value":308,"marks":309,"data":310},"These scenarios aren’t unusual. We’ve covered ",[],{},{"nodeType":258,"data":312,"content":314},{"uri":313},"https://pushsecurity.com/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack/",[315],{"nodeType":239,"value":316,"marks":317,"data":320},"multiple campaigns",[318],{"type":319},"underline",{},{"nodeType":239,"value":322,"marks":323,"data":324}," involving ",[],{},{"nodeType":258,"data":326,"content":328},{"uri":327},"https://pushsecurity.com/blog/new-phishing-campaign-identified-targeting-linkedin-users/",[329],{"nodeType":239,"value":330,"marks":331,"data":333},"LinkedIn-delivered",[332],{"type":319},{},{"nodeType":239,"value":335,"marks":336,"data":337}," phishing attacks, where attackers compromised LinkedIn accounts and sent phishing links via direct message to first-degree connections — routing victims through trusted sites to a session-harvesting AITM page. The targets had every reason to trust the message: it came from someone they knew, on a platform they used daily for work.",[],{},{"nodeType":235,"data":339,"content":340},{},[341],{"nodeType":239,"value":342,"marks":343,"data":344},"These are the kinds of attacks that organizations are dealing with every single day. And that recent awareness training checkbox makes absolutely zero difference to the outcome. ",[],{},{"nodeType":346,"data":347,"content":348},"hr",{},[],{"nodeType":350,"data":351,"content":352},"heading-1",{},[353],{"nodeType":239,"value":354,"marks":355,"data":357},"What the research actually shows",[356],{"type":302},{},{"nodeType":235,"data":359,"content":360},{},[361],{"nodeType":239,"value":362,"marks":363,"data":364},"The evidence on training effectiveness is more nuanced than either side of the debate usually admits — but the conclusion for security leaders is the same regardless of where you land.",[],{},{"nodeType":235,"data":366,"content":367},{},[368,372,380,384,390,394,402],{"nodeType":239,"value":369,"marks":370,"data":371},"A ",[],{},{"nodeType":258,"data":373,"content":375},{"uri":374},"https://arxiv.org/abs/2506.19899",[376],{"nodeType":239,"value":377,"marks":378,"data":379},"2025 study from Purdue University",[],{},{"nodeType":239,"value":381,"marks":382,"data":383}," involving 12,511 employees at a US fintech firm found that anti-phishing training produced no significant effect on click rates (p=0.450) or reporting rates (p=0.417), with effect sizes below 0.01 across every training modality tested. Trained employees actually clicked phishing links at a marginally ",[],{},{"nodeType":239,"value":385,"marks":386,"data":389},"higher",[387,388],{"type":274},{"type":302},{},{"nodeType":239,"value":391,"marks":392,"data":393}," rate (10.5%) than the untrained control group (9.8%). A ",[],{},{"nodeType":258,"data":395,"content":397},{"uri":396},"https://www.cybersecuritydive.com/news/cybersecurity-awareness-training-research-flaws/803201/",[398],{"nodeType":239,"value":399,"marks":400,"data":401},"separate study of 19,789 personnel at UCSD Health",[],{},{"nodeType":239,"value":403,"marks":404,"data":405},", published at IEEE S&P 2025, found that annual training combined with post-click exercises reduced click likelihood by just 2% — and that employees who completed static training actually had worse phishing failure rates. ",[],{},{"nodeType":235,"data":407,"content":408},{},[409,413,421,425,433,437,445],{"nodeType":239,"value":410,"marks":411,"data":412},"Training vendors ",[],{},{"nodeType":258,"data":414,"content":416},{"uri":415},"https://hoxhunt.com/blog/the-wall-street-journal-got-it-wrong-phishing-simulations-work-when-done-right",[417],{"nodeType":239,"value":418,"marks":419,"data":420},"have argued",[],{},{"nodeType":239,"value":422,"marks":423,"data":424}," that continuous, adaptive, gamified programs produce materially better results, and  a ",[],{},{"nodeType":258,"data":426,"content":428},{"uri":427},"https://www.sciencedirect.com/science/article/abs/pii/S0167404823002742",[429],{"nodeType":239,"value":430,"marks":431,"data":432},"2024 meta-analysis",[],{},{"nodeType":239,"value":434,"marks":435,"data":436}," supports the claim that active engagement and repeated practice improve outcomes where annual programs don't. The ",[],{},{"nodeType":258,"data":438,"content":440},{"uri":439},"https://www.verizon.com/business/resources/reports/dbir/",[441],{"nodeType":239,"value":442,"marks":443,"data":444},"Verizon DBIR 2025",[],{},{"nodeType":239,"value":446,"marks":447,"data":448}," found that employees trained within the last 30 days were 4x more likely to report phishing than those trained earlier.",[],{},{"nodeType":235,"data":450,"content":451},{},[452,456,464],{"nodeType":239,"value":453,"marks":454,"data":455},"But here's the problem that even the best training program can't solve: Every one of these studies — and virtually every phishing simulation platform on the market — tests email-based phishing. The attacks driving the biggest breaches in 2026 don't arrive by email. They arrive through ",[],{},{"nodeType":258,"data":457,"content":459},{"uri":458},"https://pushsecurity.com/blog/analysing-a-sophisticated-google-malvertising-attack/",[460],{"nodeType":239,"value":461,"marks":462,"data":463},"search engine ads",[],{},{"nodeType":239,"value":465,"marks":466,"data":467},", social media DMs, shared AI chatbot pages on trusted domains, and legitimate OAuth consent flows. Continuous adaptive training may reduce email phishing click rates from 7% to 1.5%, but it has nothing to say about an employee who googles \"ChatGPT\" and lands on a malware delivery page hosted on chatgpt.com.",[],{},{"nodeType":235,"data":469,"content":470},{},[471,475,483,487,495,499],{"nodeType":239,"value":472,"marks":473,"data":474},"The deeper issue is structural. Behavioral science calls it the ",[],{},{"nodeType":258,"data":476,"content":478},{"uri":477},"https://en.wikipedia.org/wiki/Information_deficit_model",[479],{"nodeType":239,"value":480,"marks":481,"data":482},"information deficit model",[],{},{"nodeType":239,"value":484,"marks":485,"data":486},": the assumption that people make risky decisions because they lack information, and that providing more information will fix the problem. This model has been ",[],{},{"nodeType":258,"data":488,"content":490},{"uri":489},"https://pmc.ncbi.nlm.nih.gov/articles/PMC8201414/",[491],{"nodeType":239,"value":492,"marks":493,"data":494},"debunked across multiple domains",[],{},{"nodeType":239,"value":496,"marks":497,"data":498},", from public health to environmental protection. ",[],{},{"nodeType":239,"value":500,"marks":501,"data":503},"People routinely engage in behaviors they know are risky — not because they lack knowledge, but because immediate pressures outweigh abstract training from months ago.",[502],{"type":302},{},{"nodeType":235,"data":505,"content":506},{},[507,511,516],{"nodeType":239,"value":508,"marks":509,"data":510},"Training can build security culture, help employees understand why controls exist, and create champions who influence peers - and these are important outcomes. What training ",[],{},{"nodeType":239,"value":512,"marks":513,"data":515},"cannot",[514],{"type":274},{},{"nodeType":239,"value":517,"marks":518,"data":519}," reliably do is serve as a preventive control for split-second decisions made under cognitive load, time pressure, and competing priorities. To make matters worse, most organizations don't even attempt to measure whether it does. ",[],{},{"nodeType":346,"data":521,"content":522},{},[],{"nodeType":350,"data":524,"content":525},{},[526],{"nodeType":239,"value":527,"marks":528,"data":530},"The attacks training can't address",[529],{"type":302},{},{"nodeType":235,"data":532,"content":533},{},[534],{"nodeType":239,"value":535,"marks":536,"data":537},"Even if the training debate were settled — even if continuous adaptive programs reliably reduced email phishing click rates to near zero — the attacks driving the biggest breaches in 2026 don't look like anything a simulation platform tests for.",[],{},{"nodeType":235,"data":539,"content":540},{},[541,545,551],{"nodeType":239,"value":542,"marks":543,"data":544},"The LLMShare campaign described above used a genuine chatgpt.com domain to serve a fake page that looked like a routine system notice — no suspicious URL, no grammatical errors, and no visual tells. ClickFix attacks present as routine CAPTCHAs. ConsentFix operates entirely on legitimate Microsoft infrastructure. Device code phishing asks users to enter a code on a real app page. None of these attacks trigger the signals users were trained to look for, and ",[],{},{"nodeType":239,"value":546,"marks":547,"data":550},"4 in 5 ClickFix payloads arrive via search engines",[548,549],{"type":319},{"type":302},{},{"nodeType":239,"value":552,"marks":553,"data":554},", not email.",[],{},{"nodeType":235,"data":556,"content":557},{},[558],{"nodeType":239,"value":559,"marks":560,"data":561},"There are countless scenarios where users performing seemingly benign actions on plausible (or even legitimate) sites can result in a compromise. ",[],{},{"nodeType":281,"data":563,"content":567},{"target":564},{"sys":565},{"id":566,"type":286,"linkType":287},"29vUtbEUam8fhbwnQdINRJ",[],{"nodeType":235,"data":569,"content":570},{},[571],{"nodeType":239,"value":572,"marks":573,"data":574},"The lesson isn't that employees are incompetent. It's that the attack surface is too broad, the delivery channels are too varied, and the social engineering too convincing for training to function as a primary control — regardless of how it's designed. ",[],{},{"nodeType":281,"data":576,"content":580},{"target":577},{"sys":578},{"id":579,"type":286,"linkType":287},"7zH48txL9ToiUlgLBHrkng",[],{"nodeType":346,"data":582,"content":583},{},[],{"nodeType":350,"data":585,"content":586},{},[587],{"nodeType":239,"value":588,"marks":589,"data":591},"Real-time intervention where attacks execute",[590],{"type":302},{},{"nodeType":235,"data":593,"content":594},{},[595,599,604,612],{"nodeType":239,"value":596,"marks":597,"data":598},"The browser is where every phishing attack, credential-harvesting attempt, and social engineering campaign ultimately executes — and where ",[],{},{"nodeType":239,"value":600,"marks":601,"data":603},"89% of phishing domains are active for fewer than two days, ",[602],{"type":302},{},{"nodeType":258,"data":605,"content":607},{"uri":606},"https://pushsecurity.com/blog/the-case-for-best-of-breed-browser-security/",[608],{"nodeType":239,"value":609,"marks":610,"data":611},"95% of attacks use bot protection to defeat automated scanners",[],{},{"nodeType":239,"value":613,"marks":614,"data":615},", and traditional security architectures have a structural blind spot. ",[],{},{"nodeType":235,"data":617,"content":618},{},[619],{"nodeType":239,"value":620,"marks":621,"data":622},"Network tools see encrypted traffic. Endpoint agents see processes and files. Email security sees messages in transit. None of them can intervene when a user is about to enter credentials into a fake login page.",[],{},{"nodeType":235,"data":624,"content":625},{},[626,630,638],{"nodeType":239,"value":627,"marks":628,"data":629},"Browser-based detection and response addresses both the prevention gap and the training gap simultaneously. As a technical control, Push ",[],{},{"nodeType":258,"data":631,"content":633},{"uri":632},"https://pushsecurity.com/blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks/",[634],{"nodeType":239,"value":635,"marks":636,"data":637},"detects and blocks phishing pages behaviorally",[],{},{"nodeType":239,"value":639,"marks":640,"data":641}," — including AiTM kits, cloned login forms, device code phishing pages, and ClickFix malicious-copy-and-paste events — in real time, regardless of whether the domain is brand-new or the phishing page was delivered via email, social media, or a search ad. ",[],{},{"nodeType":235,"data":643,"content":644},{},[645],{"nodeType":239,"value":646,"marks":647,"data":648},"Push stops the attack as it happens, in real time, before a compromise occurs.",[],{},{"nodeType":235,"data":650,"content":651},{},[652],{"nodeType":239,"value":653,"marks":654,"data":655},"As a contextual education mechanism, Push provides immediate, in-browser feedback when a user encounters a threat — explaining why access was blocked and creating teachable moments at the point of need rather than months before. Every blocked threat becomes a micro-learning opportunity, reinforcing pattern recognition through repetition in the context of the user's actual work. ",[],{},{"nodeType":235,"data":657,"content":658},{},[659,663,670,674,681],{"nodeType":239,"value":660,"marks":661,"data":662},"Push's ",[],{},{"nodeType":258,"data":664,"content":665},{"uri":632},[666],{"nodeType":239,"value":667,"marks":668,"data":669},"in-browser controls",[],{},{"nodeType":239,"value":671,"marks":672,"data":673}," are designed to work this way — not by removing users from the security equation, but by making them informed participants. Warn screens with \"proceed anyway\" options, SSO login guidance, and MFA enforcement prompts respect user agency while providing real-time risk context. Our ",[],{},{"nodeType":258,"data":675,"content":676},{"uri":632},[677],{"nodeType":239,"value":678,"marks":679,"data":680},"controls guide",[],{},{"nodeType":239,"value":682,"marks":683,"data":684}," covers how security teams can configure these guardrails to match their organizational culture and risk tolerance.",[],{},{"nodeType":686,"data":687,"content":688},"heading-2",{},[689],{"nodeType":239,"value":690,"marks":691,"data":693},"Right-sizing security training",[692],{"type":302},{},{"nodeType":235,"data":695,"content":696},{},[697],{"nodeType":239,"value":698,"marks":699,"data":700},"Training's role must be right-sized. It builds culture, shared vocabulary, and explains why controls exist — but it cannot reliably serve as the primary preventive control against sophisticated attacks encountered months later under pressure. ",[],{},{"nodeType":235,"data":702,"content":703},{},[704],{"nodeType":239,"value":705,"marks":706,"data":707},"The Purdue study's authors recommend that \"organizations should set realistic expectations about training outcomes and highlight the importance of technical controls rather than human-centered defenses.