What's Up with Tech?

Why The Browser Became The Modern Office And How To Secure It

Evan Kirstel

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 18:04

Interested in being a guest? Email us at admin@evankirstel.com

Your browser is no longer a passive window to the internet. It’s becoming a worker with autonomy and that single shift changes everything about cybersecurity, identity, and data protection.

We sit down with Anupam Upadhyaya SVP, Products, SASE and Network Security, Palo Alto Networks to unpack what “agentic browsing” really means: the jump from an AI copilot that helps you to an agent that works for you by clicking, filling forms, and moving across tabs with your permissions. When the browser becomes the office for SaaS, cloud apps, and AI tools, it also becomes the most important place to enforce modern security controls. We dig into how the definition of “user” expands to include agents and even sub-agents with delegated access, and why that creates both huge productivity gains and real operational risk.

We also map the threat landscape: AI models that can surface hidden vulnerabilities, chain simple issues into complex exploits, and compress attacker speed to near instant. Then we bring it down to earth for SMB cybersecurity, where most teams don’t have a CISO or a SOC. You’ll hear practical steps to reduce blast radius, when to keep a human in the loop, and why incognito or logged-out research can reduce accidental AI memory of sensitive info. We close with what to look for in a secure enterprise browser, including last mile data controls and protections that understand user-to-agent interactions, plus how Prisma Browser for Business aims to deliver enterprise-grade browser security with simpler deployment for small and mid-sized businesses.

Subscribe for more conversations on AI security and modern work, share this with a founder or IT lead, and leave a review if it helps. What’s the first rule you’d set for employees using AI agents in the browser?

Support the show

More at https://linktr.ee/EvanKirstel

Welcome And Guest Setup

SPEAKER_01

Hey everybody, really excited for this chat today with the Cybersecurity and Innovation Powerhouse that is Palo Alto Network. Hadupam, how are you? I'm great, Evan. Great to see you. Uh so much going on at Palo Alto these days. Before that, how do you describe uh your mission and what what the team is focused on at Palo Alto Networks?

SPEAKER_00

First of all, thanks for having me, Evan. Um I've been at Palo for almost six years now. And I uh head SASI and Prisma browser from a product standpoint. And our mission at Palo Alto is to really secure the new Agentic enterprise. That's what we focus on, which means you secure the user, you secure the access to the applications, secure the data, and secure the application. Now with AgenTec, that user now has evolved to become agents as well. So our model still remains the same, but now with agent coming in, now we are securing the users and the agents to secure the Agentic Enterprise of the future.

Why Work Now Lives In Browsers

SPEAKER_01

Well, I can't wait to dive into that. I'm using four or five different agents as we speak right now to get some actual work done. So let's start with the fundamentals. You've shared that the browser is now the office for small businesses like myself, even. Of course, we're all familiar with a browser for decades, but what's changed? What's made the browser such a centerpiece of modern work?

SPEAKER_00

Evan, if you look at it, this transformation has been going around for some time. It's not something that happened like in the last few months. As applications have moved to the cloud, whether they're your own applications or SaaS applications, where do you consume all those applications? They get consumed in the browser. I mean, if you look at me, today I'm spending more than 95% of my time in the browser, which is uh doing email, looking at documents, reading up content and things like that. Now, when you think about SMB, where your question was, what is SMB doing? They probably have a couple of custom applications that are designed for payrolls, inventory management, or things like that. And then a few SaaS applications that they're using for communication and other things. And guess where where do they live? They live in the cloud. How do you consume cloud interactions with cloud? HTTPS, how do you do that? Through a browser. And that's why we think browser has become the cornerstone. And with AI applications, you pick your favorite model, OpenAI, Gemini, uh, what have you, all of them also can be consumed in the browser. So that's why browser really becomes the cornerstone or the workspace, just sort of for the SMB, but also for the enterprise.

From Copilot To Agentic Browsing

SPEAKER_01

Yeah, super exciting. And, you know, traditional browsers we're very familiar with. I use Chrome, many, many of us use Firefox and Microsoft and what have you. But the market has exploded as browsing has become a window into AI assisted services and agentic operations. What's happening here in the browser market?

