SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution

SquareX published research showing AI-enabled browsers can be tricked into performing malicious actions — including OAuth token compromise leading to email and Google Drive exfiltration, distribution of malicious links via calendar invites, and downloading malware — and warns that existing enterprise controls (EDR, SASE/SSE) lack the visibility to distinguish human versus agentic browser actions; the company urges browser-native defenses and industry collaboration.