\" We agree.",[],{},{"nodeType":235,"data":709,"content":710},{},[711],{"nodeType":239,"value":712,"marks":713,"data":714},"Invest in technical controls where attacks execute — in the browser — to provide real-time prevention, detection, and education. Measure what matters: reduction in successful compromise, detection and response time, and employee reporting rates — not training completion. And stop expecting employees to reliably detect pixel-perfect attacks across every channel and workflow. ",[],{},{"nodeType":235,"data":716,"content":717},{},[718],{"nodeType":239,"value":719,"marks":720,"data":722},"Overrelying on user vigilance isn't a legitimate security strategy: it's blame allocation.",[721],{"type":302},{},{"nodeType":346,"data":724,"content":725},{},[],{"nodeType":235,"data":727,"content":728},{},[729],{"nodeType":239,"value":730,"marks":731,"data":732},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required.",[],{},{"nodeType":235,"data":734,"content":735},{},[736],{"nodeType":239,"value":737,"marks":738,"data":739},"Security teams use Push to detect and stop advanced browser-based attacks like AiTM phishing, ClickFix, and session hijacking; gain visibility and control over AI tool usage across their workforce; harden identities by surfacing credential reuse, SSO gaps, and shadow IT; and support data loss and insider investigations with browser-layer telemetry that other tools can't see.",[],{},{"nodeType":235,"data":741,"content":742},{},[743,746,755],{"nodeType":239,"value":29,"marks":744,"data":745},[],{},{"nodeType":258,"data":747,"content":749},{"uri":748},"https://pushsecurity.com/demo",[750],{"nodeType":239,"value":751,"marks":752,"data":754},"Book a live demo to learn more.",[753],{"type":319},{},{"nodeType":239,"value":29,"marks":756,"data":757},[],{},{"entries":759},{"hyperlink":760,"inline":761,"block":762},[],[],[763,772,779,787],{"sys":764,"__typename":765,"title":766,"caption":767,"layoutMode":62,"file":768},{"id":285},"Image","LLMShare malvertising","The LLMShare ad uses the legitimate ChatGPT domain and is the top result.",{"url":769,"width":770,"height":771},"https://images.ctfassets.net/y1cdw1ablpvd/1aLEhiVJcLPIR4rXdzoCTv/d87eb30284e61ab813ccf9e662a1fbae/image.png",1910,1005,{"sys":773,"__typename":765,"title":774,"caption":774,"layoutMode":62,"file":775},{"id":293},"The clever use of sharing functionality and pixel-perfect download page clone would fool most users (and most technical controls too) — but not Push. ",{"url":776,"width":777,"height":778},"https://images.ctfassets.net/y1cdw1ablpvd/7u7yyvyg3P9jepZi7iIwxf/d2c42d257d2e7ac4dfe28c37aa69a4b3/image4.png",1999,875,{"sys":780,"__typename":765,"title":781,"caption":782,"layoutMode":62,"file":783},{"id":566},"Don't make employees the weak link image - blog - custom branding","It's harder than ever for users to identify malicious content on the web, with attackers abusing an ever-increasing list of actions that feel pretty normal to users, with a wide range of malicious payloads.",{"url":784,"width":785,"height":786},"https://images.ctfassets.net/y1cdw1ablpvd/2aSm6QBWDOU6JBtOLfyp6R/d63cacab198ef9b325cbcfdbe0373b5a/Browser_Attacks_Targeting_Users__1_.png",4046,2160,{"sys":788,"__typename":789,"type":790,"ctaText":791,"buttonLabel":792,"buttonColour":793,"buttonUrl":794},{"id":579},"CtaWidget","Custom","For a detailed breakdown of the techniques driving the biggest breaches of the past year, see our 2026 Browser Attack Techniques report.","Download now (no gates!)","sunny orange","https://pushsecurity.com/thank-you/browser-attacks-report","json",{"items":797},[],{},"Why your training budget belongs in browser security","2026-06-24T00:00:00.000Z",{"items":802},[803,1695,2739],{"__typename":804,"sys":805,"content":807,"title":1678,"synopsis":1679,"hashTags":62,"publishedDate":800,"slug":1680,"tagsCollection":1681,"authorsCollection":1691},"BlogPosts",{"id":806},"6Xn377JQfbDz49Np74cbGl",{"json":808},{"nodeType":231,"data":809,"content":810},{},[811,818,849,867,873,880,896,899,907,926,992,999,1005,1012,1095,1102,1109,1125,1128,1136,1143,1150,1158,1165,1177,1183,1190,1197,1204,1207,1215,1231,1247,1254,1261,1268,1289,1375,1382,1389,1392,1400,1416,1423,1430,1438,1441,1449,1467,1474,1481,1514,1521,1528,1531,1539,1546,1558,1564,1576,1588,1594,1606,1628,1635,1638,1646,1653,1659],{"nodeType":235,"data":812,"content":813},{},[814],{"nodeType":239,"value":815,"marks":816,"data":817},"Most security leaders I talk to know they have an AI problem. They've seen the board questions, read the reports, maybe even drafted a policy. But when they start measuring where they stand — not plans or roadmaps, but actual current state — the gap between awareness and operational capability comes into focus.",[],{},{"nodeType":235,"data":819,"content":820},{},[821,825,833,837,845],{"nodeType":239,"value":822,"marks":823,"data":824},"The ",[],{},{"nodeType":258,"data":826,"content":828},{"uri":827},"https://pushsecurity.com/blog/verizon-dbir-2026-review",[829],{"nodeType":239,"value":830,"marks":831,"data":832},"2026 Verizon DBIR",[],{},{"nodeType":239,"value":834,"marks":835,"data":836}," quantifies the scale: 45% of employees are now regular AI users on corporate devices (up from 15% the prior year), with 67% using personal accounts. ",[],{},{"nodeType":258,"data":838,"content":840},{"uri":839},"https://pushsecurity.com/blog/what-push-data-reveals-about-the-state-of-shadow-ai",[841],{"nodeType":239,"value":842,"marks":843,"data":844},"Push data",[],{},{"nodeType":239,"value":846,"marks":847,"data":848}," further shows that 38% of file uploads to AI tools come from those shadow accounts rather than approved organizational ones — and the DBIR shows what's going into them: of 858,000+ DLP events targeting GenAI applications, the most common data types were source code (28%), structured data (14%), and documents and PDFs (23% combined).",[],{},{"nodeType":235,"data":850,"content":851},{},[852,856,863],{"nodeType":239,"value":853,"marks":854,"data":855},"The average organization now has ",[],{},{"nodeType":258,"data":857,"content":858},{"uri":839},[859],{"nodeType":239,"value":860,"marks":861,"data":862},"16 unique AI apps, 17 AI browser extensions, and 17 AI OAuth integrations",[],{},{"nodeType":239,"value":864,"marks":865,"data":866}," in active use, most unapproved. Shadow AI was the third most common non-malicious insider action in the DBIR, up 4x year over year.",[],{},{"nodeType":281,"data":868,"content":872},{"target":869},{"sys":870},{"id":871,"type":286,"linkType":287},"2hsKQ9DEspflhmtR0bE7QY",[],{"nodeType":235,"data":874,"content":875},{},[876],{"nodeType":239,"value":877,"marks":878,"data":879},"These statistics expose an attack surface and unmanaged risks at a high level. But the real problem is that most organizations can't produce a basic inventory of which AI tools are in use, let alone demonstrate controls around any of them. ",[],{},{"nodeType":235,"data":881,"content":882},{},[883,887,892],{"nodeType":239,"value":884,"marks":885,"data":886},"That gap between awareness and capability is where most organizations are stuck. And understanding ",[],{},{"nodeType":239,"value":888,"marks":889,"data":891},"why",[890],{"type":274},{},{"nodeType":239,"value":893,"marks":894,"data":895}," they're stuck requires a framework for what progress actually looks like.",[],{},{"nodeType":346,"data":897,"content":898},{},[],{"nodeType":350,"data":900,"content":901},{},[902],{"nodeType":239,"value":903,"marks":904,"data":906},"A model for measuring what most organizations already feel",[905],{"type":302},{},{"nodeType":235,"data":908,"content":909},{},[910,914,922],{"nodeType":239,"value":911,"marks":912,"data":913},"Chris Cochran's ",[],{},{"nodeType":258,"data":915,"content":917},{"uri":916},"https://sansorg.egnyte.com/dl/XtgqfjkjBjp8",[918],{"nodeType":239,"value":919,"marks":920,"data":921},"SANS AI Security Maturity Model",[],{},{"nodeType":239,"value":923,"marks":924,"data":925},", published earlier this year, provides a framework for addressing this gap. It defines five stages of AI security maturity across three pillars:",[],{},{"nodeType":927,"data":928,"content":929},"unordered-list",{},[930,947,963],{"nodeType":931,"data":932,"content":933},"list-item",{},[934],{"nodeType":235,"data":935,"content":936},{},[937,943],{"nodeType":239,"value":938,"marks":939,"data":942},"Protect AI:",[940,941],{"type":302},{"type":319},{},{"nodeType":239,"value":944,"marks":945,"data":946}," Defending against AI-enabled threats like adversarial attacks, prompt injection, compromised browser extensions, and AI agents operating with unchecked permissions.",[],{},{"nodeType":931,"data":948,"content":949},{},[950],{"nodeType":235,"data":951,"content":952},{},[953,959],{"nodeType":239,"value":954,"marks":955,"data":958},"Utilize AI:",[956,957],{"type":302},{"type":319},{},{"nodeType":239,"value":960,"marks":961,"data":962}," Using AI to strengthen security operations by using AI-powered detection and triage, behavioral analytics, and automated response playbooks.",[],{},{"nodeType":931,"data":964,"content":965},{},[966],{"nodeType":235,"data":967,"content":968},{},[969,975,979,988],{"nodeType":239,"value":970,"marks":971,"data":974},"Govern AI:",[972,973],{"type":302},{"type":319},{},{"nodeType":239,"value":976,"marks":977,"data":978}," Managing how the organization adopts and uses AI tools. Things like acceptable use policies, shadow AI discovery, data classification, access controls, and risk assessment. This is the pillar that gets the most attention in boardroom conversations today, driven in part by ",[],{},{"nodeType":258,"data":980,"content":982},{"uri":981},"https://pushsecurity.com/blog/browser-visibility-and-control-can-achieve-ai-compliance",[983],{"nodeType":239,"value":984,"marks":985,"data":987},"regulatory pressure",[986],{"type":319},{},{"nodeType":239,"value":989,"marks":990,"data":991},".",[],{},{"nodeType":235,"data":993,"content":994},{},[995],{"nodeType":239,"value":996,"marks":997,"data":998},"How an organization invests across these three pillars, and whether it invests across all of them, determines whether it advances toward maturity in this area or stalls out at the early steps.",[],{},{"nodeType":281,"data":1000,"content":1004},{"target":1001},{"sys":1002},{"id":1003,"type":286,"linkType":287},"1JV3KG97JQNFKwODnMCMq2",[],{"nodeType":235,"data":1006,"content":1007},{},[1008],{"nodeType":239,"value":1009,"marks":1010,"data":1011},"The SANS AI maturity model outlines 5 stages that organizations must progress through in order to reach an optimal security posture:",[],{},{"nodeType":927,"data":1013,"content":1014},{},[1015,1031,1047,1063,1079],{"nodeType":931,"data":1016,"content":1017},{},[1018],{"nodeType":235,"data":1019,"content":1020},{},[1021,1027],{"nodeType":239,"value":1022,"marks":1023,"data":1026},"Stage 1 (Unaware / Ad Hoc)",[1024,1025],{"type":302},{"type":319},{},{"nodeType":239,"value":1028,"marks":1029,"data":1030}," is where employees are freely using AI tools with no oversight, no inventory exists, and leadership may not even know how much AI is in use. There's no policy to violate, so technically it's not even shadow AI yet; it's just unmanaged adoption.",[],{},{"nodeType":931,"data":1032,"content":1033},{},[1034],{"nodeType":235,"data":1035,"content":1036},{},[1037,1043],{"nodeType":239,"value":1038,"marks":1039,"data":1042},"Stage 2 (Reactive / Policy-Emerging)",[1040,1041],{"type":302},{"type":319},{},{"nodeType":239,"value":1044,"marks":1045,"data":1046}," means a policy exists, but it's course-grained: \"Don't use AI\" or \"use with caution.\" Known AI tools may be blocked at the network level. Security teams are learning about AI-specific threats but don't have dedicated expertise or tooling.",[],{},{"nodeType":931,"data":1048,"content":1049},{},[1050],{"nodeType":235,"data":1051,"content":1052},{},[1053,1059],{"nodeType":239,"value":1054,"marks":1055,"data":1058},"Stage 3 (Defined / Risk-Informed)",[1056,1057],{"type":302},{"type":319},{},{"nodeType":239,"value":1060,"marks":1061,"data":1062}," is where things get intentional. AI usage is governed through enterprise tools rather than outright bans. AI systems are included in security assessments. The organization can demonstrate mature governance to regulators and partners. For many organizations, this is a strong and defensible operating position.",[],{},{"nodeType":931,"data":1064,"content":1065},{},[1066],{"nodeType":235,"data":1067,"content":1068},{},[1069,1075],{"nodeType":239,"value":1070,"marks":1071,"data":1074},"Stage 4 (Managed / Integrated)",[1072,1073],{"type":302},{"type":319},{},{"nodeType":239,"value":1076,"marks":1077,"data":1078}," means AI is deeply embedded in security operations with measurable outcomes. AI systems are secured by design. Risk is quantified, not estimated. Decisions are data-driven. This is where organizations can handle AI-specific threats and operate at the tempo that AI-augmented adversaries demand.",[],{},{"nodeType":931,"data":1080,"content":1081},{},[1082],{"nodeType":235,"data":1083,"content":1084},{},[1085,1091],{"nodeType":239,"value":1086,"marks":1087,"data":1090},"Stage 5 (Optimizing / Adaptive)",[1088,1089],{"type":302},{"type":319},{},{"nodeType":239,"value":1092,"marks":1093,"data":1094}," is the frontier of AI-native security with self-improving defenses. Elements of this stage exist primarily in large technology companies, defense contractors, and AI-native firms. For most organizations, this is a multi-year journey.",[],{},{"nodeType":235,"data":1096,"content":1097},{},[1098],{"nodeType":239,"value":1099,"marks":1100,"data":1101},"Most of the security leaders I talk to land between Stage 1 and Stage 2. They have awareness, maybe a policy, but not the tooling or telemetry to demonstrate much beyond that. ",[],{},{"nodeType":235,"data":1103,"content":1104},{},[1105],{"nodeType":239,"value":1106,"marks":1107,"data":1108},"The model is pragmatic about these challenges. It doesn't expect every organization to reach Stage 5, and it adjusts maturity targets by sector. ",[],{},{"nodeType":235,"data":1110,"content":1111},{},[1112,1116,1121],{"nodeType":239,"value":1113,"marks":1114,"data":1115},"But it ",[],{},{"nodeType":239,"value":1117,"marks":1118,"data":1120},"does",[1119],{"type":274},{},{"nodeType":239,"value":1122,"marks":1123,"data":1124}," require evidence of progress, not just intent. And for the majority sitting at Stage 2, the hard part is identifying the right steps to move from being merely reactive to a posture of operational readiness. That’s the chasm to cross.",[],{},{"nodeType":346,"data":1126,"content":1127},{},[],{"nodeType":350,"data":1129,"content":1130},{},[1131],{"nodeType":239,"value":1132,"marks":1133,"data":1135},"The chasm",[1134],{"type":302},{},{"nodeType":235,"data":1137,"content":1138},{},[1139],{"nodeType":239,"value":1140,"marks":1141,"data":1142},"For the organizations sitting at Stage 2, current state often looks like this: They've written an AI acceptable use policy, and maybe they've blocked known AI apps at the network level. They've trained employees on what's allowed and what isn't. ",[],{},{"nodeType":235,"data":1144,"content":1145},{},[1146],{"nodeType":239,"value":1147,"marks":1148,"data":1149},"To be sure, blocking is the fastest lever a security team can pull, and it represents visible progress to the business. The problem is that it rarely stays effective. ",[],{},{"nodeType":235,"data":1151,"content":1152},{},[1153],{"nodeType":239,"value":1154,"marks":1155,"data":1157},"SANS calls the pattern that traps most organizations at Stage 2 the \"Framework of No.\" ",[1156],{"type":302},{},{"nodeType":235,"data":1159,"content":1160},{},[1161],{"nodeType":239,"value":1162,"marks":1163,"data":1164},"\"A block-based AI policy may feel like risk management, but practitioner experience shows it typically drives AI usage underground rather than preventing it,” the report notes. “This is the pattern SANS has documented as the 'Framework of No,' and it is why the Stage 2 to Stage 3 transition is so critical.