The Year Of The Enterprise Browser

Posted by Will Townsend, Contributor | 8 hours ago | /ai, /cloud, /innovation, AI, Cloud, enterprise&cloud, Innovation, standard | Views: 8


Black Hat USA 2025 returned to the Mandalay Bay Convention Center in Las Vegas, marking its 27th year in North America. With more than 22,000 participants, the event unwound over six days with an agenda that focused on deep dives into cybersecurity, underlying research efforts, practitioner training, vendor summits, technical demonstrations and social events.

The rise of new types of attacks in the threat landscape is not slowing down, but accelerating at a monumental pace, fueled by the same modern AI tools that defenders are using. Bad actors are increasingly leaning into generative AI to dramatically improve the sophistication of phishing campaigns and create new forms of malware. They are also leveraging emerging agentic frameworks to significantly scale the volume of attacks. This weaponization of AI is creating new challenges for defenders, and runtime defense is emerging as a critical consideration.

Consequently, enterprise browsers are quickly surfacing as a material defense mechanism with the surging adoption of modern AI. Historically, hardened internet browsing extensions served as a layered security provision. Today, ChatGPT, Gemini, Grok and other popular generative AI tools and copilots use browsers as the user interface to access powerful large language models on the backend. The growing importance of highly secure browsers was punctuated by Perplexity AI’s recent unsolicited bid to acquire Google’s Chrome browser for nearly $35 billion. While I dismiss that bid as a marketing stunt, it still clearly demonstrates the importance of securing the use of these tools. It’s worth diving deeper into enterprise browsers, along with some of the other noteworthy news from Black Hat USA 2025.

The Year Of The Enterprise Browser

I have always been fascinated by the mythical zodiac animals used to signify China’s Lunar New Year celebrations. If Black Hat USA 2025 had to choose its symbol, it would be the enterprise browser. Besides becoming the de facto user interface for modern AI tool use, the enterprise browser continues to provide access to SaaS applications, cloud services and a vast number of business and consumer online transactions. Most importantly, browsers govern how sensitive data is accessed and transmitted. Unfortunately, they also serve as an attack vector through Domain Name System compromises and other potential exploits. From my perspective, four enterprise browser solution providers stand out among others in a quickly growing category: Google, Island, Mammoth Cyber and Palo Alto Networks.

Google offers two versions of its Chrome Enterprise browser, Core and Premium. Designed to be its freemium offering, Core provides basic policy management, application access and the ability to set controls across devices and operating systems — all at no additional licensing cost over Google’s standard browser. However, for organizations that require more advanced security, Google offers its Premium version for $6 per user per month. Premium provides all the Core functionality, also adding malware scanning, data loss prevention, context-aware access for SaaS applications, URL filtering and an evidence locker for forensic analysis. In the bigger picture, I would say that Premium delivers the necessary security controls, but it lacks the sophistication of offerings from the other vendors below.

Island.io promises to deliver desktop virtualization-like functionality at a fraction of the cost of more expensive and infrastructure-heavy VDI deployments. Leveraging a Chromium experience, it positions its enterprise browser as a tool that can facilitate privileged user access and enable safer generative AI usage, anchored by a zero-trust architecture. The company is checking all the right boxes, and networking and security giant Cisco’s continued investment in Island — which dates back three years now — points to its potential. The company does not publish its licensing cost, choosing to offer bespoke pricing based on an organization’s needs and number of users. I like that approach, and it gives Island the capability to compete with some of the larger infrastructure providers.

Mammoth Cyber used Black Hat USA 2025 to announce what it positions as a grounds-up-designed AI enterprise browser, delivering recently refined controls that directly integrate into enterprise security policy engines. Instead of trying to wrap security around a consumer-grade browser through hardened extensions, Mammoth makes the browser itself the enforcement point. It also ingests real-time context, including business transactions, open support tickets and interactions with employees, to enable it to make informed security posture corrections that training data lacks in isolation. It is a powerful architectural design that also addresses VDI replacement, zero trust authentication to applications, data loss protection, unsanctioned AI application blocking and the mitigation of prompt injection. Integrations with existing single sign on solutions — including Google, Microsoft Entra, Okta and Ping, as well as existing firewalls and endpoint agents — point to Mammoth Cyber’s deployment flexibility. From my perspective, all these capabilities make it a standout as a relatively unknown entrant in the enterprise browser category, despite the company’s existence for the past six years. Like Island, Mammoth offers a customized quoting process for licensing.

