The Next Billion Users Will Not Be Human: Menlo Security Launches Industry’s First Browser Security Platform
Details
.svg)
As enterprises consider scaling autonomous agent deployments and enabling the integrated browser agents within common browsers like Chrome and Edge, as well as AI-specific browsers like ChatGPT Atlas or Perplexity Comet, they face three core challenges. Security teams:
AI agents lack human skepticism and interpret web code literally. Malicious actors hide "invisible" prompt injections or poisoned data within a website’s HTML to hijack an agent’s logic, turning a trusted tool into a conduit for account takeovers, malware distribution, data exfiltration, and credential theft.
Most enterprise data resides in web applications that lack adequate APIs. To make this data available to AI agents, organizations are faced with expensive and prolonged application modernization.
Without a secure, universal way to connect AI agents to SaaS-based and intranet applications like ERP, CRM, and internal portals, the enterprise is prevented from leveraging its most valuable historical data at scale.
Menlo AI Agent Security is the foundational infrastructure for the agentic enterprise. The majority of AI agents leverage the browser as their portal to the world, and the cloud is where they operate. Menlo centralizes AI browser tool execution in a managed runtime within the Menlo Cloud, instantiating and securing browser sessions at global cloud scale. It ensures that your AI workforce is protected from external risks and safe from data loss and exfiltration, protecting both autonomous agents, and agents in the browser. Simultaneously, Menlo helps you minimize the cost, risk and impact of enabling access to web applications and deliver continuous delivery of value by unlocking data within API-deficient applications, allowing agents the data they need to fulfill your business goals.
Menlo Agent Runtime Security (MARS) acts as a protective cloud runtime that executes all agent browser sessions in remote, disposable containers. It strips malicious scripts, hidden instructions, and steganography from the pages and files requested by the agent before the agent processes them, neutralizing threats at machine speed and empowering the enterprise to scale their agentic strategy safely.
MARS helps agents access valuable data trapped behind web UIs and places controls on agent application and data access. It navigates web UIs for the agent to retrieve the data, and exerts policy controls over the retrieval, masking sensitive data from agents without appropriate permissions and providing explicit instruction/data separation. MARS allows teams to accelerate AI time-to-value across the enterprise.
MARS allows the enterprise to adopt autonomous agents without inheriting the inherent risks of the open web. Menlo provides a proactive defense against attacks such as Indirect Prompt Injection by shifting all agent-to-web interactions into a remote cloud environment. By sanitizing the DOM before a single line of code is processed and using Menlo File Security to strip malicious payloads, Menlo ensures that "untrusted" web content never reaches the agent’s logic. This allows teams to scale AI automation with absolute data sovereignty and zero increase in the corporate attack surface.
Menlo Agent Runtime Security provides a connection from any agentic system to secured agentic browser sessions, via proxy or MCP integration. Menlo then applies security controls to the agentic browser sessions, which are run in disposable containers within the Menlo Cloud, providing air-gapped security, filtering, auditing and containment.
Menlo’s global elastic cloud infrastructure, architected at inception to spin up, manage, and secure millions of transient browser sessions simultaneously, is the foundation of AI Agent Security. Agents often run dozens to hundreds of parallel sessions, with planner agents potentially spawning worker agent swarms that may each need to browse hundreds of websites to solve a problem. Whatever the scope of your agent deployment, our distributed architecture ensures your AI workforce can scale infinitely across the globe without performance degradation or security bottlenecks.
Menlo connects agents with data that lies behind the API-deficient interfaces of many corporate applications. This allows your agents to securely interact with internal systems of record, such as on-premises ERP and CRM portals, as well as external data sources like premium news archives. Menlo eliminates the need for multi-year, multi-million dollar app modernization projects, accelerating your AI time-to-value from months to days.
Menlo instantiates sessions to the web interface of the app on agent request, after establishing agent permissions for app access. Utilizing visual rendering, Menlo facilitates application navigation and access to the data by the agent. To ensure any data consumed by the agent is policy-compliant, data is sanitized by Menlo before it is delivered to the agent. Tamper-proof audit logs capture all the actions performed by the agent.
Analyzes GenAI use and risks: Shadow AI, data loss, compliance, phishing, and malware.
Discover why organizations around the world rely on Menlo Security to protect the enterprise and enable secure access to applications, preventing attacks that legacy security tools cannot stop.
"Menlo was easy to roll out and integrates well with our security and technology stack in the cloud.”
“To employees, Menlo is completely transparent, allowing users to navigate a completely functional web resource.”
“…allows Synapxe to protect its assets from malicious threats without impacting the native user experience.“
“I wanted a layered approach that would protect users from web-based threats without slowing down their ability to get work done.”
“The platform has decreased our remediation needs, while reducing patch pressure.”
“Menlo Security helped us eliminate the possibility of a malware infection, rather than just detecting and removing an infection.”
“Before, we had to manually examine every single potential malware problem. Now, my job is much easier…with the Menlo Secure Cloud Browser.”
“Menlo takes care of all the unknown risks running rampant around the internet.”
“Zero-client,easy scaling, and cloud provisioned versus appliance.”
“Menlo Secure Cloud Browser provided the scalability to ensure that users world wide have the same transparent experience and unyielding protection.”
“[Menlo has] eliminated the need to manually apply and update policies across an increasingly distributed IT infrastructure.”
“Menlo provides protection from email-based malware embedded in links and attachments without impacting the user’s native email experience.”
From neutralizing "invisible" web threats before they reach your AI agents, to boosting user productivity through securing their interactions with browser assistants, to unlocking data in decades-old systems of record for agents to consume, Menlo AI Agent Security is designed to help you drive your AI deployment strategy.
Agents cannot distinguish between valid data and "invisible" commands or malware hidden in HTML and files. MARS executes all agent sessions in the Menlo Cloud, a remote cloud container, stripping hidden prompts and malicious scripts from the DOM before processing. Integrated file sanitization neutralizes threats in documents like PDFs and spreadsheets. With Menlo, agents securely ingest clean data from the open web without the risk of agent goal hijacking or malware infection. As a result, organizations can aggressively scale their AI workflows with the confidence that their logic cannot be compromised and their access cannot be weaponized.
"Data-hungry" agents often operate with over-privileged access, creating risks of lateral movement, data scraping outside of assigned tasks, and upstream server contamination if an agent is compromised. Menlo enforces Least-Privileged Access, strictly scoping an agent’s reach to the specific task assigned. It air-gaps agents from application servers to prevent contamination, applies bi-directional DLP to block sensitive data consumption, and stops the transmission of malicious content within files. This ensures agents perform only their designated functions while preventing compromised agents from hopping into sensitive internal systems.
For developers, the goal is to make sure that agents can execute their tasks effectively by having access to all the enterprise's data. But 80% of enterprise systems lack modern APIs, forcing teams into months-long development projects or fragile scrapers. Menlo navigates web UIs using intelligent visual rendering that is resilient to UI changes, ensuring autonomous workflows don't break during application updates. Implementing Menlo AI Agent Security leads to faster deployment, moving AI projects to production in days by eliminating backend refactoring.
Integrated browser assistants like Microsoft Copilot and Google Gemini act as privileged, unmanaged agents with direct access to browser tabs, creating a silent exfiltration vector for proprietary code and sensitive PII. Menlo applies AI-powered data redaction to mask sensitive info in real-time and bi-directional file security to neutralize malicious content in downloads. By blocking "invisible" prompt injections and enforcing local governance, Menlo ensures that organizations can drive efficiency through AI assistants without compromising data sovereignty or risking upstream contamination.
AI agents by design are single-minded in pursuit of their task. If scraping PII, harvesting credentials, or extracting trade secrets from internal wikis are considered by the agent to be instrumental, they will blindly do so, creating a significant risk of data exfiltration. Menlo AI Adaptive DLP interposes between the agent and its data sources, masking any sensitive data, including corporate IP, before the agent accesses it. Agents have full use of the remaining data on the page or in the file, keeping them productive and on task.
Answers to the burning questions in your mind.
Legacy security tools are primarily designed for human-speed interactions and are "blind" to the headless environments where AI agents operate. They cannot inspect the machine-to-machine logic of an agent or see the privileged, unmanaged activities of integrated sidebars like Copilot or Gemini
Menlo has already built a global elastic cloud infrastructure designed to spin up browser sessions. This means Menlo can globally support millions of transient agentic sessions, lasting anywhere from seconds to hours, without any performance degradation. This high-performance infrastructure is built to absorb 100% of malicious code while delivering clean, sanitized data to your AI at machine speed.
Indirect prompt injection occurs when attackers hide malicious commands within a webpage’s HTML or data that are invisible to human users but interpreted as high-priority instructions by the AI. This can "trick" an agent into exfiltrating session cookies or sensitive data from open tabs without the user ever knowing.
Take a self-guided tour to observe some of the ways that Menlo products enable secure app access, block sophisticated attacks, and provide critical insight into browsing sessions.
See exactly how Menlo can be tailored to solve your unique security challenges. We offer a live demo customized to your teamʼs goals, showing you how to secure your stack and protect your users. A truly secure browsing experience is one click away.