\"",[],{},{"nodeType":235,"data":1166,"content":1167},{},[1168,1173],{"nodeType":239,"value":1169,"marks":1170,"data":1172},"This",[1171],{"type":274},{},{"nodeType":239,"value":1174,"marks":1175,"data":1176}," is the chasm. On one side: awareness and policy. On the other: operational capability - the tooling, telemetry, and controls that let a security team see what's happening and respond to it. Most organizations are standing on the awareness side, looking across, not sure how to get over.",[],{},{"nodeType":281,"data":1178,"content":1182},{"target":1179},{"sys":1180},{"id":1181,"type":286,"linkType":287},"187mKPZV8tVbsw17L2cWIU",[],{"nodeType":235,"data":1184,"content":1185},{},[1186],{"nodeType":239,"value":1187,"marks":1188,"data":1189},"The model is specific about what crossing requires. The steps from Stage 2 to Stage 3 include technical BYOAI discovery (not a survey, but automated discovery), AI-specific data classification, AI-aware controls, and a cross-functional governance body. Data classification is a critical prerequisite: \"You cannot write an effective AI policy without knowing where sensitive data lives,\" the report emphasizes.",[],{},{"nodeType":235,"data":1191,"content":1192},{},[1193],{"nodeType":239,"value":1194,"marks":1195,"data":1196},"These are visibility and measurement problems before they're policy problems. You can't govern what you can't see. You can't classify risk you can't measure. And a blocklist that pushes usage underground doesn't give you either: it just makes the gap between your policy and your reality harder to detect.",[],{},{"nodeType":235,"data":1198,"content":1199},{},[1200],{"nodeType":239,"value":1201,"marks":1202,"data":1203},"Getting this visibility right is necessary for crossing the chasm. But it’s not the only step organizations must undertake if they want to address their AI risk.",[],{},{"nodeType":346,"data":1205,"content":1206},{},[],{"nodeType":350,"data":1208,"content":1209},{},[1210],{"nodeType":239,"value":1211,"marks":1212,"data":1214},"Governance is key, but don't forget about protection",[1213],{"type":302},{},{"nodeType":235,"data":1216,"content":1217},{},[1218,1222,1227],{"nodeType":239,"value":1219,"marks":1220,"data":1221},"Most AI security conversations today - the vendor pitches, board decks, and compliance checklists - are about the ",[],{},{"nodeType":239,"value":1223,"marks":1224,"data":1226},"Govern",[1225],{"type":302},{},{"nodeType":239,"value":1228,"marks":1229,"data":1230}," pillar. Shadow AI discovery. Usage policies. Data classification. Controls around what employees paste into AI prompts or upload to AI tools. It's important work.",[],{},{"nodeType":235,"data":1232,"content":1233},{},[1234,1238,1243],{"nodeType":239,"value":1235,"marks":1236,"data":1237},"But the SANS model gives roughly equal weight to a second pillar that gets almost no attention: ",[],{},{"nodeType":239,"value":1239,"marks":1240,"data":1242},"Protect",[1241],{"type":302},{},{"nodeType":239,"value":1244,"marks":1245,"data":1246}," - defending against AI-enabled attacks.",[],{},{"nodeType":235,"data":1248,"content":1249},{},[1250],{"nodeType":239,"value":1251,"marks":1252,"data":1253},"The Protect pillar starts from a stark baseline. At Stage 1, most organizations have no visibility into which AI agents or browser extensions have access to their corporate environment, let alone a framework for understanding how those could be attacked. ",[],{},{"nodeType":235,"data":1255,"content":1256},{},[1257],{"nodeType":239,"value":1258,"marks":1259,"data":1260},"By Stage 3, the model expects runtime validation of AI tools and plugins, detection capabilities mapped to AI-specific attack frameworks, and controls that cover the growing surface area of agentic AI. ",[],{},{"nodeType":235,"data":1262,"content":1263},{},[1264],{"nodeType":239,"value":1265,"marks":1266,"data":1267},"By Stage 4, organizations need real-time monitoring of AI agent behavior and defenses against attacks that exploit trust relationships between AI systems — capabilities most security teams haven't started scoping, much less building or procuring.",[],{},{"nodeType":235,"data":1269,"content":1270},{},[1271,1275,1285],{"nodeType":239,"value":1272,"marks":1273,"data":1274},"These are detection and response capabilities, not governance exercises — and the attacks they address are already well underway. ",[],{},{"nodeType":258,"data":1276,"content":1278},{"uri":1277},"https://pushsecurity.com/blog/the-cisos-data-problem-and-how-browser-telemetry-can-help/",[1279],{"nodeType":239,"value":1280,"marks":1281,"data":1284},"One in three phishing payloads",[1282,1283],{"type":319},{"type":302},{},{"nodeType":239,"value":1286,"marks":1287,"data":1288}," intercepted by Push arrive outside of email, through channels where most security controls don't exist. Evidence of the growth of browser-based attack methods enabled by AI tooling abounds:",[],{},{"nodeType":927,"data":1290,"content":1291},{},[1292,1314,1336],{"nodeType":931,"data":1293,"content":1294},{},[1295],{"nodeType":235,"data":1296,"content":1297},{},[1298,1302,1310],{"nodeType":239,"value":1299,"marks":1300,"data":1301},"CrowdStrike's 2026 Global Threat Report documented a ",[],{},{"nodeType":258,"data":1303,"content":1305},{"uri":1304},"https://www.crowdstrike.com/explore/2026-global-threat-report",[1306],{"nodeType":239,"value":1307,"marks":1308,"data":1309},"563% increase in ClickFix lures",[],{},{"nodeType":239,"value":1311,"marks":1312,"data":1313}," — fake CAPTCHA pages that trick users into executing malicious commands on their own machines.",[],{},{"nodeType":931,"data":1315,"content":1316},{},[1317],{"nodeType":235,"data":1318,"content":1319},{},[1320,1324,1332],{"nodeType":239,"value":1321,"marks":1322,"data":1323},"Push has tracked a ",[],{},{"nodeType":258,"data":1325,"content":1327},{"uri":1326},"https://pushsecurity.com/blog/device-code-phishing/",[1328],{"nodeType":239,"value":1329,"marks":1330,"data":1331},"37x increase in device code phishing",[],{},{"nodeType":239,"value":1333,"marks":1334,"data":1335}," since the start of 2026, with 18+ distinct kits now offering the technique.",[],{},{"nodeType":931,"data":1337,"content":1338},{},[1339],{"nodeType":235,"data":1340,"content":1341},{},[1342,1345,1354,1358,1363,1367,1372],{"nodeType":239,"value":29,"marks":1343,"data":1344},[],{},{"nodeType":258,"data":1346,"content":1348},{"uri":1347},"https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack",[1349],{"nodeType":239,"value":1350,"marks":1351,"data":1353},"Anthropic",[1352],{"type":319},{},{"nodeType":239,"value":1355,"marks":1356,"data":1357}," identified ",[],{},{"nodeType":239,"value":1359,"marks":1360,"data":1362},"793 threat actors using AI",[1361],{"type":302},{},{"nodeType":239,"value":1364,"marks":1365,"data":1366}," for malicious cybersecurity purposes between March 2025 and February 2026, with the 2026 Verizon DBIR finding that ",[],{},{"nodeType":239,"value":1368,"marks":1369,"data":1371},"44% of AI-assisted initial access was phishing-related",[1370],{"type":302},{},{"nodeType":239,"value":989,"marks":1373,"data":1374},[],{},{"nodeType":235,"data":1376,"content":1377},{},[1378],{"nodeType":239,"value":1379,"marks":1380,"data":1381},"Attackers are already vibecoding phishing kits, rotating infrastructure daily, and exploiting identity flows that traditional endpoint and network tools can't see.",[],{},{"nodeType":235,"data":1383,"content":1384},{},[1385],{"nodeType":239,"value":1386,"marks":1387,"data":1388},"The SANS model makes the speed argument a central focus at Stage 4: Detection built for human-pace adversaries is increasingly insufficient when threats operate at machine speed. For organizations investing exclusively in AI governance, AI-enabled threats represent an entire category of risk that is not being addressed.",[],{},{"nodeType":346,"data":1390,"content":1391},{},[],{"nodeType":686,"data":1393,"content":1394},{},[1395],{"nodeType":239,"value":1396,"marks":1397,"data":1399},"Why governance alone can't close the gap",[1398],{"type":302},{},{"nodeType":235,"data":1401,"content":1402},{},[1403,1407,1412],{"nodeType":239,"value":1404,"marks":1405,"data":1406},"An organization can have an AI policy, shadow AI discovery, data classification, and usage controls, and ",[],{},{"nodeType":239,"value":1408,"marks":1409,"data":1411},"still",[1410],{"type":274},{},{"nodeType":239,"value":1413,"marks":1414,"data":1415}," be exposed. When an employee hits a device code phishing page or a ClickFix lure, the governance program documented the risk perfectly. It just couldn't stop the attack. The policy existed but the detection (and ideally, mitigation) didn't.",[],{},{"nodeType":235,"data":1417,"content":1418},{},[1419],{"nodeType":239,"value":1420,"marks":1421,"data":1422},"The reverse is equally true, and it's why the SANS model treats the pillars as interdependent rather than sequential. Detection capabilities that fire into a void with no policy to act on findings, no classification to assess exposure, and no governance body to shape proactive policy just create alerts, not security. ",[],{},{"nodeType":235,"data":1424,"content":1425},{},[1426],{"nodeType":239,"value":1427,"marks":1428,"data":1429},"Yet most organizations are only investing heavily in one side of the solution, which is almost always Govern. The maturity model is explicit about the risks of this approach: Governance with no attack detection leaves a critical gap. ",[],{},{"nodeType":235,"data":1431,"content":1432},{},[1433],{"nodeType":239,"value":1434,"marks":1435,"data":1437},"Closing the gap requires a control point where both problems are visible and addressable.",[1436],{"type":302},{},{"nodeType":346,"data":1439,"content":1440},{},[],{"nodeType":350,"data":1442,"content":1443},{},[1444],{"nodeType":239,"value":1445,"marks":1446,"data":1448},"Crossing the chasm requires addressing both pillars at once",[1447],{"type":302},{},{"nodeType":235,"data":1450,"content":1451},{},[1452,1456,1463],{"nodeType":239,"value":1453,"marks":1454,"data":1455},"The bottleneck for most security programs ",[],{},{"nodeType":258,"data":1457,"content":1458},{"uri":1277},[1459],{"nodeType":239,"value":1460,"marks":1461,"data":1462},"isn't frameworks or strategy — it's data quality",[],{},{"nodeType":239,"value":1464,"marks":1465,"data":1466},". For teams taking on the dual problems of shadow AI and AI-enabled attacks, browser telemetry is the foundation to any meaningful solution. That’s because both problems converge in the same place.",[],{},{"nodeType":235,"data":1468,"content":1469},{},[1470],{"nodeType":239,"value":1471,"marks":1472,"data":1473},"AI-enabled phishing attacks, credential theft, malicious browser extensions, and OAuth exploitation happen in the browser. So do shadow AI adoption, sensitive data pasted into AI prompts, file uploads to unapproved tools, and unauthorized integrations. The browser is where external attacks and internal misuse are both visible and stoppable.",[],{},{"nodeType":235,"data":1475,"content":1476},{},[1477],{"nodeType":239,"value":1478,"marks":1479,"data":1480},"For the security team trying to advance past the Framework of No, browser telemetry replaces the blunt instrument of network-level blocking with actual visibility:",[],{},{"nodeType":927,"data":1482,"content":1483},{},[1484,1494,1504],{"nodeType":931,"data":1485,"content":1486},{},[1487],{"nodeType":235,"data":1488,"content":1489},{},[1490],{"nodeType":239,"value":1491,"marks":1492,"data":1493},"which AI apps are in use (including personal account usage)",[],{},{"nodeType":931,"data":1495,"content":1496},{},[1497],{"nodeType":235,"data":1498,"content":1499},{},[1500],{"nodeType":239,"value":1501,"marks":1502,"data":1503},"what data is moving into them (file uploads, clipboard activity)",[],{},{"nodeType":931,"data":1505,"content":1506},{},[1507],{"nodeType":235,"data":1508,"content":1509},{},[1510],{"nodeType":239,"value":1511,"marks":1512,"data":1513},"graduated controls - per-app, per-user group, per-content pattern - that can monitor, warn, or block based on context rather than allow/deny",[],{},{"nodeType":235,"data":1515,"content":1516},{},[1517],{"nodeType":239,"value":1518,"marks":1519,"data":1520},"The same browser-layer instrumentation can also provide real-time detection of credential phishing, ClickFix, adversary-in-the-middle attacks, and device code phishing. And it can detect and disable malicious browser extensions based on confirmed threat intelligence, monitor OAuth integrations, and generate the identity attack surface data (login behaviors, MFA gaps, SSO coverage) that the Protect pillar requires at Stage 3 maturity and beyond.",[],{},{"nodeType":235,"data":1522,"content":1523},{},[1524],{"nodeType":239,"value":1525,"marks":1526,"data":1527},"We built Push around this insight: that the browser is where both problems converge, and a single deployment can advance AI security maturity in both areas simultaneously. The SANS model makes the same argument.",[],{},{"nodeType":346,"data":1529,"content":1530},{},[],{"nodeType":350,"data":1532,"content":1533},{},[1534],{"nodeType":239,"value":1535,"marks":1536,"data":1538},"Where to start: 5 steps to maturity with Push",[1537],{"type":302},{},{"nodeType":235,"data":1540,"content":1541},{},[1542],{"nodeType":239,"value":1543,"marks":1544,"data":1545},"The chasm closes when organizations make meaningful strides forward in both AI governance and proactive defense against AI-enabled attacks. Here's the starting plan that I'd recommend, and Push can provide the tooling to automate these steps:",[],{},{"nodeType":235,"data":1547,"content":1548},{},[1549,1554],{"nodeType":239,"value":1550,"marks":1551,"data":1553},"1. Build an AI inventory automatically.",[1552],{"type":302},{},{"nodeType":239,"value":1555,"marks":1556,"data":1557}," Every stage transition in the SANS model starts with knowing what's in your environment. A manual survey won't cut it; employees won't self-report the tools they're not sure they're allowed to use, and may overlook apps where AI is a feature but not the core function (AI-enabled apps). Instead, organizations should deploy automated discovery for AI apps, browser extensions, and OAuth integrations across the workforce - including the ones using personal accounts. Until this inventory exists, every policy decision is based on incomplete information.",[],{},{"nodeType":281,"data":1559,"content":1563},{"target":1560},{"sys":1561},{"id":1562,"type":286,"linkType":287},"2t3u0NydllImv6NzvAY058",[],{"nodeType":235,"data":1565,"content":1566},{},[1567,1572],{"nodeType":239,"value":1568,"marks":1569,"data":1571},"2. Classify what you find.",[1570],{"type":302},{},{"nodeType":239,"value":1573,"marks":1574,"data":1575}," Not all AI usage carries the same risk. A developer pasting code into ChatGPT and a salesperson using an AI notetaker are different problems. Once you can see the tools, categorize them by data sensitivity, authorization status, and access scope. The SANS model calls out data classification as a critical prerequisite; you can't write an effective AI policy without knowing where sensitive data lives.",[],{},{"nodeType":235,"data":1577,"content":1578},{},[1579,1584],{"nodeType":239,"value":1580,"marks":1581,"data":1583},"3. Turn on browser-layer detection.",[1582],{"type":302},{},{"nodeType":239,"value":1585,"marks":1586,"data":1587}," This is the step most organizations skip, and it's why addressing only the Protect pillar will keep you at Stage 1. AI-enabled phishing, ClickFix attacks, device code phishing, malicious extension updates, and OAuth exploitation all execute in the browser. Without detection in that layer, there's no visibility into the fastest-growing attack category, and no path to advancing beyond basic AI usage awareness.",[],{},{"nodeType":281,"data":1589,"content":1593},{"target":1590},{"sys":1591},{"id":1592,"type":286,"linkType":287},"1fzuGjA6VSbVl1p7vM1mt7",[],{"nodeType":235,"data":1595,"content":1596},{},[1597,1602],{"nodeType":239,"value":1598,"marks":1599,"data":1601},"4. Move from blocking to graduated controls.",[1600],{"type":302},{},{"nodeType":239,"value":1603,"marks":1604,"data":1605}," The Framework of No fails because it's binary: allow or deny, with nothing in between. Organizations that cross the chasm adopt monitor, warn, and block modes — per app, per user group, per content pattern. Monitor first to see what's happening, warn to change behavior without disrupting workflows, and block only where the risk justifies it. This is the operational difference between Stage 2 and Stage 3.",[],{},{"nodeType":235,"data":1607,"content":1608},{},[1609,1614,1618,1624],{"nodeType":239,"value":1610,"marks":1611,"data":1613},"5. Assess yourself honestly against evidence, not aspiration.",[1612],{"type":302},{},{"nodeType":239,"value":1615,"marks":1616,"data":1617}," The ",[],{},{"nodeType":258,"data":1619,"content":1620},{"uri":916},[1621],{"nodeType":239,"value":919,"marks":1622,"data":1623},[],{},{"nodeType":239,"value":1625,"marks":1626,"data":1627}," includes a self-assessment and industry-specific weighting profiles. The value isn't in the score, but in identifying which pillar is keeping you from advancing.",[],{},{"nodeType":235,"data":1629,"content":1630},{},[1631],{"nodeType":239,"value":1632,"marks":1633,"data":1634},"The organizations that cross the AI security chasm will be the ones that recognize early that AI security isn't one