AI agents and agentic browsers are starting to act as full participants in the digital economy - discovering products, comparing prices, even initiating transactions on their own.
If this becomes the norm, our threat models are about to shift fast.
Google’s SAIF framework calls for extending detection and response to AI systems, automating defenses at machine speed, and harmonizing controls across platforms.
But here’s the tension: most organizations today can’t even see when an AI agent is the one interacting with their site, applications or API.
That raises some big questions for this community:
-
How should we distinguish legitimate agentic browsing from automated abuse?
-
What happens when agentic browsers start exploiting business logic or scraping at scale, intentionally or not?
-
How do we build consistent policies across web, employee desktops, mobile, and APIs when AI agents don’t stay in one channel?
-
Who owns governance of AI agents inside an org, security or product?
SAIF gives us the principles. The operational playbooks are still emerging.
Are agentic browsers the future of user interaction - or the next major blind spot in cloud security?
Curious to hear how others are preparing (or not preparing) for this shift.