Menlo unveils browser platform to secure rising AI agents

Menlo Security has launched a browser security platform designed to govern both human users and autonomous AI agents through a single set of controls, as more companies deploy software agents to work inside enterprise systems.

Menlo positions the browser session as the primary control point for both people and non-human actors. It argues that AI agents increasingly rely on browser-based workflows, including headless browsers, and that much of this activity falls outside established security monitoring and policy enforcement.

"The next billion web users won't be human. This isn't a future prediction; it's the current reality for the modern enterprise," said Bill Robbins, CEO of Menlo Security.

Robbins continued, "By moving protection directly into the browser session, we are enabling organizations to deploy AI agents that work at a scale and speed impossible for humans, without opening the door to catastrophic prompt injection or data exfiltration. Without this protection, a single compromised AI agent can move laterally across enterprise systems, exfiltrate data, or execute fraudulent transactions at machine speed, with no human in the loop."

Agent growth

Companies are using AI agents to process documents, handle support queries, run internal approvals, and execute multi-step workflows across cloud applications. These agents can act like employees: logging into web applications, reading content, and submitting forms.

Security teams are assessing how to set identity, access, and oversight for systems that operate with limited or no direct human review. Concerns include prompt injection, data leakage, and misuse of credentials. These issues can arise when an agent interprets untrusted content as an instruction, or gains access to sensitive information during routine work.

Menlo highlighted attacks that rely on content a human might not notice during review. In one example, hidden text embedded in an invoice is read by the agent and treated as a command. It then changes payment details, while a human supervisor sees only the visible invoice content.

Antonio Bovoso, Founder and Principal at Consiro Advisory, said the browser has become a control point for this shift.

"The enterprise workforce is changing. AI agents are now making decisions inside enterprise systems, yet most security programs were never designed to account for them," he said. "The browser is where agent identity, intent, and action converge, making it a critical control point in the enterprise."

Platform approach

Menlo's platform applies policies and threat prevention within the browser session, treating humans and agents as equivalent participants. Menlo describes this as a unified control plane covering governance, inspection, and monitoring.

The platform includes Menlo AI Agent Security, which the company describes as a "Guardian Runtime" for AI agents. Menlo said it enforces separation between instructions and data to reduce the risk of an agent treating malicious content as a command. It can also restrict data movement out of sessions.

Another element, Universal Connectivity, focuses on access to applications and websites that do not offer strong APIs. Menlo said it can translate interaction with these services through the browser and sanitise data before it is delivered to an agent.

Menlo also said it provides "Deterministic Visibility" at the browser document object model and file-component level to provide session context and forensic information. Traditional tools, the company said, can miss browser-session context and visual file formatting.

Least-Privileged Agent Governance adds controls intended to limit what an AI agent can access and where it can move. Menlo said this reduces lateral movement and prevents unauthorised data extraction.

Customer view

Wellstar Health System has assessed Menlo's approach for agent deployments in its environment, according to an executive responsible for information security and governance, risk, and compliance.

"Menlo is taking a fresh approach to AI agentic security. Whereas other solutions are trying to chase down agents and build a security perimeter around them, which is a losing battle, Menlo is building governance directly into the agents, securing them from inception," said Michael D'Arezzo, Executive Director of Information Security and GRC at Wellstar Health System.

D'Arezzo said, "This allows for 'guardrails' that help users build agents that are secure and have just the right amount of privilege and time to live. Having the confidence that agents are inherently secure from threats and data leakage will help us build out and scale our agentic strategy."

Business context

Menlo said the platform launch follows what it described as a record fiscal year, with annual recurring revenue of more than $140 million and net retention above 120%.

Menlo has also partnered with Google on remote access to desktop applications and data through the browser for both humans and agents, according to the company. Menlo said the approach uses least-privileged access and can reduce the cost and operational complexity associated with virtual desktop infrastructure.

Security control point

Menlo's broader architectural approach moves the security control point into the browser session. Menlo said this reduces the chance evasive threats can execute because content is processed through a cloud runtime before it reaches an endpoint or an AI reasoning workflow.

"AI agents represent a fundamental shift in enterprise computing," said Ramin Farassat, Chief Product Officer at Menlo Security. "For the first time, security teams have a single control plane that applies the same security and governance policies to an AI agent processing invoices as to the human CFO approving them - at machine speed, with full forensic visibility."