problem with one solution. It's two problems that happen to share a control point. The most efficient path forward is a platform that addresses both.",[],{},{"nodeType":346,"data":1636,"content":1637},{},[],{"nodeType":350,"data":1639,"content":1640},{},[1641],{"nodeType":239,"value":1642,"marks":1643,"data":1645},"Learn more about Push",[1644],{"type":302},{},{"nodeType":235,"data":1647,"content":1648},{},[1649],{"nodeType":239,"value":1650,"marks":1651,"data":1652},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser - high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required.",[],{},{"nodeType":235,"data":1654,"content":1655},{},[1656],{"nodeType":239,"value":737,"marks":1657,"data":1658},[],{},{"nodeType":235,"data":1660,"content":1661},{},[1662,1666,1674],{"nodeType":239,"value":1663,"marks":1664,"data":1665},"Book a ",[],{},{"nodeType":258,"data":1667,"content":1668},{"uri":748},[1669],{"nodeType":239,"value":1670,"marks":1671,"data":1673},"live demo",[1672],{"type":319},{},{"nodeType":239,"value":1675,"marks":1676,"data":1677}," to learn more.",[],{},"Crossing the AI security chasm with the SANS AI security maturity model","Most organizations know they have an AI security problem. A new SANS framework shows why so few are making progress - and what it actually takes to get unstuck.","crossing-the-ai-security-chasm-sans-security-maturity-model",{"items":1682},[1683,1687],{"sys":1684,"name":1686},{"id":1685},"3pjES4THCIfSAwhGdNwBcy","Browser security",{"sys":1688,"name":1690},{"id":1689},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"items":1692},[1693],{"fullName":224,"firstName":225,"jobTitle":226,"profilePicture":1694},{"url":228},{"__typename":804,"sys":1696,"content":1698,"title":2721,"synopsis":2722,"hashTags":62,"publishedDate":2723,"slug":2724,"tagsCollection":2725,"authorsCollection":2731},{"id":1697},"19QvRR4NcSe3PHQEhID42Q",{"json":1699},{"nodeType":231,"data":1700,"content":1701},{},[1702,1710,1717,1725,2304,2310,2317,2324,2327,2335,2342,2350,2357,2363,2368,2376,2392,2400,2407,2415,2422,2428,2436,2443,2449,2452,2460,2479,2499,2518,2525,2528,2536,2543,2554,2561,2572,2579,2585,2596,2603,2614,2621,2628,2634,2645,2652,2655,2663,2670,2677,2684,2690,2693,2699,2705],{"nodeType":350,"data":1703,"content":1704},{},[1705],{"nodeType":239,"value":1706,"marks":1707,"data":1709},"The AI regulatory landscape is moving fast",[1708],{"type":302},{},{"nodeType":235,"data":1711,"content":1712},{},[1713],{"nodeType":239,"value":1714,"marks":1715,"data":1716},"The regulatory landscape around AI has shifted from theoretical to operational faster than most compliance teams expected. Several regulations are already in force, presenting not just a legal but also significant operational challenge to organizations covered by these regulations. ",[],{},{"nodeType":235,"data":1718,"content":1719},{},[1720],{"nodeType":239,"value":1721,"marks":1722,"data":1724},"First, here's a summary of the key frameworks and what they require:",[1723],{"type":302},{},{"nodeType":1726,"data":1727,"content":1728},"table",{},[1729,1778,1868,1934,1989,2115,2170,2237],{"nodeType":1730,"data":1731,"content":1732},"table-row",{},[1733,1745,1756,1767],{"nodeType":1734,"data":1735,"content":1736},"table-cell",{},[1737],{"nodeType":235,"data":1738,"content":1739},{},[1740],{"nodeType":239,"value":1741,"marks":1742,"data":1744},"Regulation",[1743],{"type":302},{},{"nodeType":1734,"data":1746,"content":1747},{},[1748],{"nodeType":235,"data":1749,"content":1750},{},[1751],{"nodeType":239,"value":1752,"marks":1753,"data":1755},"Jurisdiction",[1754],{"type":302},{},{"nodeType":1734,"data":1757,"content":1758},{},[1759],{"nodeType":235,"data":1760,"content":1761},{},[1762],{"nodeType":239,"value":1763,"marks":1764,"data":1766},"What it requires for AI",[1765],{"type":302},{},{"nodeType":1734,"data":1768,"content":1769},{},[1770],{"nodeType":235,"data":1771,"content":1772},{},[1773],{"nodeType":239,"value":1774,"marks":1775,"data":1777},"Status",[1776],{"type":302},{},{"nodeType":1730,"data":1779,"content":1780},{},[1781,1803,1813,1847],{"nodeType":1734,"data":1782,"content":1783},{},[1784],{"nodeType":235,"data":1785,"content":1786},{},[1787,1790,1800],{"nodeType":239,"value":29,"marks":1788,"data":1789},[],{},{"nodeType":258,"data":1791,"content":1793},{"uri":1792},"https://artificialintelligenceact.eu/",[1794],{"nodeType":239,"value":1795,"marks":1796,"data":1799},"EU AI Act",[1797,1798],{"type":319},{"type":302},{},{"nodeType":239,"value":29,"marks":1801,"data":1802},[],{},{"nodeType":1734,"data":1804,"content":1805},{},[1806],{"nodeType":235,"data":1807,"content":1808},{},[1809],{"nodeType":239,"value":1810,"marks":1811,"data":1812},"EU",[],{},{"nodeType":1734,"data":1814,"content":1815},{},[1816],{"nodeType":235,"data":1817,"content":1818},{},[1819,1823,1831,1835,1843],{"nodeType":239,"value":1820,"marks":1821,"data":1822},"AI system inventory and risk classification; ",[],{},{"nodeType":258,"data":1824,"content":1826},{"uri":1825},"https://artificialintelligenceact.eu/article/4/",[1827],{"nodeType":239,"value":1828,"marks":1829,"data":1830},"AI literacy",[],{},{"nodeType":239,"value":1832,"marks":1833,"data":1834}," for all staff; ",[],{},{"nodeType":258,"data":1836,"content":1838},{"uri":1837},"https://artificialintelligenceact.eu/article/15/",[1839],{"nodeType":239,"value":1840,"marks":1841,"data":1842},"cybersecurity resilience",[],{},{"nodeType":239,"value":1844,"marks":1845,"data":1846}," for high-risk AI; transparency and human oversight",[],{},{"nodeType":1734,"data":1848,"content":1849},{},[1850],{"nodeType":235,"data":1851,"content":1852},{},[1853,1856,1864],{"nodeType":239,"value":29,"marks":1854,"data":1855},[],{},{"nodeType":258,"data":1857,"content":1858},{"uri":1825},[1859],{"nodeType":239,"value":1860,"marks":1861,"data":1863},"Art. 4",[1862],{"type":319},{},{"nodeType":239,"value":1865,"marks":1866,"data":1867}," (literacy) in force Feb 2025; high-risk obligations Aug 2026",[],{},{"nodeType":1730,"data":1869,"content":1870},{},[1871,1893,1903,1924],{"nodeType":1734,"data":1872,"content":1873},{},[1874],{"nodeType":235,"data":1875,"content":1876},{},[1877,1880,1890],{"nodeType":239,"value":29,"marks":1878,"data":1879},[],{},{"nodeType":258,"data":1881,"content":1883},{"uri":1882},"https://eur-lex.europa.eu/eli/reg/2022/2554/oj",[1884],{"nodeType":239,"value":1885,"marks":1886,"data":1889},"DORA",[1887,1888],{"type":319},{"type":302},{},{"nodeType":239,"value":29,"marks":1891,"data":1892},[],{},{"nodeType":1734,"data":1894,"content":1895},{},[1896],{"nodeType":235,"data":1897,"content":1898},{},[1899],{"nodeType":239,"value":1900,"marks":1901,"data":1902},"EU financial services",[],{},{"nodeType":1734,"data":1904,"content":1905},{},[1906],{"nodeType":235,"data":1907,"content":1908},{},[1909,1913,1920],{"nodeType":239,"value":1910,"marks":1911,"data":1912},"AI tools in ICT risk framework; AI providers in ",[],{},{"nodeType":258,"data":1914,"content":1915},{"uri":1882},[1916],{"nodeType":239,"value":1917,"marks":1918,"data":1919},"third-party risk registers",[],{},{"nodeType":239,"value":1921,"marks":1922,"data":1923},"; resilience testing covering AI-enhanced attacks",[],{},{"nodeType":1734,"data":1925,"content":1926},{},[1927],{"nodeType":235,"data":1928,"content":1929},{},[1930],{"nodeType":239,"value":1931,"marks":1932,"data":1933},"In force Jan 2025",[],{},{"nodeType":1730,"data":1935,"content":1936},{},[1937,1959,1969,1979],{"nodeType":1734,"data":1938,"content":1939},{},[1940],{"nodeType":235,"data":1941,"content":1942},{},[1943,1946,1956],{"nodeType":239,"value":29,"marks":1944,"data":1945},[],{},{"nodeType":258,"data":1947,"content":1949},{"uri":1948},"https://eur-lex.europa.eu/eli/reg/2024/2847/oj",[1950],{"nodeType":239,"value":1951,"marks":1952,"data":1955},"EU Cyber Resilience Act",[1953,1954],{"type":319},{"type":302},{},{"nodeType":239,"value":29,"marks":1957,"data":1958},[],{},{"nodeType":1734,"data":1960,"content":1961},{},[1962],{"nodeType":235,"data":1963,"content":1964},{},[1965],{"nodeType":239,"value":1966,"marks":1967,"data":1968},"EU digital products",[],{},{"nodeType":1734,"data":1970,"content":1971},{},[1972],{"nodeType":235,"data":1973,"content":1974},{},[1975],{"nodeType":239,"value":1976,"marks":1977,"data":1978},"AI-enabled software must meet essential cybersecurity requirements; vulnerability management and incident reporting",[],{},{"nodeType":1734,"data":1980,"content":1981},{},[1982],{"nodeType":235,"data":1983,"content":1984},{},[1985],{"nodeType":239,"value":1986,"marks":1987,"data":1988},"Reporting Sep 2026; full compliance Dec 2027",[],{},{"nodeType":1730,"data":1990,"content":1991},{},[1992,2014,2024,2074],{"nodeType":1734,"data":1993,"content":1994},{},[1995],{"nodeType":235,"data":1996,"content":1997},{},[1998,2001,2011],{"nodeType":239,"value":29,"marks":1999,"data":2000},[],{},{"nodeType":258,"data":2002,"content":2004},{"uri":2003},"https://www.dfs.ny.gov/industry_guidance/cybersecurity",[2005],{"nodeType":239,"value":2006,"marks":2007,"data":2010},"NYDFS 23 NYCRR 500",[2008,2009],{"type":319},{"type":302},{},{"nodeType":239,"value":29,"marks":2012,"data":2013},[],{},{"nodeType":1734,"data":2015,"content":2016},{},[2017],{"nodeType":235,"data":2018,"content":2019},{},[2020],{"nodeType":239,"value":2021,"marks":2022,"data":2023},"US (NY financial services)",[],{},{"nodeType":1734,"data":2025,"content":2026},{},[2027],{"nodeType":235,"data":2028,"content":2029},{},[2030,2033,2042,2046,2054,2058,2071],{"nodeType":239,"value":29,"marks":2031,"data":2032},[],{},{"nodeType":258,"data":2034,"content":2036},{"uri":2035},"https://www.dfs.ny.gov/industry-guidance/industry-letters/il20241016-cyber-risks-ai-and-strategies-combat-related-risks",[2037],{"nodeType":239,"value":2038,"marks":2039,"data":2041},"AI-resistant MFA",[2040],{"type":319},{},{"nodeType":239,"value":2043,"marks":2044,"data":2045},"; employee training on AI threats; ",[],{},{"nodeType":258,"data":2047,"content":2049},{"uri":2048},"https://www.dfs.ny.gov/industry-guidance/industry-letters/il20251021-guidance-managing-risks-third-party",[2050],{"nodeType":239,"value":2051,"marks":2052,"data":2053},"third-party AI risk assessment",[],{},{"nodeType":239,"value":2055,"marks":2056,"data":2057},";",[],{},{"nodeType":258,"data":2059,"content":2061},{"uri":2060},"https://www.dfs.ny.gov/industry-guidance/industry-letters/20260521-heightened-cybersecurity-risks-assoc-with-frontier-ai-models",[2062,2066],{"nodeType":239,"value":2063,"marks":2064,"data":2065}," ",[],{},{"nodeType":239,"value":2067,"marks":2068,"data":2070},"frontier AI model defenses",[2069],{"type":319},{},{"nodeType":239,"value":29,"marks":2072,"data":2073},[],{},{"nodeType":1734,"data":2075,"content":2076},{},[2077],{"nodeType":235,"data":2078,"content":2079},{},[2080,2084,2091,2095,2102,2105,2112],{"nodeType":239,"value":2081,"marks":2082,"data":2083},"Phased 2023–2025; AI-specific guidance issued ",[],{},{"nodeType":258,"data":2085,"content":2086},{"uri":2035},[2087],{"nodeType":239,"value":2088,"marks":2089,"data":2090},"Oct 2024",[],{},{"nodeType":239,"value":2092,"marks":2093,"data":2094},", ",[],{},{"nodeType":258,"data":2096,"content":2097},{"uri":2048},[2098],{"nodeType":239,"value":2099,"marks":2100,"data":2101},"Oct 2025",[],{},{"nodeType":239,"value":2092,"marks":2103,"data":2104},[],{},{"nodeType":258,"data":2106,"content":2107},{"uri":2060},[2108],{"nodeType":239,"value":2109,"marks":2110,"data":2111},"May 2026",[],{},{"nodeType":239,"value":29,"marks":2113,"data":2114},[],{},{"nodeType":1730,"data":2116,"content":2117},{},[2118,2140,2150,2160],{"nodeType":1734,"data":2119,"content":2120},{},[2121],{"nodeType":235,"data":2122,"content":2123},{},[2124,2127,2137],{"nodeType":239,"value":29,"marks":2125,"data":2126},[],{},{"nodeType":258,"data":2128,"content":2130},{"uri":2129},"https://www.ncsl.org/technology-and-communication/2025-state-privacy-legislation-tracker",[2131],{"nodeType":239,"value":2132,"marks":2133,"data":2136},"US State Privacy laws",[2134,2135],{"type":319},{"type":302},{},{"nodeType":239,"value":29,"marks":2138,"data":2139},[],{},{"nodeType":1734,"data":2141,"content":2142},{},[2143],{"nodeType":235,"data":2144,"content":2145},{},[2146],{"nodeType":239,"value":2147,"marks":2148,"data":2149},"US (20+ states)",[],{},{"nodeType":1734,"data":2151,"content":2152},{},[2153],{"nodeType":235,"data":2154,"content":2155},{},[2156],{"nodeType":239,"value":2157,"marks":2158,"data":2159},"Automated decision-making transparency, opt-out rights, and impact assessments; AI and children's data protections",[],{},{"nodeType":1734,"data":2161,"content":2162},{},[2163],{"nodeType":235,"data":2164,"content":2165},{},[2166],{"nodeType":239,"value":2167,"marks":2168,"data":2169},"Rolling 2024–2027 (CA, CO, CT leading)",[],{},{"nodeType":1730,"data":2171,"content":2172},{},[2173,2195,2205,2215],{"nodeType":1734,"data":2174,"content":2175},{},[2176],{"nodeType":235,"data":2177,"content":2178},{},[2179,2182,2192],{"nodeType":239,"value":29,"marks":2180,"data":2181},[],{},{"nodeType":258,"data":2183,"content":2185},{"uri":2184},"https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/index.html",[2186],{"nodeType":239,"value":2187,"marks":2188,"data":2191},"HIPAA Security Rule",[2189,2190],{"type":319},{"type":302},{},{"nodeType":239,"value":29,"marks":2193,"data":2194},[],{},{"nodeType":1734,"data":2196,"content":2197},{},[2198],{"nodeType":235,"data":2199,"content":2200},{},[2201],{"nodeType":239,"value":2202,"marks":2203,"data":2204},"US healthcare",[],{},{"nodeType":1734,"data":2206,"content":2207},{},[2208],{"nodeType":235,"data":2209,"content":2210},{},[2211],{"nodeType":239,"value":2212,"marks":2213,"data":2214},"AI tools in mandatory technology asset inventory; mandatory encryption covering AI; AI-enhanced attack preparedness",[],{},{"nodeType":1734,"data":2216,"content":2217},{},[2218],{"nodeType":235,"data":2219,"content":2220},{},[2221,2224,2233],{"nodeType":239,"value":29,"marks":2222,"data":2223},[],{},{"nodeType":258,"data":2225,"content":2227},{"uri":2226},"https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet/index.html",[2228],{"nodeType":239,"value":2229,"marks":2230,"data":2232},"Final rule",[2231],{"type":319},{},{"nodeType":239,"value":2234,"marks":2235,"data":2236}," expected 2026",[],{},{"nodeType":1730,"data":2238,"content":2239},{},[2240,2262,2272,2294],{"nodeType":1734,"data":2241,"content":2242},{},[2243],{"nodeType":235,"data":2244,"content":2245},{},[2246,2249,2259],{"nodeType":239,"value":29,"marks":2247,"data":2248},[],{},{"nodeType":258,"data":2250,"content":2252},{"uri":2251},"https://www.legislation.gov.uk/ukpga/2025/18",[2253],{"nodeType":239,"value":2254,"marks":2255,"data":2258},"UK Data (Use and Access) Act",[2256,2257],{"type":319},{"type":302},{},{"nodeType":239,"value":29,"marks":2260,"data":2261},[],{},{"nodeType":1734,"data":2263,"content":2264},{},[2265],{"nodeType":235,"data":2266,"content":2267},{},[2268],{"nodeType":239,"value":2269,"marks":2270,"data":2271},"UK",[],{},{"nodeType":1734,"data":2273,"content":2274},{},[2275],{"nodeType":235,"data":2276,"content":2277},{},[2278,2282,2290],{"nodeType":239,"value":2279,"marks":2280,"data":2281},"Reformed ",[],{},{"nodeType":258,"data":2283,"content":2285},{"uri":2284},"https://www.legislation.gov.uk/ukpga/2025/18/section/80",[2286],{"nodeType":239,"value":2287,"marks":2288,"data":2289},"automated decision-making rules",[],{},{"nodeType":239,"value":2291,"marks":2292,"data":2293}," (new Arts. 22A-22D UK GDPR): meaningful information about decisions, right to make representations, human intervention and contestation rights; stricter controls for special category data; new complaints-handling duty with 30-day response clock (from June 2026)",[],{},{"nodeType":1734,"data":2295,"content":2296},{},[2297],{"nodeType":235,"data":2298,"content":2299},{},[2300],{"nodeType":239,"value":2301,"marks":2302,"data":2303},"Main provisions Feb 