SPEAKER_00

Yeah. Uh I'm assuming your question is really about this whole influx of AI in the browser market, right, Evan? And uh if you look at the entire thing, Evan, and if you think about browser, right? Um remember Microsoft Edge Copilot and things like that, right? Which is where you treat AI as a secondary layer, right? Where you AI lives in a sidebar or as a pop-up waiting for you to ask it to do something with the page you're viewing or something else. It doesn't really matter, right? Uh, that was AI assisted browsing. So that was a fundamental shift, right, Avan. First, we went and browsed uh things, we looked at things, if we didn't understand things, we went to Wikipedia, and that was a natural flow. Now, with this AI assisted browsing, or which I call the copilot model, you get to a browser that helps you, which is great and helps you with context. But I think the where the world is going is towards agentic browsing, the autonomy model, where you move from a browser that helps you to one that works for you, right? And um, think about examples like Perplexity, Comet, Sigma. They don't just talk to you or respond to your questions, they interact with the website that you are looking at and do actions on your behalf, click buttons, fill forms, or move across multiple tabs on your behalf. So honestly, it's a very exciting time for browsers where this rapid transformation is happening from browser just being a consumption layer to an assist layer now to a to uh full agency browser.

SPEAKER_01

Yeah, it's it's it's a uh sea change in the way we work. I'm using it with Manus and with uh Cloud Co-work. Uh my browser is taking action. It now has agency and is taking actions on my behalf. Of course, that's a little scary as well. Uh it's fine, me. I'm a solo practitioner, a small business, so uh tremendous upside, but you know, for big enterprise, also tremendous risk.

New Risks When Agents Act

SPEAKER_00

Yeah.

SPEAKER_01

What are some of those risks and uh uh red lights uh to be aware of?

SPEAKER_00

Um see, look, you said it, right, Evan. In the old world, there were users, you and I, doing actions. Once you identify the user and identify the application, you understand both the endpoints and it's great, it's amazing, and you just keep on doing checks. I think what has evolved is these agents acting on your behalf now, right? With your with your role, that is, I think, the most exciting as well as the most scary part, right? Giving autonomy to an agent that can do exactly what you can is exciting as well as scary, right? I think that's the biggest fundamental shift. And it doesn't stop there, Evan, right? In the old world. Now it looks odd saying that last year was old world. There were just you and I. Now you got agents that can spawn sub-agents with delegated permissions, and quickly that whole concept of human identity is actually evolving into agent and subagent identity, which can take either actions to full autonomy on your behalf or can do a subset. And that's where the inherent risk lies, right? What do they do with on your behalf? Is that mandated by the enterprise or by the business? That's where the opportunity and the friction both are.

SPEAKER_01

Yes, opportunity and friction, both sides of the same coin. Um, of course, you know every threat out there probably at Palo Alto. But what are the top threats with agentic browsing uh today? And what what kind of issues do defenders face?

SPEAKER_00

Yeah. Even before we talk about agentic browsing, right, for a second, just think about the threat landscape, Evan, right? We have heard about Claude talking about its new model, Mythos, which can, which has created a which has created noise of its own. But I think the the main thing is when you think about these new models, these new models can now find vulnerabilities that did not exist, or that just lay embedded. No one found them. The second is they can find this simple vulnerabilities, chain them together to make them complex. And the most frightening part is the speed of reaction has become almost instantaneous. You find an issue, you go and execute that. So that's just AI. Now, when you think about agentic browsing, a lot of those get manifested and exacerbated with agentic browsing. Agents are acting on your behalf, agent is a piece of software. If it gets compromised, it can do things that you might not want it to do. It can take two very innocuous actions, which you are allowing. One is access my hard drive. Second is go and talk to Salesforce to steal artifacts from the endpoint and push it to Salesforce or something else. Is that a good thing? No. So I think AI is creating opportunities for productivity and for security as well, but it's also creating opportunities for the bad guys to go and uh really infiltrate organizations faster. Age browsing, if not done with the right human in the loop or with the right delegation of authority, can further pronounce that effect.

Why SMBs Face Bigger Risk

SPEAKER_01

Yeah, really, really well said. And of course, you know, small businesses have risks from right up to large enterprise. But what puts the small, the SMEs, or maybe even the local pizza shop, the dentist's office, the hairdresser, what puts them at more risk compared to a bigger enterprise with a CISO and a team behind it?

SPEAKER_00

Yeah. Evan, uh enterprise, like you said, has a CISO function whose job is to make sure that the enterprise is protected. And if there is any desire event that happens, they have a SOC to go and remediate that. These are highly sophisticated functions which assume zero trust. And if something happens, whether by human error or agent error or something, there is a layer of protection, multiple layers of protection. That does not exist with SMBs, right? SMBs' job is to go and focus on their business. Security is an afterthought, right? And Ivan Um if I really think about how SMBs should think about this, they should think about this in very small baby steps, right? Forget about security for a second, right? You you and I have been talking about Agentic Browser, right? Established blast radius isolation, which is a fancy way of saying never use an agentic browser in the same profile where you stay logged into your uh bank or time you work email. First thing, right? Hygiene. Second thing is we talked about this, enforce human in the loop where it makes sense, right? Sometimes agents try to be helpful by skipping confirmation pages. Go make sure that when it's touching your records that are important for you, you have a human in the loop kind of thing. And last but not the least, a very technical term called task code memory, which is use incognito or logged out modes for research tasks. This prevents uh AI from remembering sensitive data. So to answer to answer your question broadly, right? Since they do not have the right expertise, there are certain things that they can do in-house to make agent tech browsing safer. Having said all that, Evan, you still need security controls. This is just hygiene. But how do you prevent yourself from that uh malicious extension? Or how do you prevent an end an employee from pasting sensitive data into AI, right? There will always be human follies, and there'll be always be attackers looking at your uh enterprise to go and find areas of compromise. That's where you need that security browser. Um I and I believe it's a combination of the right hygiene, but also having that right protection layer through a secure agenting browser.

