For years we treated the browser as just another application. That era is over. As Vivek Ramachandran points out, the browser has quietly become the new endpoint—and attackers have noticed. Users now live in the browser for work, banking, crypto, entertainment and everything in between. If that’s where the users are, that’s where the attacks are going to land.

Ramachandran walks through how we got here: A decade ago, secure web gateways and early SASE designs could reliably scrub traffic in the cloud before it ever hit the endpoint. Files moved over the wire, were inspected, and got blocked if they looked malicious. That model breaks down when modern browsers behave like full-blown application platforms, capable of running WebAssembly, rich JavaScript and complex client-side logic.

That’s where “last-mile reassembly” attacks come in. Instead of sending a malicious payload that a SASE stack can inspect in transit, attackers now send the instructions and let the browser assemble the payload locally. It’s the difference between smuggling a painting through the airport and smuggling in the painter and canvas. The network stack never sees a file to scan; the malicious artifact is created entirely inside the browser.

Layer AI browsers on top of that and the problem gets worse before it gets better. In typical Silicon Valley fashion, AI-first browsers are racing to market ahead of mature security controls. Early research is already surfacing vulnerabilities and odd failure modes that feel a lot like the first generation of chatbots—only now they sit in the middle of how users access the web.

Ramachandran’s core argument is simple: If everything is moving into the browser, security has to move with it. That means treating the browser as a first-class security control point, not an afterthought hanging off the side of a SASE architecture that no longer sees what really matters—the last mile where attacks are now being built and launched.