2026; complaints duty June 2026",[],{},{"nodeType":281,"data":2305,"content":2309},{"target":2306},{"sys":2307},{"id":2308,"type":286,"linkType":287},"1J7nJKJ5XDLLiicX9cD4H1",[],{"nodeType":235,"data":2311,"content":2312},{},[2313],{"nodeType":239,"value":2314,"marks":2315,"data":2316},"Even if your organization isn't yet subject to these specific regulations, the direction of travel matters. The EU has a track record of setting global regulatory standards: GDPR reshaped data privacy practices worldwide, and the Digital Markets Act is influencing antitrust enforcement well beyond European borders.",[],{},{"nodeType":235,"data":2318,"content":2319},{},[2320],{"nodeType":239,"value":2321,"marks":2322,"data":2323},"The EU AI Act is the world's first comprehensive AI law, and the pattern of obligation categories it establishes is already visible in NYDFS guidance, US state privacy legislation, and the UK's reformed automated decision-making framework. Organizations that build the operational foundations to meet these obligations now will be ahead of whatever comes next, regardless of jurisdiction.",[],{},{"nodeType":346,"data":2325,"content":2326},{},[],{"nodeType":350,"data":2328,"content":2329},{},[2330],{"nodeType":239,"value":2331,"marks":2332,"data":2334},"Five obligation categories appear across frameworks",[2333],{"type":302},{},{"nodeType":235,"data":2336,"content":2337},{},[2338],{"nodeType":239,"value":2339,"marks":2340,"data":2341},"Across these frameworks, the AI-specific obligations cluster into five categories. Individual regulations word them differently and scope them to different sectors, but the compliance actions they require are largely the same.",[],{},{"nodeType":686,"data":2343,"content":2344},{},[2345],{"nodeType":239,"value":2346,"marks":2347,"data":2349},"1. AI inventory and classification",[2348],{"type":302},{},{"nodeType":235,"data":2351,"content":2352},{},[2353],{"nodeType":239,"value":2354,"marks":2355,"data":2356},"You can't classify AI systems by risk level if you don't know which ones your employees are using. Multiple regulations now require organizations to maintain a complete inventory of AI tools in their environment — whether as part of risk classification, asset management, or third-party risk registers.",[],{},{"nodeType":281,"data":2358,"content":2362},{"target":2359},{"sys":2360},{"id":2361,"type":286,"linkType":287},"6MEapKaazFTulp7Ql0m7H1",[],{"nodeType":281,"data":2364,"content":2367},{"target":2365},{"sys":2366},{"id":871,"type":286,"linkType":287},[],{"nodeType":686,"data":2369,"content":2370},{},[2371],{"nodeType":239,"value":2372,"marks":2373,"data":2375},"2. AI literacy and employee guidance",[2374],{"type":302},{},{"nodeType":235,"data":2377,"content":2378},{},[2379,2383,2388],{"nodeType":239,"value":2380,"marks":2381,"data":2382},"Regulators increasingly expect organizations to demonstrate that employees understand the AI tools they use — not through annual training alone, but through continuous, contextual guidance at the point of interaction. Several frameworks now require auditable evidence that staff have been educated about AI risks and acceptable use policies. The common thread is the need for ",[],{},{"nodeType":239,"value":2384,"marks":2385,"data":2387},"ongoing",[2386],{"type":302},{},{"nodeType":239,"value":2389,"marks":2390,"data":2391}," education, not as a one-off compliance exercise, but continuously at the point of interaction.",[],{},{"nodeType":686,"data":2393,"content":2394},{},[2395],{"nodeType":239,"value":2396,"marks":2397,"data":2399},"3. AI data governance and exposure control",[2398],{"type":302},{},{"nodeType":235,"data":2401,"content":2402},{},[2403],{"nodeType":239,"value":2404,"marks":2405,"data":2406},"Regulations are converging on the requirement for controls over what data enters AI tools. This includes sensitive personal data, health data, and data subject to automated decision-making. Organizations need to know where personal data is being processed by AI and have mechanisms to prevent unauthorized exposure.",[],{},{"nodeType":686,"data":2408,"content":2409},{},[2410],{"nodeType":239,"value":2411,"marks":2412,"data":2414},"4. AI-resistant authentication and phishing defense",[2413],{"type":302},{},{"nodeType":235,"data":2416,"content":2417},{},[2418],{"nodeType":239,"value":2419,"marks":2420,"data":2421},"AI is making phishing attacks more convincing and harder to detect through traditional means. Several frameworks now require authentication methods that can withstand AI-enhanced attacks, specifically naming phishing-resistant options like digital certificates and security keys over SMS or voice-based authentication. Beyond authentication, organizations need defenses against AI-powered phishing that bypasses the lure-quality signals users were trained to spot.",[],{},{"nodeType":281,"data":2423,"content":2427},{"target":2424},{"sys":2425},{"id":2426,"type":286,"linkType":287},"6v3l0lGH6twfYi2JaM5fKt",[],{"nodeType":686,"data":2429,"content":2430},{},[2431],{"nodeType":239,"value":2432,"marks":2433,"data":2435},"5. Third-party AI risk and supply chain governance",[2434],{"type":302},{},{"nodeType":235,"data":2437,"content":2438},{},[2439],{"nodeType":239,"value":2440,"marks":2441,"data":2442},"Employees adopt AI tools faster than procurement can track them, and each one that connects to corporate systems via OAuth creates a persistent trust relationship. Regulators now require organizations to know which third-party AI services they depend on, what permissions those services hold, and whether they introduce concentration risk. ",[],{},{"nodeType":281,"data":2444,"content":2448},{"target":2445},{"sys":2446},{"id":2447,"type":286,"linkType":287},"7xx2yYRJXBY55qTqBTTZcp",[],{"nodeType":346,"data":2450,"content":2451},{},[],{"nodeType":350,"data":2453,"content":2454},{},[2455],{"nodeType":239,"value":2456,"marks":2457,"data":2459},"How the regulations will be enforced",[2458],{"type":302},{},{"nodeType":235,"data":2461,"content":2462},{},[2463,2467,2475],{"nodeType":239,"value":2464,"marks":2465,"data":2466},"The consequences extend well beyond fines. EU AI Act penalties reach ",[],{},{"nodeType":258,"data":2468,"content":2470},{"uri":2469},"https://artificialintelligenceact.eu/article/99/",[2471],{"nodeType":239,"value":2472,"marks":2473,"data":2474},"€35 million or 7% of global turnover",[],{},{"nodeType":239,"value":2476,"marks":2477,"data":2478}," for prohibited practices, but the operational impact may bite harder: non-compliant AI systems cannot be placed on the EU market, and providers bear direct responsibility for conformity under Articles 16 and 26 — meaning the CISO who signed off on an AI deployment that turns out to be non-compliant has personal exposure, not just a budget line item.",[],{},{"nodeType":235,"data":2480,"content":2481},{},[2482,2486,2495],{"nodeType":239,"value":2483,"marks":2484,"data":2485},"Italy's implementation law (",[],{},{"nodeType":258,"data":2487,"content":2489},{"uri":2488},"https://www.nortonrosefulbright.com/en/knowledge/publications/9bfedfea/italy-enacts-law-no-132-2025-on-artificial-intelligence-sector-rules-and-next-steps",[2490],{"nodeType":239,"value":2491,"marks":2492,"data":2494},"Law No. 132/2025",[2493],{"type":319},{},{"nodeType":239,"value":2496,"marks":2497,"data":2498},") goes further, introducing criminal penalties including imprisonment for AI-related offenses like deepfake dissemination.",[],{},{"nodeType":235,"data":2500,"content":2501},{},[2502,2506,2514],{"nodeType":239,"value":2503,"marks":2504,"data":2505},"NYDFS penalties accumulate at $2,500 per day per violation, and the regulator has been aggressive: it levied ",[],{},{"nodeType":258,"data":2507,"content":2509},{"uri":2508},"https://pushsecurity.com/blog/what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance/",[2510],{"nodeType":239,"value":2511,"marks":2512,"data":2513},"$14 million in fines",[],{},{"nodeType":239,"value":2515,"marks":2516,"data":2517}," from companies with inadequate MFA. CISOs sign annual compliance certifications under §500.17 where false certification carries personal liability.",[],{},{"nodeType":235,"data":2519,"content":2520},{},[2521],{"nodeType":239,"value":2522,"marks":2523,"data":2524},"The UK's Data (Use and Access) Act preserves ICO enforcement powers with fines up to £17.5 million or 4% of global turnover, and introduces a new statutory right for individuals to complain directly to controllers about automated decisions, with a 30-day response clock.",[],{},{"nodeType":346,"data":2526,"content":2527},{},[],{"nodeType":350,"data":2529,"content":2530},{},[2531],{"nodeType":239,"value":2532,"marks":2533,"data":2535},"Where Push maps to these obligations",[2534],{"type":302},{},{"nodeType":235,"data":2537,"content":2538},{},[2539],{"nodeType":239,"value":2540,"marks":2541,"data":2542},"The five obligation categories above map to specific Push capabilities, some directly, others as supporting evidence. Push's relevance to AI regulation isn't a new product direction. The same capabilities that security teams already use for shadow SaaS discovery, phishing defense, and identity posture hardening are what compliance teams need to demonstrate AI governance.",[],{},{"nodeType":686,"data":2544,"content":2545},{},[2546,2551],{"nodeType":239,"value":2547,"marks":2548,"data":2550},"AI inventory and shadow AI discovery.",[2549],{"type":302},{},{"nodeType":239,"value":2063,"marks":2552,"data":2553},[],{},{"nodeType":235,"data":2555,"content":2556},{},[2557],{"nodeType":239,"value":2558,"marks":2559,"data":2560},"Push identifies every AI app, AI browser extension, and AI OAuth integration in use across the organization, not from network traffic patterns or procurement records, but from actual observed usage in the browser.",[],{},{"nodeType":686,"data":2562,"content":2563},{},[2564,2569],{"nodeType":239,"value":2565,"marks":2566,"data":2568},"AI usage policy enforcement and literacy evidence.",[2567],{"type":302},{},{"nodeType":239,"value":2063,"marks":2570,"data":2571},[],{},{"nodeType":235,"data":2573,"content":2574},{},[2575],{"nodeType":239,"value":2576,"marks":2577,"data":2578},"Push's custom app banners deliver contextual policy guidance the moment an employee accesses an AI tool: linking to approved usage policies, data handling guidelines, or approved alternatives. Banners are fully customizable: they can include specific instructions, link to AI policy documents or approved alternatives, and messages from the security team tailored to the tool or user group. ",[],{},{"nodeType":281,"data":2580,"content":2584},{"target":2581},{"sys":2582},{"id":2583,"type":286,"linkType":287},"4bt65QXDiyTi1eq7wnbHUh",[],{"nodeType":686,"data":2586,"content":2587},{},[2588,2593],{"nodeType":239,"value":2589,"marks":2590,"data":2592},"AI data exposure controls.",[2591],{"type":302},{},{"nodeType":239,"value":2063,"marks":2594,"data":2595},[],{},{"nodeType":235,"data":2597,"content":2598},{},[2599],{"nodeType":239,"value":2600,"marks":2601,"data":2602},"Push observes what users type, paste, and upload into AI tools, and can apply real-time controls, warning or blocking when sensitive patterns are detected. This is browser-layer DLP scoped to the AI interaction surface: it won't replace a dedicated DLP platform, but it closes the specific gap that most DLP tools miss because they lack visibility into browser-based AI interactions. Push provides the detection and enforcement layer at the point where the data actually leaves the organization.",[],{},{"nodeType":686,"data":2604,"content":2605},{},[2606,2611],{"nodeType":239,"value":2607,"marks":2608,"data":2610},"MFA verification and phishing defense.",[2609],{"type":302},{},{"nodeType":239,"value":2063,"marks":2612,"data":2613},[],{},{"nodeType":235,"data":2615,"content":2616},{},[2617],{"nodeType":239,"value":2618,"marks":2619,"data":2620},"Push detects where MFA is missing and identifies the type of MFA in use, directly supporting the push toward phishing-resistant authentication methods.",[],{},{"nodeType":235,"data":2622,"content":2623},{},[2624],{"nodeType":239,"value":2625,"marks":2626,"data":2627},"Push's behavioral phishing detection stops AiTM phishing, credential harvesting, device code phishing, and ClickFix attacks because Push detects malicious behavior in the browser, making it effective against even AI-powered phishing attacks, or those that are delivered over traditionally unmonitored channels such as search engines, social media, or even via phone call.",[],{},{"nodeType":281,"data":2629,"content":2633},{"target":2630},{"sys":2631},{"id":2632,"type":286,"linkType":287},"3hqv1nql8FvB8j7uRiddqB",[],{"nodeType":686,"data":2635,"content":2636},{},[2637,2642],{"nodeType":239,"value":2638,"marks":2639,"data":2641},"Third-party AI risk visibility.",[2640],{"type":302},{},{"nodeType":239,"value":2063,"marks":2643,"data":2644},[],{},{"nodeType":235,"data":2646,"content":2647},{},[2648],{"nodeType":239,"value":2649,"marks":2650,"data":2651},"Push maps exactly which AI services employees have accessed and used, connected to other business apps via OAuth, what permissions those integrations hold, and who authorized them. This surfaces the AI providers that procurement never approved but employees adopted anyway, before they become a compliance finding or a breach vector.",[],{},{"nodeType":346,"data":2653,"content":2654},{},[],{"nodeType":350,"data":2656,"content":2657},{},[2658],{"nodeType":239,"value":2659,"marks":2660,"data":2662},"The compliance gap is an observability gap",[2661],{"type":302},{},{"nodeType":235,"data":2664,"content":2665},{},[2666],{"nodeType":239,"value":2667,"marks":2668,"data":2669},"The common failure mode across all five obligation categories is the same: the organization has a policy but can't demonstrate enforcement, because the tooling that would provide evidence operates at the wrong layer. IdP logs show managed authentication but not shadow AI logins. Network tools see traffic to AI domains but not the OAuth consent grants or the data in the clipboard. Annual training records exist but can't prove that an employee received guidance at the point of AI interaction.",[],{},{"nodeType":235,"data":2671,"content":2672},{},[2673],{"nodeType":239,"value":2674,"marks":2675,"data":2676},"Browser-layer telemetry closes each of these gaps because it's where the regulated activity actually happens, and where (with Push) you can observe and control it too.",[],{},{"nodeType":235,"data":2678,"content":2679},{},[2680],{"nodeType":239,"value":2681,"marks":2682,"data":2683},"The regulations covered here are the current landscape, but they aren't the final one. AI governance requirements are accelerating: NIST's AI cybersecurity framework profile is expected this summer, CISA's Five Eyes agentic AI guidance landed in May, and EU member states are still building out their national enforcement regimes.",[],{},{"nodeType":281,"data":2685,"content":2689},{"target":2686},{"sys":2687},{"id":2688,"type":286,"linkType":287},"OThPeKuFnpoo1e1FAGsFP",[],{"nodeType":346,"data":2691,"content":2692},{},[],{"nodeType":235,"data":2694,"content":2695},{},[2696],{"nodeType":239,"value":730,"marks":2697,"data":2698},[],{},{"nodeType":235,"data":2700,"content":2701},{},[2702],{"nodeType":239,"value":737,"marks":2703,"data":2704},[],{},{"nodeType":235,"data":2706,"content":2707},{},[2708,2711,2718],{"nodeType":239,"value":29,"marks":2709,"data":2710},[],{},{"nodeType":258,"data":2712,"content":2713},{"uri":748},[2714],{"nodeType":239,"value":751,"marks":2715,"data":2717},[2716],{"type":319},{},{"nodeType":239,"value":29,"marks":2719,"data":2720},[],{},"AI regulation is here: how browser visibility and control can achieve compliance","AI regulations across the US, EU, and UK are converging on obligations that most organizations can't meet without browser visibility into AI tool