Palo Alto Networks positions its Prisma Access Browser as the industry’s only SASE-native secure browser, delivering the zero trust and last-mile data protection benefits of a SASE platform without actually needing one. Under the hood, its enterprise browser is powered by the company’s Precision AI engine, which uses network, cloud and endpoint data to block attacks and reduce false positive alerting. It is worth highlighting that the development of Palo Alto Networks’ offering is a result of engineering refinements to the technology it brought onboard with its acquisition of Talon Cyber Security two years ago. I do not find fault with that path, given that Palo Alto Networks has used both organic roadmap development and selective acquisitions to support a formidable platform approach to reducing tool sprawl and improving security operational efficiencies. Existing Palo Alto Networks Prisma Access customers with an Enterprise Mobile user license do not incur any additional fees to deploy the browser.

Big Infrastructure Provider Announcements At Black Hat 2025

Black Hat USA 2025 also served as an opportunity for several big cybersecurity infrastructure providers to unveil portfolio enhancements. In my view, some of the most interesting announcements came from Cisco, Hewlett Packard Enterprise, Infoblox and Palo Alto Networks.

Cisco unveiled two new AI security capabilities at the event. The first one is an enhancement to the company’s Foundation-sec-8B-Instruct LLM based on Meta AI Llama; this is an eight-billion-parameter model trained exclusively on security data. Launched in April of this year, it has been well received by practitioners, but the interface was somewhat clunky. Now, Cisco has introduced a chat-native copilot that understands security context and eases usability. I also like the ability for security analysts and application security teams to improve alert classification, map to MITRE tactics, reconstruct forensic timelines and quickly draft investigation reports.

The second announcement is an expanded collaboration between Cisco and Hugging Face to advance AI supply chain security. From my perspective, it is a powerful combination. Cisco’s Foundation AI will provide a unified malware scanning capability, ensuring that the nearly two million models available to developers on Hugging Face are trusted and safe.

Hewlett Packard Enterprise is quickly demonstrating the potential to strengthen its overall cybersecurity efforts through its recent acquisition of Juniper Networks. At the event, it unveiled a new Aruba Networking SASE AI Copilot, which builds upon its other orchestration and task agents launched at HPE Discover U.S. this past June, as well as enhanced data protection, disaster recovery and third-party infrastructure integrations. I like the universal zero trust network access control capabilities that are materializing with the cross-pollination of Juniper’s cybersecurity intellectual property. Integrations with Cisco, Arista Networks and others also have great potential to help manage the security of multivendor infrastructure environments.

Infoblox recognizes that bad actors are using generative and agentic AI tools in growing numbers to launch highly sophisticated, rapidly evolving cyberattacks. Consequently, using traditional detect-and-respond reactive security tools is no longer an adequate defensive strategy. At the event, the company announced what it deems to be a preemptive, AI-powered DNS approach to security that can neutralize threats before they strike. As I discussed in a recent research paper, these innovations include Infoblox Threat Intelligence, deeper DNS observability, seamless cloud service provider integrations (including Google Cloud’s recent DNS Armor powered by Infoblox) and other enhancements. I like what Infoblox is doing, and it highlights the power of a DNS-centered approach to thwarting attacks and taking a more proactive stance to cyber defense.

Palo Alto Networks, on the heels of the news that it intends to acquire CyberArk, used the event to announce its new Cortex Cloud Application Security Posture Management solution. I like the potential that this provides security practitioners in blocking threats before they land in production environments. I also believe that the company’s ecosystem approach, which includes IBM HashiCorp and others, has great potential to consolidate data from third-party code scanners, improve operational visibility and provide greater developer flexibility.

AI’s Role In An End-To-End Cyber Defense Framework

Generative and agentic AI tools are quickly becoming the connective tissue of enterprise operational infrastructure, strengthening the integration of security and networking tool stacks. The benefits are numerous, including enhanced data protection, faster mean time to resolution of infiltration and network faults, deeper insights and higher degrees of overall automation. Furthermore, the shift toward browser-based work is irreversible, given the widespread adoption of SaaS, cloud services and now modern AI tools. Enterprise browsers will serve a critical function to help secure user interfaces, and the category will surely continue to mature with new entrants and consolidation through acquisitions.

From my perspective, as adversaries automate, defenders must integrate. Security must be embedded where work happens — spanning the browser, endpoint, cloud and within the runtime of AI agents. Black Hat USA 2025 went far to highlight these needs, and in the process educate enterprises about the value of an end-to-end defensive framework.

Moor Insights & Strategy provides or has provided paid services to technology companies, like all tech industry research and analyst firms. These services include research, analysis, advising, consulting, benchmarking, acquisition matchmaking and video and speaking sponsorships. Of the companies mentioned in this article, Moor Insights & Strategy currently has (or has had) a paid business relationship with Cisco, CyberArk, HPE, IBM, Infoblox, Meta, Microsoft, Okta and Palo Alto Networks.



Forbes

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *