Your security stack has a long list of jobs to do. It has to defend the network perimeter, protect endpoints, manage identity and access, secure email, enforce data policies, and meet a growing set of compliance requirements. Stopping browser-based attacks is one of those jobs and it's the one most stacks are least equipped to handle, because the tools doing the other jobs were never designed to see inside a live browser session.
That blind spot matters more every year. The browser has become the primary operating system of the modern enterprise: email, financial systems, credential management, SaaS applications, AI tools and more all run there. The threats that target the browser are specific and growing — zero-day exploits delivered through a single click, phishing pages that impersonate trusted brands, malware assembled in browser memory, session token theft that steps past multi-factor authentication, and unmonitored AI agents acting inside sessions on their own. According to Omdia research cited by VentureBeat, 64% of encrypted traffic goes uninspected; the majority of browser activity is invisible to the tools organizations rely on most. (Omdia, 2026)
While organizations historically relied on Secure Web Gateways (SWGs) and Endpoint Detection and Response (EDR) agents to block threats, attackers have adapted to bypass these perimeters entirely. Threat actors no longer focus on breaking through network firewalls — they target the browser session directly because it's an immediate, largely unmonitored point of initial access into the corporate network.
These defenses fail at the session layer because they're built on reputation and signature matching. When a user clicks a malicious link or interacts with a web-borne vector, the actual execution happens in local endpoint browser memory, bypassing standard network scanning infrastructure. To close this gap, enterprise protection must move from post-incident detection to continuous visibility at the session layer.
Network and endpoint tools reach their limits at the browser session itself — the layer where modern web threats actually execute. These tools do their jobs well, but each was designed for a boundary that sits outside the live session, which leaves a consistent set of gaps that attackers have learned to exploit.
Many security leaders operate with confidence that their existing investments in network security, endpoint visibility, and multi-factor authentication (MFA) provide complete protection against web threats. In practice, sophisticated threat actors exploit structural boundaries within each of these technologies:
To determine whether your existing architecture can defend against session-layer web threats, work through these five questions across your infrastructure. Each one targets a specific gap that network and endpoint tools tend to leave open, and each maps to a real attacker technique in active use today.
Can your security architecture block a zero-day web exploit before an official vendor patch is deployed to your endpoint fleet? If your defenses rely strictly on patching timelines, your organization remains exposed to a structural vulnerability window. Google's GTIG 2025 Zero-Day Review found that the window between vulnerability disclosure and active exploitation has collapsed from weeks to days. (Google Threat Intelligence Group, 2025 Zero-Day Review)
The deeper problem is that patching is a reactive control: it can only protect you once a vulnerability is known and a fix is shipped, tested, and deployed across every device. Attackers exploit the gap before that cycle finishes. Architectures that isolate web execution away from the endpoint sidestep this problem entirely, because an unpatched browser is no longer the thing standing between an exploit and your network.
Can your security tools identify and isolate a web page impersonating a legitimate corporate brand based purely on real-time behavioral interaction — rather than static domain reputation lookups? Signature and reputation controls fail here because targeted phishing sites use clean source domains that pass standard reputation checks.
A page that was registered hours ago, or one hosted on a compromised but reputable domain, carries no negative signal for a reputation engine to catch. Evaluating intent means analyzing what a page actually does — how it's structured, what it's asking the user to do, and whether it's mimicking a known login flow — at the moment of interaction, not days later when the domain finally lands on a blocklist.
Does your infrastructure inspect active code and scripts assembled dynamically within the browser runtime — not just downloaded file packages? Advanced vectors build payloads directly inside browser memory, hiding malicious logic away from endpoint file-system monitors.
This is a deliberate evasion strategy. Because endpoint tools are oriented around files written to disk, an attack that lives entirely in memory and never produces a file gives them nothing to scan. Defending against this requires visibility into execution as it happens inside the session, rather than analysis of artifacts after they've landed on the machine.
Can your controls identify and block a fraudulent credential entry form on an unclassified or newly registered domain before a user inputs corporate credentials? Many filters are blind to direct user input actions, allowing workers to hand over access tokens on highly convincing phishing portals.
Credential theft is rarely the end of the attack — it's the entry point. Once an attacker captures a valid set of credentials or a live session token, they can move laterally, escalate privileges, and access systems as a trusted user. Stopping the credential from being submitted in the first place is far more effective than detecting the misuse after the fact.
Are your visibility platforms capable of monitoring, governing, and securing autonomous AI agent interactions executing workflows inside browser sessions — without a human in the loop? As enterprise processes integrate automated tools into native browser environments, standard security controls lose the context needed to govern automated data movements.
This is the newest gap, and the fastest growing. AI agents operate at machine speed and act inside the same browser sessions your employees use, but the controls built to govern human behavior — prompts, warnings, click-through policies — don't apply to a non-human actor. According to Gartner, by 2028, 25% of organizations will deploy at least one Secure Enterprise Browser technology to address specific session-layer gaps like this one. (Gartner, 2025)
The table below maps the three layers of enterprise security to their monitoring focus and where each falls short at the session layer:
A Browser Security Platform closes architectural gaps by moving the entire web execution layer into a secure cloud isolation environment, neutralizing threats before they reach the local endpoint. This eliminates the traditional trade-off between user experience and security efficacy by keeping local machines insulated from active web code. Learn more by scheduling a demo with Menlo Security.
Intent-based detection analyzes the real-time visual and structural behavior of a web page at the exact point of click, whereas reputation filtering relies on lagging historical databases that miss newly deployed or compromised clean domains. Phishing domains increasingly use long-standing trusted infrastructure precisely to bypass reputation-based controls.
Primary indicators include access requests originating from unauthorized browser session parameters, or session cookies being used across distinct network addresses without a matching re-authentication log. Because these events happen entirely within the browser session, they are invisible to network and endpoint tools. Menlo's browsing visibility capabilities surface this activity in real time.
Modern web threats evade EDR by executing JavaScript logic entirely within browser workspace memory, avoiding file-system downloads and leaving endpoint anti-malware scanners with no binary file to evaluate. Evasive threats live and die in the session — never touching the disk that EDR tools are designed to monitor.
Agentic AI governance refers to the ability to monitor, control, and enforce policies over autonomous AI agents that operate inside browser sessions without human oversight. As enterprises deploy AI agents that interact with applications at machine speed, standard security controls lose the context needed to govern those automated data movements. The Menlo Agent Runtime Security (MARS) engine is specifically engineered to govern agentic workflows at the browser layer.
---------------------------------------------------------
About the Author
Sameep Gidda is a Digital Marketing Campaigns Specialist at Menlo Security. Focused on GEO strategy, content marketing, and AI visibility, Sameep works to ensure Menlo's expertise in browser security and agentic AI reaches the security professionals who need it most.
Request a custom evaluation of your session layer vulnerability profile by scheduling a demo with Menlo Security.
Menlo Security
