B (14:37)

As you think about the arrival of AI kind of on the mainstream scene several years ago, the natural interface our users have used for many years that they're quite familiar with, you think the most common pervasive interface the users know in an environment, it's a browser. You don't have to train your end users on how to use a browser. They know what it looks like and they see it. They know exactly what to do with it. And along comes AI. And you see just a few years ago, the core natural habitat for AI. It began in the browser interface and the result is a lot of really cool stuff that's happened in, you know, it's past almost three years now at this point, I guess Three years or so. But what's interesting is the core of that universe for the end users continued to be browser centric. So as you start thinking about the browser we've all used, you kind of go back many, many years. The world began to move to web based apps very heavily. Obviously your SaaS universe is entirely a browser based universe. And yet the browser we all used is a consumer grade piece of technology specifically built for a different purpose. And there's nothing wrong with it serving billions of users around the world very, very, very readily and healthy in healthy ways for many years. But yet the needs of the organization differ. And so as you start thinking about the requirements for an enterprise environment, you need to have some basic things, basic blocking and tackling things like data protection elements. You've got orgs that have compliance mandates they have to live up to, they've got applications and resources that are on the inside of the environment. Is you think about the evolution of the browser. You know, at island in particular, we said it would make a lot of sense. What if the browser that we use that familiar interface where we don't have to train an end user and we, we, we transform that into something that's more enterprise ready, more enterprise grade built services natively and to protect data, to keep the user safe, but to make sure users had access to the right applications and resources they need to do their job and use the browser as an actual application delivery environment. Create a purpose built browser, but at the end of the day let the users use it the way they've been using it for years, but actually convert it to the purpose that actually we're needing it for today, which is delivery of apps. And then along comes AI the conversation a minute ago and it just slipstreams perfectly into the user's workflow in the world of island in particular. But obviously you get your consumer browsers, that's a whole different ball of wax. At the end of the day. You've got these consumer browsers that have been there for years now. Users are engaging AI there and then now you get some of these AI providers go, you know what, it's a brilliant idea. Maybe we should just build our own browser for the consumers and give the users access to our AI via our browser. And so now you're seeing browsers with AI capabilities built into them. They call them the agentic browsers. I'm sure we'll talk more about that in a bit. But you know, now you get this wave of additional browsers that come to the table, but all coming from it with a very consumer centric angle and the orgs need more. They didn't abandon their requirements of data protection and all the things I mentioned before, Dave. So the evolution of the browser and the rush toward more and more browser centric stuff is being accelerated by AI. And then obviously a lot of the AI providers are delivering their own agentic browsers now as a result too.

A (17:48)

Well, help me understand here. I mean, is it splitting hairs or is it a fair thing to say that there are browsers that include some enterprise functionality, some enterprise tools, but that's different from a true enterprise browser built from the ground up? Is that a fair thing to say?

B (18:08)

Yeah, I definitely agree with what you said there. I think, you know, many of our existing browsers, they've wedged in the ability to create some basic enterprise settings. Let's call them what they are, they're basic settings. But the idea that we would transform the browser into something where we manage true actual policy and leverage, you know, what we call the last mile, but take advantage of the presentation layer of the engagement and take AI aside for the moment, but be able to do things like redact certain data for certain audiences of users and very basic blocking and tackling elements to let the browser actually have an understanding contextually of what it's engaging, both in terms of the identity of the user, the device, and I say both many other things as well. The application, the tenant and tenancy recognition is very important. We can talk more about that in the universe of AI as well because you know, users have their personal stuff they're using for personal chat, GPT and personal GROK and other stuff like that. And then the organizations are adopting their own enterprise versions of that. So tenancy recognition is super important at the end of the day, but at the end of the day it all goes right back to the core that a browser is at the center of that universe. And what you talked about it before, your existing browsers by and large funded and built for the consumer need with some of them having some, some capabilities of centralized control. And I'd call them a managed browser at best in that case.

A (19:25)

Hmm. You know, I think it was back in December I saw a report from Gartner and one of their takeaways, they said CyberSecurity must block AI browsers for now. So they were being very hesitant about this. Is that where we stand right now?

