Securing the Browser for Humans & AI Agents with Menlo Security

This episode of Bottom Line Up Front features Jacqueline Biggio of Menlo Security discussing how AI agents are becoming the “next billion users,” shifting from copilots to autonomous actors that browse, transact, and make decisions at machine speed, expanding browser-based risk. Citing that 98% of attacks originate from internet usage and 80% target the browser, she explains why isolation-based browser security can stop threats before execution for both humans and AI agents by keeping web activity containerized and preventing untrusted content from reaching endpoints. She outlines four pillars—stop threats, connect and control applications, protect data without blocking work (including real-time CDR), and govern the entire workforce under requirements like Zero Trust and CMMC—emphasizing that compliance and governance must extend to non-human users.

• 00:00 Guest Intro: Jacqueline Biggio, Menlo Security
• 01:41 Menlo Isolation Overview
• 02:37 AI Agents Expand Risk
• 04:07 Hidden Content and Poisoning
• 04:31 Four Pillars Framework: Access, Control, Protect & Governance
• 08:04 Bottom Line & Key Takeaways
• 10:02 Wrap Up, Thanks and Call to Action

This episode is brought to you by ATP Gov. Visit us online at www.atpgov.com or follow us on LinkedIn.

[00:00:00] Host: Welcome to the Bottom Line Upfront, the podcast that cuts through the noise to deliver distilled insights from today’s most important technical webinars, presentations and demonstrations designed for federal and military IT leaders. Each episode breaks down complex technologies into mission ready takeaways, so you get the key points.

Fast. Whether it’s cybersecurity, cloud, architecture, or emerging defense technologies, we highlight what matters most and how trusted integrators like a TP gov can help implement and operationalize these solutions across your agency or command. No fluff. No filler, just the bottom line upfront. In today’s special episode, Jacqueline Biggio joins us from Menlo Security to present a topic that sits at the intersection of browser security, AI, autonomy, and the future threat landscape.

Her presentation focuses on how AI agents are evolving from co-pilots into independent actors conducting research, accessing web content, and making decisions at machine speed and what all [00:01:00] that means for enterprise and government security. She’ll walk through how isolation based browser security fundamentally changes the risk equation for both humans and AI agents preventing threats before they execute.

Protecting sensitive data without slowing the mission and enforcing governance across a workforce that now includes thousands of non-human users. So if you’re responsible for mission assurance, zero trust execution, or CMMC compliance, this episode is about what’s coming next and how to stay ahead of it.

And with that, let’s welcome Jacqueline to the bottom line up front.

[00:01:31] Jacqueline Biggio: I’m so glad you, uh, we have the opportunity to be on the podcast today. Thank you for inviting me. Yeah, Menlo really excited to talk versus. In general, I know you’re familiar with what Menlo does, right? Truly being a browser security platform for the end user customer and our approach being very unique, where you as the end user when you’re going out to the web, could be going to check email application.

We’re there and we’re [00:02:00] putting you into isolation. Well, today what I wanted to talk about more is who are the next billion users gonna be and turns out. Ai, that’s gonna be the next billion users. Statistics right now are showing, um, this is according to Google, 98% of the attacks originate from internet usage, and 80% of those are targeted at the browser.

So Menlo approach to isolation and really protecting you as an end user when you’re going out to the web through the browser is so relevant. 98%, that’s a huge percentage. And if we’re looking at 2027, the projections are that 15% of all enterprise work will be autonomous. So AI agents are moving from co-pilots to independent actors, browsing transactions and making decisions 24 7.

This is what they’ll do, right? That’s what an agent does, is it goes out and it does exactly what you [00:03:00] tell it to do. So that’s gonna basically have a paradigm shift. There’s that attack surface that exists Today is gonna be even more exponential than what it was because these agents are out there. Just basically following instruction.

There’s no intuition there. There’s no thinking. It’s just following that command and there’s risk, especially if, let’s just say you’re asking that agent to go out and find thousands of documents, which it could do in a very short amount of time and bring it back. There’s scale and there’s speed. Very easy for them to bring something back into the end user’s endpoint.

But because of Melos capability of isolating everything, we’re gonna keep it containerized and it’s not gonna be an issue. And the other thing to point out is these agents are like an ultimate insider threat, right? They have a headless browser. They can download malware very easily, very blindly. They, they’re not gonna take a second to think they’re just [00:04:00] gonna do what the code told them to do.

They’re very gullible, they’re fast, and they’re easily misled. So white on white text, you could be looking at a slide or a file, and you’re just looking at the graphics, the text that’s on there that you can visibly see. But an AI agent can see even more. So if there’s a hidden JavaScript in there, if there’s white on white text, zero font size pumps.

I mean, the human eye won’t see some of that, that they’ll, so I kind of break it out into four categories. They stop threats before they execute. That’s one of the things that we do, right? Humans are targeted by phishing, social engineering, evasive malware, right? Those attacks are designed to exploit the human’s trust.

I’m looking at this. It’s got a link in it. I’m gonna click on the link and boom. Then you’re now have a threat. But with an AI agent, the targets are a little bit different. What they’re trying to do is poison the content that the [00:05:00] agents are looking at and bring it back to the end user, and that’s something that Melos approach can alleviate.