use.","2026-06-02T00:00:00.000Z","browser-visibility-and-control-can-achieve-ai-compliance",{"items":2726},[2727,2729],{"sys":2728,"name":1690},{"id":1689},{"sys":2730,"name":1686},{"id":1685},{"items":2732},[2733],{"fullName":2734,"firstName":2735,"jobTitle":2736,"profilePicture":2737},"John Creaton","John","Head of Legal",{"url":2738},"https://images.ctfassets.net/y1cdw1ablpvd/ykgZqhGCFFxufznVsqTiM/6bd977c68dd504642f0064bdb90ebdee/1774636973277.jpeg",{"__typename":804,"sys":2740,"content":2742,"title":3978,"synopsis":3979,"hashTags":62,"publishedDate":3980,"slug":3981,"tagsCollection":3982,"authorsCollection":3988},{"id":2741},"6MoHWfQlVildcFYKSbfMcE",{"json":2743},{"nodeType":231,"data":2744,"content":2745},{},[2746,2762,2768,2775,2782,2788,2791,2799,2807,2826,2874,2880,2895,2898,2906,2913,2941,2982,2989,2992,3000,3008,3015,3021,3028,3031,3039,3046,3088,3125,3132,3135,3143,3150,3175,3182,3227,3234,3237,3245,3253,3298,3305,3311,3314,3322,3330,3363,3370,3376,3383,3386,3394,3402,3431,3438,3445,3452,3455,3463,3471,3478,3484,3491,3514,3543,3546,3554,3562,3569,3576,3579,3587,3650,3653,3661,3668,3959,3962],{"nodeType":235,"data":2747,"content":2748},{},[2749,2753,2758],{"nodeType":239,"value":2750,"marks":2751,"data":2752},"Browser security solutions are one of the most significant additions to the enterprise security stack in recent years — and the data shows it. The browser is where ",[],{},{"nodeType":239,"value":2754,"marks":2755,"data":2757},"85% of work now happens",[2756],{"type":302},{},{"nodeType":239,"value":2759,"marks":2760,"data":2761},", where AI tools are accessed, and where attackers increasingly choose to strike.",[],{},{"nodeType":281,"data":2763,"content":2767},{"target":2764},{"sys":2765},{"id":2766,"type":286,"linkType":287},"5P6PyFbn4EakRNlIWtNzyL",[],{"nodeType":235,"data":2769,"content":2770},{},[2771],{"nodeType":239,"value":2772,"marks":2773,"data":2774},"But browser security is a nascent category. Getting a clear picture of which solution is right for your team, and how to get the most out of it, isn't straightforward. Current solutions on the market serve a wide range of IT and security use cases, with varying degrees of depth and differentiation across them. Not all use cases are equal in terms of their security value, and not all of them are best addressed in the browser.",[],{},{"nodeType":235,"data":2776,"content":2777},{},[2778],{"nodeType":239,"value":2779,"marks":2780,"data":2781},"This article ranks the security problems that browser security solutions can address by the value they deliver: a combination of the risk reduction on offer, and the degree to which the browser is genuinely the best (or only) layer to solve the problem. ",[],{},{"nodeType":281,"data":2783,"content":2787},{"target":2784},{"sys":2785},{"id":2786,"type":286,"linkType":287},"6SJPvEHizSYk29lEvVVNj",[],{"nodeType":346,"data":2789,"content":2790},{},[],{"nodeType":350,"data":2792,"content":2793},{},[2794],{"nodeType":239,"value":2795,"marks":2796,"data":2798},"#1 — Account takeover prevention: detecting credential attacks across all vectors",[2797],{"type":302},{},{"nodeType":235,"data":2800,"content":2801},{},[2802],{"nodeType":239,"value":2803,"marks":2804,"data":2806},"Security value: Very high | Browser fit: Uniquely suited",[2805],{"type":302},{},{"nodeType":235,"data":2808,"content":2809},{},[2810,2814,2822],{"nodeType":239,"value":2811,"marks":2812,"data":2813},"Account takeover (ATO) is the dominant entry point for enterprise breaches: ",[],{},{"nodeType":258,"data":2815,"content":2817},{"uri":2816},"https://www.crowdstrike.com/en-gb/resources/infographics/identity-security-risk-review/",[2818],{"nodeType":239,"value":2819,"marks":2820,"data":2821},"80% of all modern breaches involve compromised or stolen identities",[],{},{"nodeType":239,"value":2823,"marks":2824,"data":2825},". The attack surface is far wider than most identity tooling can see: credential stuffing, password spraying, ghost logins (password-based fallback authentication that persists after SSO is configured), weak or reused credentials on shadow SaaS apps, and accounts where MFA was never enforced.",[],{},{"nodeType":235,"data":2827,"content":2828},{},[2829,2833,2841,2844,2849,2853,2858,2862,2870],{"nodeType":239,"value":2830,"marks":2831,"data":2832},"According to ",[],{},{"nodeType":258,"data":2834,"content":2836},{"uri":2835},"https://cf-assets.www.cloudflare.com/slt3lc6tev37/sWDBUMNVtEJB9ZFLt1dUU/8d69e92de2edfb3bf59e7d21d57e7e1a/Cloudflare-2026-threat-report.pdf",[2837],{"nodeType":239,"value":2838,"marks":2839,"data":2840},"Cloudflare's 2026 Threat Report",[],{},{"nodeType":239,"value":2092,"marks":2842,"data":2843},[],{},{"nodeType":239,"value":2845,"marks":2846,"data":2848},"63% of all human logins involve credentials already compromised elsewhere",[2847],{"type":302},{},{"nodeType":239,"value":2850,"marks":2851,"data":2852},", and ",[],{},{"nodeType":239,"value":2854,"marks":2855,"data":2857},"94% of all login attempts originate from bots",[2856],{"type":302},{},{"nodeType":239,"value":2859,"marks":2860,"data":2861},". The ",[],{},{"nodeType":258,"data":2863,"content":2865},{"uri":2864},"https://pushsecurity.com/blog/snowflake-retro/",[2866],{"nodeType":239,"value":2867,"marks":2868,"data":2869},"Snowflake breach",[],{},{"nodeType":239,"value":2871,"marks":2872,"data":2873}," — 165+ organizations compromised, 1 billion+ records stolen — was powered almost entirely by ghost logins: accounts missing MFA that were susceptible to credential stuffing. It's particularly telling that 80% of the accounts impacted had prior breach exposure.",[],{},{"nodeType":281,"data":2875,"content":2879},{"target":2876},{"sys":2877},{"id":2878,"type":286,"linkType":287},"HbZ66kp5DiAZtwNGFJK7d",[],{"nodeType":235,"data":2881,"content":2882},{},[2883,2887,2892],{"nodeType":239,"value":2884,"marks":2885,"data":2886},"For organizations with contractors and BYOD users, the browser extension is also the only enterprise control deployable on devices that can't be MDM-enrolled — extending ATO detection to exactly the place where, per Verizon DBIR 2025, ",[],{},{"nodeType":239,"value":2888,"marks":2889,"data":2891},"46% of infostealer infections originate",[2890],{"type":302},{},{"nodeType":239,"value":989,"marks":2893,"data":2894},[],{},{"nodeType":346,"data":2896,"content":2897},{},[],{"nodeType":350,"data":2899,"content":2900},{},[2901],{"nodeType":239,"value":2902,"marks":2903,"data":2905},"#2 — Detecting and stopping advanced phishing: AiTM, multi-channel delivery, and zero-day lures",[2904],{"type":302},{},{"nodeType":235,"data":2907,"content":2908},{},[2909],{"nodeType":239,"value":2803,"marks":2910,"data":2912},[2911],{"type":302},{},{"nodeType":235,"data":2914,"content":2915},{},[2916,2920,2928,2932,2937],{"nodeType":239,"value":2917,"marks":2918,"data":2919},"Adversary-in-the-Middle (AiTM) phishing — where an attacker's reverse proxy intercepts credentials and session tokens in real time — has become the standard technique for bypassing MFA at scale. ",[],{},{"nodeType":258,"data":2921,"content":2923},{"uri":2922},"https://www.esentire.com/resources/library/2026-threat-report",[2924],{"nodeType":239,"value":2925,"marks":2926,"data":2927},"eSentire's 2026 Threat Report",[],{},{"nodeType":239,"value":2929,"marks":2930,"data":2931}," attributes ",[],{},{"nodeType":239,"value":2933,"marks":2934,"data":2936},"63% of account compromise incidents to PhaaS kits",[2935],{"type":302},{},{"nodeType":239,"value":2938,"marks":2939,"data":2940},", with account compromise surging 389% year-over-year.",[],{},{"nodeType":235,"data":2942,"content":2943},{},[2944,2948,2956,2960,2965,2969,2978],{"nodeType":239,"value":2945,"marks":2946,"data":2947},"Traditional phishing controls are also no longer in the right place to intercept these attacks. The delivery channel has shifted decisively away from email: ",[],{},{"nodeType":258,"data":2949,"content":2951},{"uri":2950},"https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026",[2952],{"nodeType":239,"value":2953,"marks":2954,"data":2955},"Mandiant M-Trends 2026",[],{},{"nodeType":239,"value":2957,"marks":2958,"data":2959}," found email phishing dropped from 14% to 6% as an infection vector, and Push data shows ",[],{},{"nodeType":239,"value":2961,"marks":2962,"data":2964},"roughly 1 in 3 phishing payloads intercepted were delivered outside email entirely",[2963],{"type":302},{},{"nodeType":239,"value":2966,"marks":2967,"data":2968}," — via search engine malvertising, social platforms, and compromised websites. Meanwhile, ",[],{},{"nodeType":258,"data":2970,"content":2972},{"uri":2971},"https://www.spamhaus.com/resource-center/supporting-researchers-with-passive-dns/",[2973],{"nodeType":239,"value":2974,"marks":2975,"data":2977},"89% of phishing domains are active for less than two days",[2976],{"type":302},{},{"nodeType":239,"value":2979,"marks":2980,"data":2981},", making blocklist-based detection structurally too slow — attackers can spin up, tear down, and move on before blocklists can catch up.",[],{},{"nodeType":235,"data":2983,"content":2984},{},[2985],{"nodeType":239,"value":2986,"marks":2987,"data":2988},"Modern phishing plays out entirely inside the browser session. The only detection layer that can see the phishing page structure, the credential entry, and the anomalous token context is the browser itself. Browser-native detection analyses page behavior rather than matching known-bad domains, which means it fires on zero-day kits regardless of how recently the infrastructure was stood up. Controls like credential entry guardrails add an additional layer — blocking corporate passwords from being submitted to unauthorized domains independently of content and behavior-based detections.",[],{},{"nodeType":346,"data":2990,"content":2991},{},[],{"nodeType":350,"data":2993,"content":2994},{},[2995],{"nodeType":239,"value":2996,"marks":2997,"data":2999},"#3 — Identity posture hardening: enforcing security across the apps your IdP doesn't manage",[2998],{"type":302},{},{"nodeType":235,"data":3001,"content":3002},{},[3003],{"nodeType":239,"value":3004,"marks":3005,"data":3007},"Security value: High | Browser fit: Uniquely suited",[3006],{"type":302},{},{"nodeType":235,"data":3009,"content":3010},{},[3011],{"nodeType":239,"value":3012,"marks":3013,"data":3014},"The first challenge is knowing what you're protecting. Every identity an employee creates — every app they sign up to, every password they set, every login that bypasses SSO — is an authentication event that happens inside a browser session. The browser is the only layer that observes all of these events regardless of whether the app is sanctioned, managed, or even known to IT. Solutions that rely on API-level integrations with known apps, network traffic inspection, or email sign-up notifications can only ever build a partial picture, because they can only see apps they already know about. The browser sees the login itself, which means it discovers the identity at the moment it's created or used — authentication method, password strength, MFA status, and all.",[],{},{"nodeType":281,"data":3016,"content":3020},{"target":3017},{"sys":3018},{"id":3019,"type":286,"linkType":287},"HETvBCPsKGkqLVtaasXH0",[],{"nodeType":235,"data":3022,"content":3023},{},[3024],{"nodeType":239,"value":3025,"marks":3026,"data":3027},"But discovery without enforcement is just an inventory problem. Being in the browser means that you're in a great position to act on what it finds at the moment of authentication. Browser-native guardrails that prompt MFA enrollment, guide users toward stronger credentials, and redirect to SSO login paths close the gap at scale, on every app, including those the IdP has never seen. They also produce the continuous, auditable evidence of MFA coverage and credential hygiene across the full application estate that regulators, insurers, and auditors increasingly require — evidence that no IdP-centric tool can provide for apps outside its scope.",[],{},{"nodeType":346,"data":3029,"content":3030},{},[],{"nodeType":350,"data":3032,"content":3033},{},[3034],{"nodeType":239,"value":3035,"marks":3036,"data":3038},"#4 — Browser extension security",[3037],{"type":302},{},{"nodeType":235,"data":3040,"content":3041},{},[3042],{"nodeType":239,"value":3004,"marks":3043,"data":3045},[3044],{"type":302},{},{"nodeType":235,"data":3047,"content":3048},{},[3049,3053,3062,3065,3073,3076,3084],{"nodeType":239,"value":3050,"marks":3051,"data":3052},"Browser extensions have become one of the most talked-about attack surfaces in security over the past 18 months, and understandably so — a string of high-profile supply chain compromises have collectively impacted tens of millions of users since late 2024 (",[],{},{"nodeType":258,"data":3054,"content":3056},{"uri":3055},"https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it",[3057],{"nodeType":239,"value":3058,"marks":3059,"data":3061},"Cyberhaven",[3060],{"type":319},{},{"nodeType":239,"value":2092,"marks":3063,"data":3064},[],{},{"nodeType":258,"data":3066,"content":3068},{"uri":3067},"https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html",[3069],{"nodeType":239,"value":3070,"marks":3071,"data":3072},"DarkSpectre",[],{},{"nodeType":239,"value":2092,"marks":3074,"data":3075},[],{},{"nodeType":258,"data":3077,"content":3079},{"uri":3078},"https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html",[3080],{"nodeType":239,"value":3081,"marks":3082,"data":3083},"Trust Wallet",[],{},{"nodeType":239,"value":3085,"marks":3086,"data":3087},", among many others).",[],{},{"nodeType":235,"data":3089,"content":3090},{},[3091,3094,3103,3107,3112,3116,3121],{"nodeType":239,"value":29,"marks":3092,"data":3093},[],{},{"nodeType":258,"data":3095,"content":3097},{"uri":3096},"https://pushsecurity.com/blog/why-browser-extension-risk-scoring-wont-predict-your-next-breach/",[3098],{"nodeType":239,"value":3099,"marks":3100,"data":3102},"Analysis of 20,000+ extensions across Push customers",[3101],{"type":319},{},{"nodeType":239,"value":3104,"marks":3105,"data":3106}," found ",[],{},{"nodeType":239,"value":3108,"marks":3109,"data":3111},"46.76% have the permission combinations needed to perform account takeover with no user interaction",[3110],{"type":302},{},{"nodeType":239,"value":3113,"marks":3114,"data":3115},", making permissions-based risk scoring effectively useless as a triage tool. The real threat model is not malicious extensions at install time — it's legitimate extensions that ",[],{},{"nodeType":239,"value":3117,"marks":3118,"data":3120},"become",[3119],{"type":274},{},{"nodeType":239,"value":3122,"marks":3123,"data":3124}," malicious after an ownership transfer, developer account compromise, or silent update push. Every major extension supply chain breach of the past 18 months scored as low-risk immediately before compromise.",[],{},{"nodeType":235,"data":3126,"content":3127},{},[3128],{"nodeType":239,"value":3129,"marks":3130,"data":3131},"SWGs and network tools are structurally blind to this attack surface: a malicious extension exfiltrating session tokens generates no anomalous network signal — its traffic is indistinguishable from normal browsing. Endpoint agents have no visibility into extension behavior at the session level. Extension inventory, supply chain change monitoring — ownership transfers, permission escalations, developer contact changes — and enforcement all require browser-layer access by definition.",[],{},{"nodeType":346,"data":3133,"content":3134},{},[],{"nodeType":350,"data":3136,"content":3137},{},[3138],{"nodeType":239,"value":3139,"marks":3140,"data":3142},"#5 — Shadow SaaS discovery and OAuth integration governance",[3141],{"type":302},{},{"nodeType":235,"data":3144,"content":3145},{},[3146],{"nodeType":239,"value":3004,"marks":3147,"data":3149},[3148],{"type":302},{},{"nodeType":235,"data":3151,"content":3152},{},[3153,3157,3162,3166,3171],{"nodeType":239,"value":3154,"marks":3155,"data":3156},"Shadow SaaS discovery shares DNA with identity