B (19:43)

Yeah, we couldn't agree more with Gartner when it comes to the consumer grade AI browsers that are in the market at the moment. Never was it more apparent, I don't know if you saw the super bowl ads where one of the specific AI providers was banging on all the other providers about being consumer centric. They were funny ads, they were hilarious and they were literally spot on. But the general focus around the universe of AI has been a very consumer centric approach because they're monetizing at the end of the day. And the ads were making fun of the fact that AI is being built for targeted advertising and monetize. There's. But if you go back to what we need to do if we want to use it in an enterprise environment, we've got to make it enterprise grade, got to make it enterprise ready. And that's where the convergence of what we see with the enterprise browser has so much power. When you take the consumer AI stuff, you could turn and make any AI environment, make it an enterprise great AI environment when you leverage it in the context of an enterprise browser.

A (20:42)

Well, explain to me how that works. How do you combine those two things? The powerful functionality, the potential of AI with a browser that's pre equipped to be able to handle it and make it safe?

B (20:56)

Yeah, there's a number of things. First of all, it's contextual understanding when you're talking about a user's own decision of what they engage. Just like today if you were to load up a tab in your browser and go to a destination, you're making decisions about what you engage, when the users engage something. First of all, at its core, an enterprise browser differs from a consumer browser in that it contextually actually understands the disposition of what someone's engaging. It knows that when you went to that tab and you went to personal chat gbd, it knows that that tenant that you're going to is not the corporate tenant, it's personal. So basic elements of contextual understanding of what's being engaged is a starting point. It's a very, very important starting point for basic blocking and tackling. We call it AI protection at the end of the day. That's for building very simple policies and for simple for us, but very complex for many. Most other, you know, status quo providers, but recognizing tenancy, letting users freely have access to personal stuff. This is a very historically controversial topic, but most providers in cybersecurity in particular, if you talk to them about their AI strategy, the provider strategy is a series of block pages. Let's block the user from getting to this and block them from getting to that and block and we don't believe that's a necessity at the end of the Day if I can contextually understand what the user's going to. And at the core of the mechanics of the browser, recognize that's personal versus this being corporate, and treat them with different policies. Let the user freely use personal stuff without company data spilling beyond the boundary into personal stuff. Then that takes my philosophy to a different place than we've ever taken it before, into what we call it. Say yes, you can say yes to anything, but company data just won't spill over to these personal areas. Now that's a very basic element. Then it begins to get more advanced. Dave started about thinking about, you know, well, I want, certainly I want users to be able to open a tab and go to their favorite AI thing. And if it's a corporate environment, great, we handle it one way. If it's personal, we handle it differently. But I also want mechanics introduced into the process, mechanics that allow me to bring any AI provider of choice and build it into the mechanics of the browser with simple stuff like buttons where the user can just simply launch built into the browser, you know, side panels and other panels that, that launch them right into the sanctioned environment. We want really, really easy access to the sanctioned stuff. But then taking it further and bringing in contextual understanding, contextual understanding beyond what we talked about before, but understanding the role of the user, the specifics of the workflows they engage in, learning the profile of what this user does day to day. And as we learn those things, we can then learn to make recommendations for prompts that make them more effective at their job. And all of a sudden on the screen, prompts start popping up, recommended prompts you could click on that engage the application that you're working on the left and the sanctioned AI on the right, where they're working interchangeably with each other to make the user more productive. And at the end of the day for us, there's a core philosophy. Number one is the say yes philosophy I thought about before. But also we can take any AI provider and make them enterprise ready by building their mechanics into the browser, which already has your data protection policies, your access to personal resources and access to the internal resources with private access and access to your credential management and things like that. But every time AI comes to the table, comes to the table being built into the existing policies, you already have. Not a consumer grade experience. So therefore that enterprise or that consumer AI becomes enterprise ready. And then obviously taking it a step further into the areas where people really, really are interested in going back to the heart of the Gartner conversation, which Was the agentic aspects, letting agents run amok. You know, you give an agent inside of a browser or in an AI environment, I should be clear, give it instructions and then it starts going, doing, goes and does a job. And that job could be open for interpretation by the AI, number one, depending on the instruction it's given, but also could be subject to things that it bumps into that could be interpreted as instructions. Call this prompt injection. You probably heard the term before, but this is the concerns that the Gartner paper brought up. Is the agent running amok and doing things outside the boundaries of your existing policies and existing controls, and specifically controls that understand, oh, that's an agentic workflow that's happening versus an actual end user. Be able to distinguish those two things. It's out of the reach of most of your traditional cybersecurity providers. But at the end of the day, letting agentic workflows work in the confines of a very tightly governed and sanctioned policy so that they don't run amok, they actually do the job they're intended. And then also on the back end, most importantly, measuring the benefit you're getting from it. So as our users get the ability to have automation resources, how often are they using them? What are the ones that are providing the org the most value? How much time is it saving in the process as well? All very, very important elements of an agentic browser universe that's built for the enterprise. Converse to the consumer experience that we were talking about and that Gartner cautions very heavily against.

