Menlo Security today launched a platform to secure artificial intelligence (AI) agents running in a browser that accesses a cloud-based environment where they can securely access applications.

The company already provides a similar platform through which end users are able to securely access applications without requiring IT teams to deploy and maintain a virtual private network (VPN). The Browser Security Platform leverages that core platform to provide a dedicated cloud computing environment through which AI agents securely access applications and services via a browser.

That capability is enabled using a capability Menlo Security developed that converts a user interface developed for a legacy application into machine-readable data that an AI agent can invoke to perform a task. Additionally, that capability enforces a level of separation between instructions and data using tools to visually analyze prompts in a way that ensures an AI agent doesn’t mistake malicious data for a legitimate command.

In addition to enforcing least privilege access control via the Menlo Secure Application Access (SAA) framework, the platform also collects telemetry and other forensic data from the document object model (DOM) and file component level of the browser to enable security teams to monitor session flows in real time.

Menlo Security CISO Lionel Litty said that approach enables organizations to more securely deploy AI agents in a way that more granularly enforces security and governance policies. That’s critical because AI agents will access any and all data made available, with some autonomous AI agents having a unique set of permissions that will need to be closely monitored, he added.

Cybersecurity teams will also need to constantly monitor AI agent activity in real time as new data is created and additional agents are deployed, noted Litty. The blast radius of any potential incident involving AI agents is going to be much wider given the speed at which AI agents can relentlessly access and process data, said Litty. The timeline during which a cybersecurity incident unfolds has now, in effect, been greatly compressed, he added.

In fact, the guardrails that cybersecurity teams should put in place need to be a lot more hardened compared to what have historically been applied to end users because AI agents are now a rich target that adversaries will undoubtedly attack, noted Litty.

It’s not clear at what pace cybersecurity teams are moving to secure AI agents. In many cases, AI agents are being deployed at rates that far exceed the ability of cybersecurity teams to track and secure. Eventually, however, it’s only a matter of time before business leaders ask cybersecurity teams to make sure any AI agents that have been deployed are actually secure. The only issue that remains to be seen is how many AI agents might have been deployed before cybersecurity teams are able to secure them.

In the meantime, cybersecurity teams should prepare now for a security incident involving an AI agent that at this point is all but inevitable. The challenge now is not just preventing or, at the very least limiting the impact of that breach, but also determining how best to recover from it.