And the other pillar is. Connect and control every application. Humans need secure access to the web, from any device, any location without VPN, friction, the public web, and then jump from one application to another. And I want it to be seamless, whether it’s by laptop or it’s by phone. AI agents don’t care about location.

They don’t care about the device. All they care about is data visibility. Can they just be able to get in through the API void less and then get the information that they need? Then the third pillar is protect data without blocking the work. So me as an end user collaboration, I need to be able to do very freely.

So security that blocks files and halts the workflow, gets disabled and compliance fails, right? So if I’m [00:06:00] trying to open up a file and it’s sitting in a sandbox environment and it’s taking me two minutes to look at it, or three minutes. That is blocking work of me being efficient, and then you as the end user, you get a little bit agitated because it takes so long to see the file.

Menlo does not do things that way with our material acquisition and the CDR capabilities that we have simultaneously, as that file is coming to you as the end user, it’s being scrubbed clean and the agent process is even faster, right? They’re just going out, they’re getting that, and the sensitive information must be protected in real time.

Without slowing down the automation. So that is the third pillar. If you kind of compare humans versus AI working side by side through a browser, that these are things that we can help on both sides of the house. And the fourth category, I would say is govern the entire workforce as one. You have compliance, you’ve got cmmc out there, a lot of these rules and [00:07:00] regulations that the government has to follow.

And from an end user, you spend a ton of money educating them, making sure they know all the things they should and should not do from a cybersecurity perspective. Now multiply that you’ve got thousands of agents out there, you still have the same regulations and compliance that you must meet, and that’s very rigorous.

And they don’t change. You’re not gonna agents’ just gonna out there and do itlos approach to being able to govern the entire workforce all at once simultaneously. These four pillars between human and agent melos approach is the right way to be able to go out there and make sure that the customer’s environment is still secure.

Those agent workloads are growing faster than any human headcount, and you need a safe approach in protecting the enterprise, and you can do that a hundred percent With Menlo approach, they’ve been doing this for over a decade. They’re the only ones in the market that really take [00:08:00] isolation a hundred percent of the time, so nothing’s coming back to that endpoint.

[00:08:04] Host: So what’s the bottom line? Up front, the browser is no longer just a human interface. It’s now an attack vector for autonomous AI workloads with industry data showing that nearly 98% of attacks originate from internet usage and the vast majority targeting the browser, the expansion of AI driven activity introduces a dramatically larger and faster attack surface.

And here’s the five key takeaways you should remember from Jacqueline’s presentation. AI agents are the next insider threat by design. AI agents don’t have intuition, judgment, or skepticism. They execute instructions at scale and speed, blindly consuming web content, and that makes them highly efficient and highly exploitable.

Hidden scripts. Poison content and evasive malware are far more effective against non-human actors. The browser is now the common battlefield for both humans and machines. Whether it’s a civilian analyst, a war fighter, or an autonomous agent, [00:09:00] the browser remains the primary access points to data and applications.

Security controls must assume continuous web risk, not occasional exposure. Thirdly, isolation first. Architecture stops threats before they execute. So instead of detecting malware after it lands full browser isolation ensures that nothing untrusted ever reaches the endpoint human or ai. That’s a fundamental shift from traditional sandboxing and inspection models that slow operations and frustrate users.

Moreover, security can’t block the mission, especially when automation is involved. Federal and defense organizations can’t afford controls that slow workflows break automation or cause teams to bypass protections, real-time content disarm and reconstruction combined with isolation, enables secure access without friction.

And finally, governance and compliance must extend to AI workloads. Frameworks like Zero Trust CMMC and data protection mandates don’t stop applying just because the user isn’t human. AI agents must be governed under the same policies without [00:10:00] retraining exceptions or gaps. With that, Jacqueline, I appreciate you coming on the bluff and sharing your presentation with us.

[00:10:08] Jacqueline Biggio: Thank you very much. I’m so to be part your podcast today, and this is such a passionate topic that I love talking about and I look forward to talking. Thank you.

[00:10:19] Host: As a trusted federal and DOD partner, a TB gov, along with organizations like Menlo Security, help agencies design, integrate, and operationalize isolation based security architectures that support both human users and autonomous AI systems.

A TB gov doesn’t just deploy technology. We help translate emerging capabilities into mission ready implementations, ensuring that security accelerates outcomes rather than standing in the way. Be sure to reach out to atp gov today at www.atpgov.comoremailinfoatatpgov.com, or check us out on social media on LinkedIn.

Thanks for listening, and be sure to subscribe to the bottom line upfront wherever you get your podcast. And stay tuned for more distilled [00:11:00] insights from the front lines of tech and national security. So until next time, stay secure. Stay mission ready.

The Bottom Line Up Front, is ATP Gov’s podcast that cuts through the noise to deliver distilled insights from today’s most important technical webinars, presentations and demonstrations designed for federal and military IT leaders. Each episode breaks down complex technologies into mission ready takeaways, so you get the key points.

Fast.

Whether it’s cybersecurity, cloud, architecture, or emerging defense technologies, we highlight what matters most and how trusted integrators like ATP Gov can help implement and operationalize these solutions across your agency or command.

No fluff. No filler, just the bottom line up front.