SMB Readiness And Secure Browser Needs

SPEAKER_01

Oh, fantastic. So I'm an early adopter and somewhat of a technologist, but in any case, as soon as you know Claude Cowork was available, I downloaded it on my Mac. I when when uh Manus was released, I downloaded that and I put uh OpenClaw on a little Mac Mini I had, and I'm you know having a blast. I mean, it really is fun. But if you're really a business, like maybe you're a car dealer, you have a few car dealerships. I mean, what are some readiness basics? How do you get ready for actually this agentic browsing wave? How do you get your employees on board and and not just make it a science project like I've been doing?

SPEAKER_00

First of all, you have my respect for being so great to deploy all these tools, which is amazing. Hopefully, you have the right security parameters, right, Evan? Getting, if you think about getting small, medium businesses ready. I covered some of that in my previous conversation. Hey, make sure the blast radius is contained, you have fml uh memory and things like that. But to really get your enterprise comfortable with agentic browsing, make sure you have the right security layer, like I said. Adopt a secure browser that truly understands the interaction between the user and the agent that the user is contracting with, has the right data, the last mile data controls to ensure that no sensitive data is leaked, because that's where a lot of the business uh intelligence lies. And last but not the least, making sure that that browser is able to understand the new attacks that are happening through AI and stop them before they get executed in the browser. So if I had to sort of uh summarize it, adopt a browser that gives you a workspace kind of functionality where you can go and access your SaaS applications, private applications, gives you the flexibility of deploying the model of your choice, does not lock you into a SpaceFit model. You have the large model of your choice because every user has a different preference. And then last but not the least, gives you the right security and last multi-duck controls to enable safe usage of AI. That's the way I would think about uh enabling agentic readiness in an SMB uh context.

Prisma Browser Trial And How To Start

SPEAKER_01

Fantastic. And and a little bit of a pitch, but I I of course I know a Palo Alto from the large enterprise world, but you also work with SMBs, SMEs extensively. I think Prisma Browser for Business and many other is how can folks engage with you and your team?

SPEAKER_00

Yeah, first of all, uh thank you for asking that question. I passionately believe that security needs to be given to all businesses, regardless of their size. Prisma Browser for SMB brings all the enterprise security to SMB with simplicity, which means you don't have to be a security wizard. Everything is pre-configured, pre-built in, and you deploy the browser in a matter of a few clicks. Uh you get and you can import things from your favorite browser and be very helpful. Now you have your you have you have it. This browser is built on Chromium, so you get the same experience, you get the same look and feel, but without additional security. The best way to go, we are we allow free trials. So just go Google Prisma browser for business, get on the link, and you can get a free trial and get started on that journey right away. And if you encounter any issues, Evan, just there is a in-help, there is a uh in-help inside the browser, which gets you connected to our product people, not to support yet, to our product team. Oh wow. We can get feedback from you and truly enable that journey.

What’s Next: Fighting AI With AI

SPEAKER_01

Sounds like I need to get on that ASAP, given my experimentation. What are you excited about? What's next? What can you share over the next weeks and months? I'm sure you have a ton of events going on uh around the world, but what's on your agenda?

SPEAKER_00

Evan, the things that we are focused on is like we said, our mission at Palo is to protect the enterprise. And as AI really makes that the comp the timing between understanding compromise and that compromise being actually getting compromise, making that almost instantaneous. How do we ensure that we keep on enhancing our network stack, our endpoint stack, and our SEM to help enterprises meet that, be ready for this new onslaught of uh issues or security things that we'll see with AI? So, how do we fight AI with AI to enable safe usage of AI? Is where we are focused on.

Closing And Where To Watch

SPEAKER_01

Oh, that's a mic drop moment if I ever heard one. Uh here's to success on that mission. We're all rooting for you and onwards and upwards. Thanks, Mano Palm. Appreciate the time. Thanks, Evan. Thank you. And thanks everyone for listening, watching, sharing the episode. Uh, and also uh check us out on techimpact.tv, now on Fox Business and Bloomberg Television. Thanks, everyone.