A (25:34)

I'd love to dig into this notion of managing the agentic AI. I mean, I think for me it is both. It's simultaneously exciting and terrifying, right, to be able to turn over this kind of control, this level of control to a browser or to the. To the agent itself. Because on the one hand, it's sort of the thing we've all dreamt of computers doing for us from the very beginning. But on the other hand, we. I think we can all envision it spinning out of control very quickly at computer speed. So how do you balance that? How do you not get in the way of what everybody wants to do? The promise of this, but also keeping it secure.

B (26:19)

The best employees in your future will not be the ones that are absent in the organization who've all been removed by AI. Some things in orgs will be affected by AI, no doubt about it. And jobs will evolve. But your best employee in the org is going to be one that is empowered that their superpower is to how to Use AI most effectively in their job and those people will be able to run circles around someone who doesn't use AI. Honestly, it's one of my gripes about the educational system right now. It's punitive in a lot of ways for kids using AI in the environment. And you know, I got to be honest, when you're making a hire in the modern workspace, you care about somebody that knows how to use AI and maybe a little bit less about somebody who knows where the comma goes in a sentence. And I know it's probably controversial, different topic, but. But at the end of the day, that's the kind of people that the workforce will be looking to employ in the future. And my view of it is there can be the best of both worlds. The AI can be, for lack of a better phrase, a jiminy cricket sitting over the shoulder of the employee, helping guide them, helping steer them, helping them speed tasks up at the end of the day. But again, all of that should be bound. The employee today is bound by policies. You want the employee to be governed and shepherded to the right resources at the end of the day, when the employees engage you in much the same way, you want the agentic workflows to be guarded and let human intervention be able to take control anytime and when decisions have to be made prompt for human intervention, human being, you gotta look at this. Review this email before it gets sent. Review this transaction before it happens in this treasury services environment, et cetera. So an enterprise AI environment doesn't just let AI run amok. It forces guardrails around AI and lets humans intervene where they need to. Again, think about healthcare. Probably don't want AI just writing prescriptions willy nilly. Probably want AI doing the right research, recommending prescriptions, maybe doing the work to get it ready. But a human comes over the top to look at the possible prescription and goes, all right, cool, I'm in agreement with that at the end of the day. So the human eyes always come in in the process, but you just save the human from having to do all this extra manual labor in the process. And then the most important part is where their skills are very necessary. And by the way, they get better at their job because AI is also making sure the human doesn't make mistakes in the same way either. So both can work hand in hand very effectively.

A (28:31)

That's Braden Rogers from Island. We'll have a link to Gartner's CyberSecurity must block AI browsers for now report that'll be in our show Notes. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. When cyber threats strike, minutes matter Booz Allen brings the same battle tested expertise trusted to protect technical security to defend today's leading global organizations. They safeguard their data, strengthen enterprise resilience and mobilize in minutes across energy, healthcare, financial services and manufacturing. Their teams don't just respond, they anticipate, outthink and stay ahead of evolving threats. This is powerful protection for commercial leaders only from Booz Allen See how your organization can prepare today@booz allen.com Commercial. And finally, in a courtroom in the uk, an insolvency case took an unexpected turn when a witness appeared to receive live coaching through smart glasses, then blame the disruption on ChatGPT. Judge Agnello KC said the witness paused repeatedly during questioning, prompting suspicion from opposing counsel and even the court interpreter who reported hearing voices. The situation became harder to ignore when a connected mobile phone began broadcasting a live voice mid hearing call logs showed repeated contacts from a mysterious named source Abracadabra, which the witness said was a taxi driver. He denied any coaching and later suggested the audio may have come from ChatGPT. The case highlights a growing challenge for courts distinguishing credible testimony from tech assisted improvisation, especially as consumer devices blur the line between memory and messaging. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes, our executive producer is Jennifer Ibin. Peter Kilpea is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. If you only attend one cybersecurity conference this year, make it RSAC 2020 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.