posture hardening (#3) — both start with the same browser-native visibility into login events that no other layer can replicate. Where identity posture focuses on hardening ",[],{},{"nodeType":239,"value":3158,"marks":3159,"data":3161},"how",[3160],{"type":274},{},{"nodeType":239,"value":3163,"marks":3164,"data":3165}," employees authenticate, shadow SaaS discovery focuses on ",[],{},{"nodeType":239,"value":3167,"marks":3168,"data":3170},"what",[3169],{"type":274},{},{"nodeType":239,"value":3172,"marks":3173,"data":3174}," they authenticate to: surfacing the full estate of applications in use across the organization, including those that IT has never sanctioned or even heard of.",[],{},{"nodeType":235,"data":3176,"content":3177},{},[3178],{"nodeType":239,"value":3179,"marks":3180,"data":3181},"OAuth integration governance is the component of shadow SaaS that is both the most potentially damaging and the hardest to surface through other means. The SaaS-to-SaaS OAuth pivot is now an industrialized attack pattern.",[],{},{"nodeType":927,"data":3183,"content":3184},{},[3185,3206],{"nodeType":931,"data":3186,"content":3187},{},[3188],{"nodeType":235,"data":3189,"content":3190},{},[3191,3194,3202],{"nodeType":239,"value":822,"marks":3192,"data":3193},[],{},{"nodeType":258,"data":3195,"content":3197},{"uri":3196},"https://pushsecurity.com/blog/analyzing-the-instructure-breach/",[3198],{"nodeType":239,"value":3199,"marks":3200,"data":3201},"ShinyHunters",[],{},{"nodeType":239,"value":3203,"marks":3204,"data":3205}," Salesforce campaign — which compromised 1,000+ organizations and 1.5 billion records — demonstrated the full chain: the attacker didn't stop at stealing customer data but harvested OAuth tokens, AWS access keys, and Snowflake tokens from breached tenants and pivoted through connected services like Salesloft, Drift, and Gainsight to reach hundreds more organizations.",[],{},{"nodeType":931,"data":3207,"content":3208},{},[3209],{"nodeType":235,"data":3210,"content":3211},{},[3212,3215,3223],{"nodeType":239,"value":822,"marks":3213,"data":3214},[],{},{"nodeType":258,"data":3216,"content":3218},{"uri":3217},"https://pushsecurity.com/blog/unpacking-the-vercel-breach/",[3219],{"nodeType":239,"value":3220,"marks":3221,"data":3222},"Context.ai → Vercel",[],{},{"nodeType":239,"value":3224,"marks":3225,"data":3226}," chain followed the same logic — stored OAuth tokens from a forgotten AI app trial provided the bridge into Google Workspace, internal dashboards, and API keys. These are not isolated incidents; they are the repeatable playbook for extracting maximum value from a single compromise through the trust relationships that OAuth connections encode.",[],{},{"nodeType":235,"data":3228,"content":3229},{},[3230],{"nodeType":239,"value":3231,"marks":3232,"data":3233},"Every OAuth consent grant transits the browser — the authorization prompt, the scope disclosure, the user's approval click, and the redirect that completes the grant all happen inside a browser session — which makes the browser the only layer where an unwanted grant can be intercepted before the token is issued and the persistent access path is created. Once a token exists, the damage is done: it survives password resets, MFA changes, and session revocations, and revoking it after the fact requires first knowing it was granted, which most organizations do not.",[],{},{"nodeType":346,"data":3235,"content":3236},{},[],{"nodeType":350,"data":3238,"content":3239},{},[3240],{"nodeType":239,"value":3241,"marks":3242,"data":3244},"#6 — Blocking ClickFix and social engineering-based malware delivery",[3243],{"type":302},{},{"nodeType":235,"data":3246,"content":3247},{},[3248],{"nodeType":239,"value":3249,"marks":3250,"data":3252},"Security value: High | Browser fit: Strong for interception — shared with endpoint security for execution. ConsentFix is a browser-native exception that is T1-aligned.",[3251],{"type":302},{},{"nodeType":235,"data":3254,"content":3255},{},[3256,3260,3265,3269,3276,3280,3285,3289,3294],{"nodeType":239,"value":3257,"marks":3258,"data":3259},"ClickFix was the most common initial access vector reported by Microsoft in 2025, accounting for ",[],{},{"nodeType":239,"value":3261,"marks":3262,"data":3264},"47% of observed attacks",[3263],{"type":302},{},{"nodeType":239,"value":3266,"marks":3267,"data":3268},". CrowdStrike's ",[],{},{"nodeType":258,"data":3270,"content":3271},{"uri":1304},[3272],{"nodeType":239,"value":3273,"marks":3274,"data":3275},"2026 Global Threat Report",[],{},{"nodeType":239,"value":3277,"marks":3278,"data":3279}," identified fake CAPTCHA lures as the most common malware download type, increasing ",[],{},{"nodeType":239,"value":3281,"marks":3282,"data":3284},"563% year-over-year",[3283],{"type":302},{},{"nodeType":239,"value":3286,"marks":3287,"data":3288},". The technique writes a malicious command to the victim's clipboard and social-engineers them into executing it. It is fileless (bypassing download scanning), user-executed (bypassing endpoint behavioral detections), and ",[],{},{"nodeType":239,"value":3290,"marks":3291,"data":3293},"4 in 5 ClickFix payloads intercepted by Push arrived via search engines",[3292],{"type":302},{},{"nodeType":239,"value":3295,"marks":3296,"data":3297}," — not email (bypassing email anti-phishing controls).",[],{},{"nodeType":235,"data":3299,"content":3300},{},[3301],{"nodeType":239,"value":3302,"marks":3303,"data":3304},"The browser is the earliest and most effective intervention point — detecting the clipboard injection and social engineering lure before anything reaches the endpoint in executable form. But the problem doesn't end at the browser boundary: once the command has been pasted and run, detection and remediation become endpoint problems, and a mature defense requires both layers. The broader *Fix family — FileFix, InstallFix, and similar derivatives — follows the same pattern, with the browser providing the critical early-warning layer within a defense that spans browser and endpoint.",[],{},{"nodeType":281,"data":3306,"content":3310},{"target":3307},{"sys":3308},{"id":3309,"type":286,"linkType":287},"39alMHtw9FPHbQINqbAgBN",[],{"nodeType":346,"data":3312,"content":3313},{},[],{"nodeType":350,"data":3315,"content":3316},{},[3317],{"nodeType":239,"value":3318,"marks":3319,"data":3321},"#7 — AI visibility and control: enforcing which AI tools employees can use and how",[3320],{"type":302},{},{"nodeType":235,"data":3323,"content":3324},{},[3325],{"nodeType":239,"value":3326,"marks":3327,"data":3329},"Security value: High | Browser fit: Strong for access enforcement — but AI governance is not a new security problem so much as a force multiplier on existing ones",[3328],{"type":302},{},{"nodeType":235,"data":3331,"content":3332},{},[3333,3337,3346,3350,3359],{"nodeType":239,"value":3334,"marks":3335,"data":3336},"AI adoption is outpacing security governance at nearly every organization, and ",[],{},{"nodeType":258,"data":3338,"content":3340},{"uri":3339},"https://pushsecurity.com/blog/7-things-omdias-latest-report-tells-us-about-the-secure-enterprise-browser-market/",[3341],{"nodeType":239,"value":3342,"marks":3343,"data":3345},"71% of organizations are concerned about data leakage via unsanctioned AI apps",[3344],{"type":302},{},{"nodeType":239,"value":3347,"marks":3348,"data":3349},". But the security problems that AI creates are not, for the most part, novel — they are existing Tier 1 problems amplified by a new category of tooling. Shadow AI apps are shadow SaaS (#5). AI OAuth integrations are OAuth governance (#5). AI browser extensions are extension security (#4). The risk of employees using personal AI accounts — ",[],{},{"nodeType":258,"data":3351,"content":3353},{"uri":3352},"https://keepaware.com/blog/46-of-sensitive-data-bypasses-your-dlp",[3354],{"nodeType":239,"value":3355,"marks":3356,"data":3358},"46% of sensitive inputs to AI tools are sent via personal accounts",[3357],{"type":302},{},{"nodeType":239,"value":3360,"marks":3361,"data":3362}," — is an identity posture problem (#3).",[],{},{"nodeType":235,"data":3364,"content":3365},{},[3366],{"nodeType":239,"value":3367,"marks":3368,"data":3369},"The component parts that allow you to govern AI are individually Tier 1 capabilities, and the browser is the best single layer for gaining visibility and control over AI usage — it sees the apps, the OAuth grants, the extensions, and the account context. But a complete end-to-end solution also requires a presence on the endpoint layer (for local AI tools, IDE-integrated agents, and API-level usage that never touches the browser), and prompt-level DLP on sanctioned tools is better handled by platform-native controls than by browser-layer observation.",[],{},{"nodeType":281,"data":3371,"content":3375},{"target":3372},{"sys":3373},{"id":3374,"type":286,"linkType":287},"6Py3z9VgjhKrchmYvhmbsq",[],{"nodeType":235,"data":3377,"content":3378},{},[3379],{"nodeType":239,"value":3380,"marks":3381,"data":3382},"The browser is what makes platform controls effective — if employees are using personal accounts, there are no enterprise audit logs to inspect. And for the growing category of AI agents, agentic browsers, and MCP-connected tools that operate through OAuth grants rather than direct user interaction, the browser is where the consent decisions that authorize those agents are made.",[],{},{"nodeType":346,"data":3384,"content":3385},{},[],{"nodeType":350,"data":3387,"content":3388},{},[3389],{"nodeType":239,"value":3390,"marks":3391,"data":3393},"#8 — Investigation acceleration and incident response: closing the missing middle",[3392],{"type":302},{},{"nodeType":235,"data":3395,"content":3396},{},[3397],{"nodeType":239,"value":3398,"marks":3399,"data":3401},"Security value: High | Browser fit: Strong — fills a structural gap complementary to endpoint, network, and identity telemetry",[3400],{"type":302},{},{"nodeType":235,"data":3403,"content":3404},{},[3405,3409,3414,3418,3427],{"nodeType":239,"value":3406,"marks":3407,"data":3408},"Endpoint logs show what processes executed. Network logs show traffic destinations. IdP logs show authentication events. None of them show what happened ",[],{},{"nodeType":239,"value":3410,"marks":3411,"data":3413},"inside the browser session",[3412],{"type":274},{},{"nodeType":239,"value":3415,"marks":3416,"data":3417}," — the phishing page the user saw, the credentials they entered, the malicious OAuth consent grant, the data uploaded or pasted to an unsanctioned service. This is the missing middle of modern incident investigations, and for the ",[],{},{"nodeType":258,"data":3419,"content":3421},{"uri":3420},"https://www.paloaltonetworks.co.uk/resources/research/unit-42-incident-response-report",[3422],{"nodeType":239,"value":3423,"marks":3424,"data":3426},"48% of intrusions involving browser-based activity",[3425],{"type":302},{},{"nodeType":239,"value":3428,"marks":3429,"data":3430},", the absence of browser telemetry is a significant investigative gap.",[],{},{"nodeType":235,"data":3432,"content":3433},{},[3434],{"nodeType":239,"value":3435,"marks":3436,"data":3437},"Browser-layer telemetry fills that gap with a fundamentally different quality of signal: what users actually clicked, what pages loaded and how they behaved, what credentials were entered, what session activity followed — structured, high-fidelity data from inside the session where the attack played out. That's the difference between inferring what happened and seeing it directly, and it determines scope, drives containment decisions, and provides the direct evidential record that neither endpoint DLP nor network monitoring can supply for browser-native attacks.",[],{},{"nodeType":235,"data":3439,"content":3440},{},[3441],{"nodeType":239,"value":3442,"marks":3443,"data":3444},"Browser telemetry is a key addition to the investigative picture. Investigations are inherently multi-source — without browser data, reconstructing an incident from EDR, network, and IdP logs won't tell you the full picture (particularly when attacks are increasingly delivered outside of email, intercepting users as they browse the internet normally).",[],{},{"nodeType":235,"data":3446,"content":3447},{},[3448],{"nodeType":239,"value":3449,"marks":3450,"data":3451},"The browser provides the causal link that other sources miss: the bridge between \"a user visited a URL\" and \"credentials were submitted to a phishing page that issued a session token now being replayed from an attacker-controlled browser.\" Integrated with SIEM and SOAR platforms, that signal enables automated response workflows to execute on high-confidence detections without waiting for manual triage.",[],{},{"nodeType":346,"data":3453,"content":3454},{},[],{"nodeType":350,"data":3456,"content":3457},{},[3458],{"nodeType":239,"value":3459,"marks":3460,"data":3462},"#9 — Infostealer defense: detecting exposure and blocking delivery",[3461],{"type":302},{},{"nodeType":235,"data":3464,"content":3465},{},[3466],{"nodeType":239,"value":3467,"marks":3468,"data":3470},"Security value: High | Browser fit: Strong for delivery interception and stolen factor detection — complementary to endpoint security for execution",[3469],{"type":302},{},{"nodeType":235,"data":3472,"content":3473},{},[3474],{"nodeType":239,"value":3475,"marks":3476,"data":3477},"Infostealers are the upstream supply chain for a disproportionate share of the most damaging enterprise attacks — harvesting credentials, session cookies, and browser profile data en masse from infected devices, then selling the outputs on infostealer markets for use in credential stuffing, ATO, and ransomware campaigns.",[],{},{"nodeType":281,"data":3479,"content":3483},{"target":3480},{"sys":3481},{"id":3482,"type":286,"linkType":287},"5NF1afwu3zFGThZTtStVQA",[],{"nodeType":235,"data":3485,"content":3486},{},[3487],{"nodeType":239,"value":3488,"marks":3489,"data":3490},"The browser is relevant at two points in the infostealer kill chain. First, delivery interception: ClickFix (covered in #6) is now the primary infostealer delivery mechanism, and the browser is the only layer that can intercept it before execution. Second, detecting stolen factors when attackers attempt to use them — and infostealers produce two categories of stolen factor that the browser can guard against.",[],{},{"nodeType":927,"data":3492,"content":3493},{},[3494,3504],{"nodeType":931,"data":3495,"content":3496},{},[3497],{"nodeType":235,"data":3498,"content":3499},{},[3500],{"nodeType":239,"value":3501,"marks":3502,"data":3503},"Stolen credentials can be identified at the point of login: browser-layer detection flags credentials that appear in known breach datasets, catching infostealer-harvested passwords being replayed in credential stuffing campaigns before the account is compromised.",[],{},{"nodeType":931,"data":3505,"content":3506},{},[3507],{"nodeType":235,"data":3508,"content":3509},{},[3510],{"nodeType":239,"value":3511,"marks":3512,"data":3513},"Stolen session tokens are caught through a different mechanism: sessions originating in instrumented browsers carry a marker, and when a token subsequently appears in an un-instrumented browser it is a confirmed stolen session — catching infostealer-harvested cookies being replayed regardless of how or where the token was originally harvested.",[],{},{"nodeType":235,"data":3515,"content":3516},{},[3517,3521,3530,3534,3539],{"nodeType":239,"value":3518,"marks":3519,"data":3520},"This is particularly critical for the ",[],{},{"nodeType":258,"data":3522,"content":3524},{"uri":3523},"https://www.verizon.com/business/en-gb/resources/reports/dbir/",[3525],{"nodeType":239,"value":3526,"marks":3527,"data":3529},"46% of infected devices that are unmanaged",[3528],{"type":302},{},{"nodeType":239,"value":3531,"marks":3532,"data":3533}," where EDR is absent and the stolen credentials and session tokens will never be detected at the endpoint. Infostealer ",[],{},{"nodeType":239,"value":3535,"marks":3536,"data":3538},"execution",[3537],{"type":274},{},{"nodeType":239,"value":3540,"marks":3541,"data":3542}," remains an endpoint problem; the browser closes the delivery and replay gaps that endpoint tools miss.",[],{},{"nodeType":346,"data":3544,"content":3545},{},[],{"nodeType":350,"data":3547,"content":3548},{},[3549],{"nodeType":239,"value":3550,"marks":3551,"data":3553},"#10 — Data loss prevention: a key component of effective DLP, but not the full picture",[3552],{"type":302},{},{"nodeType":235,"data":3555,"content":3556},{},[3557],{"nodeType":239,"value":3558,"marks":3559,"data":3561},"Security value: Medium-high | Browser fit: Partial — complementary to dedicated DLP",[3560],{"type":302},{},{"nodeType":235,"data":3563,"content":3564},{},[3565],{"nodeType":239,"value":3566,"marks":3567,"data":3568},"File uploads to unsanctioned services, sensitive data pasted into AI tools, and exfiltration through personal accounts are genuine and growing risks that traditional email and endpoint-centric DLP tools were not designed to catch. Browser-layer controls provide real value here — particularly for BYOD users and contractors, where endpoint DLP agents cannot be deployed and the browser is the only available data loss visibility.",[],{},{"nodeType":235,"data":3570,"content":3571},{},[3572],{"nodeType":239,"value":3573,"marks":3574,"data":3575},"The honest scope: browser-layer DLP does not cover email-based loss, endpoint-to-endpoint transfers, or cloud API exfiltration. It closes specific and important gaps within a broader DLP strategy, not a replacement for one. A further distinction for organizations evaluating browser DLP for secure third-party access: full-stack enterprise browsers can enforce deeper output controls — watermarking, obfuscation, screenshot and print restrictions — at the OS rendering level that browser extensions cannot reliably replicate. Extension-based browser DLP is strongest for upload, input, and access control use cases rather than OS-level output restriction.",[],{},{"nodeType":346,"data":3577,"content":3578},{},[],{"nodeType":350,"data":3580,"content":3581},{},[3582],{"nodeType":239,"value":3583,"marks":3584,"data":3586},"Tier 3 — Lower Value: A problem best addressed outside of the browser",[3585],{"type":302},{},{"nodeType":927,"data":3588,"content":3589},{},[3590,3605,3620,3635],{"nodeType":931,"data":3591,"content":3592},{},[3593],{"nodeType":235,"data":3594,"content":3595},{},[3596,3601],{"nodeType":239,"value":3597,"marks":3598,"data":3600},"Browser exploit protection",[3599],{"type":302},{},{"nodeType":239,"value":3602,"marks":3603,"data":3604}," (narrow RCE/sandbox sense) ranks lower because browser zero-days represent just 9% of all zero-days reported to Google, and 82% of attack detections are now malware-free (CrowdStrike 2026). This is a problem for browser vendors to solve, and it's not a big enough problem to warrant enterprises investing in additional mitigating controls.",[],{},{"nodeType":931,"data":3606,"content":3607},{},[3608],{"nodeType":235,"data":3609,"content":3610},{},[3611,3616],{"nodeType":239,"value":3612,"marks":3613,"data":3615},"Domain and URL category controls",[3614],{"type":302},{},{"nodeType":239,"value":3617,"marks":3618,"data":3619}," offer genuine browser-layer value but are commoditized by SWG and DNS filtering tools most organizations already operate. This can be provided in the browser, sure (and it's something we do at Push) but offers limited security value in terms of making a difference against modern attacks that quickly rotate these kinds of indicators and are designed to blend in.",[],{},{"nodeType":931,"data":3621,"content":3622},{},[3623],{"nodeType":235,"data":3624,"content":3625},{},[3626,3631],{"nodeType":239,"value":3627,"marks":3628,"data":3630},"Access management",[3629],{"type":302},{},{"nodeType":239,"value":3632,"marks":3633,"data":3634}," — ZTNA, VPN replacement, PAM, BYOD access control — is an IT infrastructure and access architecture problem, not a security operations problem, and belongs to a different buyer with a different evaluation frame. There are numerous (typically full-stack) Enterprise Browser solutions on the market that address IT use cases like this well.",[],{},{"nodeType":931,"data":3636,"content":3637},{},[3638],{"nodeType":235,"data":3639,"content":3640},{},[3641,3646],{"nodeType":239,"value":3642,"marks":3643,"data":3645},"Remote browser isolation",[3644],{"type":302},{},{"nodeType":239,"value":3647,"marks":3648,"data":3649}," addresses browser exploit risk rather than the identity-first attacks that represent the majority of current enterprise browser risk, and introduces UX friction that limits deployment at scale. When it triggers, it introduces latency but still fails to detect and stop browser-native attacks.",[],{},{"nodeType":346,"data":3651,"content":3652},{},[],{"nodeType":350,"data":3654,"content":3655},{},[3656],{"nodeType":239,"value":3657,"marks":3658,"data":3660},"How Push Security maps to the highest-value security use cases",[3659],{"type":302},{},{"nodeType":235,"data":3662,"content":3663},{},[3664],{"nodeType":239,"value":3665,"marks":3666,"data":3667},"Push is purpose-built to address all of these problems using a flexible browser extension — plug into any browser with no migration, no host agent deployment, and no IT overhead — that delivers telemetry and control from day one, and extends coverage to every enrolled browser regardless of device ownership.",[],{},{"nodeType":1726,"data":3669,"content":3670},{},[3671,3696,3720,3744,3768,3792,3816,3840,3864,3888,3912,3936],{"nodeType":1730,"data":3672,"content":3673},{},[3674,3685],{"nodeType":1734,"data":3675,"content":3676},{},[3677],{"nodeType":235,"data":3678,"content":3679},{},[3680],{"nodeType":239,"value":3681,"marks":3682,"data":3684},"Security use case",[3683],{"type":302},{},{"nodeType":1734,"data":3686,"content":3687},{},[3688],{"nodeType":235,"data":3689,"content":3690},{},[3691],{"nodeType":239,"value":3692,"marks":3693,"data":3695},"How Push addresses it",[3694],{"type":302},{},{"nodeType":1730,"data":3697,"content":3698},{},[3699,3710],{"nodeType":1734,"data":3700,"content":3701},{},[3702],{"nodeType":235,"data":3703,"content":3704},{},[3705],{"nodeType":239,"value":3706,"marks":3707,"data":3709},"Account takeover prevention",[3708],{"type":302},{},{"nodeType":1734,"data":3711,"content":3712},{},[3713],{"nodeType":235,"data":3714,"content":3715},{},[3716],{"nodeType":239,"value":3717,"marks":3718,"data":3719},"Surfaces and fixes ghost logins, weak and breached credentials and missing MFA controls across every app and device — including shadow SaaS and unmanaged devices invisible to the IdP. Push also detects and stops the attack techniques that typically lead to ATO early in the kill chain and before an account can be compromised.",[],{},{"nodeType":1730,"data":3721,"content":3722},{},[3723,3734],{"nodeType":1734,"data":3724,"content":3725},{},[3726],{"nodeType":235,"data":3727,"content":3728},{},[3729],{"nodeType":239,"value":3730,"marks":3731,"data":3733},"Advanced phishing detection",[3732],{"type":302},{},{"nodeType":1734,"data":3735,"content":3736},{},[3737],{"nodeType":235,"data":3738,"content":3739},{},[3740],{"nodeType":239,"value":3741,"marks":3742,"data":3743},"Behavioral page analysis detects phishing kits regardless of whether the domain is known-bad. Credential entry guardrails block corporate passwords from being submitted to unauthorized domains. TTP-based detection remains effective as attacker infrastructure rotates.",[],{},{"nodeType":1730,"data":3745,"content":3746},{},[3747,3758],{"nodeType":1734,"data":3748,"content":3749},{},[3750],{"nodeType":235,"data":3751,"content":3752},{},[3753],{"nodeType":239,"value":3754,"marks":3755,"data":3757},"Identity posture hardening",[3756],{"type":302},{},{"nodeType":1734,"data":3759,"content":3760},{},[3761],{"nodeType":235,"data":3762,"content":3763},{},[3764],{"nodeType":239,"value":3765,"marks":3766,"data":3767},"Enforces MFA, strong credentials, and SSO adoption across every app the IdP doesn't manage. Produces continuous, auditable MFA coverage and credential hygiene evidence across the full application and device estate.",[],{},{"nodeType":1730,"data":3769,"content":3770},{},[3771,3782],{"nodeType":1734,"data":3772,"content":3773},{},[3774],{"nodeType":235,"data":3775,"content":3776},{},[3777],{"nodeType":239,"value":3778,"marks":3779,"data":3781},"Browser extension security",[3780],{"type":302},{},{"nodeType":1734,"data":3783,"content":3784},{},[3785],{"nodeType":235,"data":3786,"content":3787},{},[3788],{"nodeType":239,"value":3789,"marks":3790,"data":3791},"Live extension inventory with supply chain change event monitoring — ownership transfers, permission escalations, developer contact changes — rather than static risk scoring. Supports default-deny allowlisting and remote extension removal. Blocks known-bad malicious extensions automatically.",[],{},{"nodeType":1730,"data":3793,"content":3794},{},[3795,3806],{"nodeType":1734,"data":3796,"content":3797},{},[3798],{"nodeType":235,"data":3799,"content":3800},{},[3801],{"nodeType":239,"value":3802,"marks":3803,"data":3805},"Shadow SaaS and OAuth governance",[3804],{"type":302},{},{"nodeType":1734,"data":3807,"content":3808},{},[3809],{"nodeType":235,"data":3810,"content":3811},{},[3812],{"nodeType":239,"value":3813,"marks":3814,"data":3815},"Discovers shadow SaaS from actual login events with full authentication context. Monitors and blocks OAuth consent flows — including AI and MCP integrations — in real time before persistent access paths are created.",[],{},{"nodeType":1730,"data":3817,"content":3818},{},[3819,3830],{"nodeType":1734,"data":3820,"content":3821},{},[3822],{"nodeType":235,"data":3823,"content":3824},{},[3825],{"nodeType":239,"value":3826,"marks":3827,"data":3829},"ClickFix and the *Fix family",[3828],{"type":302},{},{"nodeType":1734,"data":3831,"content":3832},{},[3833],{"nodeType":235,"data":3834,"content":3835},{},[3836],{"nodeType":239,"value":3837,"marks":3838,"data":3839},"Detects and blocks ClickFix lures, clipboard injection, and browser-native variants like ConsentFix in real time — before the payload executes or OAuth key material is captured.",[],{},{"nodeType":1730,"data":3841,"content":3842},{},[3843,3854],{"nodeType":1734,"data":3844,"content":3845},{},[3846],{"nodeType":235,"data":3847,"content":3848},{},[3849],{"nodeType":239,"value":3850,"marks":3851,"data":3853},"AI visibility & control",[3852],{"type":302},{},{"nodeType":1734,"data":3855,"content":3856},{},[3857],{"nodeType":235,"data":3858,"content":3859},{},[3860],{"nodeType":239,"value":3861,"marks":3862,"data":3863},"Enforces which AI tools employees can access and routes usage to corporate tenants. Governs AI browser extensions and blocks OAuth consent grants to unapproved AI applications — drawing on the same Tier 1 capabilities (OAuth governance, extension security, shadow SaaS discovery) that make this possible.",[],{},{"nodeType":1730,"data":3865,"content":3866},{},[3867,3878],{"nodeType":1734,"data":3868,"content":3869},{},[3870],{"nodeType":235,"data":3871,"content":3872},{},[3873],{"nodeType":239,"value":3874,"marks":3875,"data":3877},"Security investigations & incident response",[3876],{"type":302},{},{"nodeType":1734,"data":3879,"content":3880},{},[3881],{"nodeType":235,"data":3882,"content":3883},{},[3884],{"nodeType":239,"value":3885,"marks":3886,"data":3887},"High-fidelity session telemetry — page loads, credential entries, DOM changes, OAuth grants — fills the missing middle that endpoint, network, and IdP logs leave open. Feeds directly into SIEM and SOAR for automated response.",[],{},{"nodeType":1730,"data":3889,"content":3890},{},[3891,3902],{"nodeType":1734,"data":3892,"content":3893},{},[3894],{"nodeType":235,"data":3895,"content":3896},{},[3897],{"nodeType":239,"value":3898,"marks":3899,"data":3901},"Infostealer defense",[3900],{"type":302},{},{"nodeType":1734,"data":3903,"content":3904},{},[3905],{"nodeType":235,"data":3906,"content":3907},{},[3908],{"nodeType":239,"value":3909,"marks":3910,"data":3911},"Intercepts ClickFix-based infostealer delivery before execution. Detects token replay in unenrolled browser contexts — catching post-theft abuse from AiTM-sourced tokens and infostealer-harvested cookies, including from unmanaged devices.",[],{},{"nodeType":1730,"data":3913,"content":3914},{},[3915,3926],{"nodeType":1734,"data":3916,"content":3917},{},[3918],{"nodeType":235,"data":3919,"content":3920},{},[3921],{"nodeType":239,"value":3922,"marks":3923,"data":3925},"Data loss prevention",[3924],{"type":302},{},{"nodeType":1734,"data":3927,"content":3928},{},[3929],{"nodeType":235,"data":3930,"content":3931},{},[3932],{"nodeType":239,"value":3933,"marks":3934,"data":3935},"Observes file uploads, downloads, and sensitive data inputs across all applications. Extends data loss visibility to BYOD and contractor devices where endpoint DLP cannot reach.",[],{},{"nodeType":1730,"data":3937,"content":3938},{},[3939,3949],{"nodeType":1734,"data":3940,"content":3941},{},[3942],{"nodeType":235,"data":3943,"content":3944},{},[3945],{"nodeType":239,"value":3612,"marks":3946,"data":3948},[3947],{"type":302},{},{"nodeType":1734,"data":3950,"content":3951},{},[3952],{"nodeType":235,"data":3953,"content":3954},{},[3955],{"nodeType":239,"value":3956,"marks":3957,"data":3958},"Custom URL blocklists with wildcard support and REST API management for threat intelligence feed sync. Application category blocking restricts access to classes of apps (file-sharing, unsanctioned AI tools) configurable by user group. Domain categorization bringing SWG-style category blocking natively to the browser without a network proxy.",[],{},{"nodeType":346,"data":3960,"content":3961},{},[],{"nodeType":235,"data":3963,"content":3964},{},[3965,3969,3975],{"nodeType":239,"value":3966,"marks":3967,"data":3968},"Push Security is the most powerful AI-native security tool in the browser. Think EDR, but for the browser — high-fidelity telemetry and real-time control across every session, on every device, with no browser migration required. ",[],{},{"nodeType":258,"data":3970,"content":3971},{"uri":748},[3972],{"nodeType":239,"value":751,"marks":3973,"data":3974},[],{},{"nodeType":239,"value":29,"marks":3976,"data":3977},[],{},"The top 10 security problems you can solve in the browser — ranked by value","Ranking the security problems you can solve in the browser by security value and browser fit.","2026-05-14T00:00:00.000Z","the-top-10-security-problems-you-can-solve-in-the-browser-ranked-by-value",{"items":3983},[3984,3986],{"sys":3985,"name":1686},{"id":1685},{"sys":3987,"name":1690},{"id":1689},{"items":3989},[3990],{"fullName":3991,"firstName":3992,"jobTitle":3993,"profilePicture":3994},"Alex Henshall","Alex","Product Team",{"url":3995},"https://images.ctfassets.net/y1cdw1ablpvd/2rz3Pre3b1MexPIQ4hzPUe/0ef8a092b7e7df00fbce3f7d1ccb96d1/Alex_Henshall.jpeg","why-your-training-budget-belongs-in-real-time-browser-security","blog/why-your-training-budget-belongs-in-real-time-browser-security",{"json":3999},{"data":4000,"content":4001,"nodeType":231},{},[4002],{"data":4003,"content":4004,"nodeType":235},{},[4005],{"data":4006,"marks":4007,"value":4008,"nodeType":239},{},[],"Organizations spend billions annually on security awareness training, but can't keep up with attack evolution. Browser-based technical controls can make the difference where training falls short.","Organizations spend billions annually on awareness training. Here's why browser-based technical controls can make the difference where training falls short. ",{"id":4011,"publishedAt":4012},"3UADFvNqybXoCYlWtJPohK","2026-06-24T13:14:34.116Z",{"items":4014},[4015,4017],{"sys":4016,"name":1686},{"id":1685},{"sys":4018,"name":4020},{"id":4019},"4ksQNCFeBf8H4QIORqpRLw","Detection & response","tQ4sWipHH8z-WO06MYNKNe4dbq1gBAmCD5x9kr76HPM",1782315043688]