Tools / News / Browser Attacks Hit 55% of Organizations in a Year. Two New Reports Say the Risk Is Only Growing.
Press

Browser Attacks Hit 55% of Organizations in a Year. Two New Reports Say the Risk Is Only Growing.

· VaultTools

Two independent studies published in March 2026 confirm the browser has become enterprise security's weakest link. Employees are uploading sensitive files through it, attackers are exploiting it, and 85% of IT teams are now spending more to defend it.

VaultTools · March 28, 2026

A glowing green padlock on a dark digital background, representing browser security and cybercrime risk. Photo by Adi Goldstein on Unsplash

Table of Contents


What the Numbers Show

Two independent research projects published this month arrive at the same conclusion: the browser is now the primary target for enterprise cybercrime.

On March 5, Keep Aware released its 2026 State of Browser Security Report, drawing on 2025 telemetry from enterprise browser deployments. On March 24, Omdia published findings commissioned by Parallels, based on a survey of 400 IT and cybersecurity professionals across North America conducted in December 2025 and January 2026.

The Omdia data is stark: 55% of organizations experienced a browser-related attack or security incident in the past 12 months. 68% report an increase in browser-based attacks over the past two years. In response, 85% of enterprises are now increasing their spending on browser security, and 62% rank it among their top five security priorities.

How the Browser Became the Primary Attack Surface

Keep Aware’s report identifies the three leading attack vectors reaching users through the browser: phishing accounts for 29% of incidents, malicious browser extensions for 19%, and social engineering for 17%. All three reach employees at the moment they are using a tool or application, often one that processes files or data.

Omdia found that 32% of users now access corporate applications from unmanaged devices. Those devices lack the endpoint controls that sit between most enterprise infrastructure and potential threats. The browser is the only software layer present in every scenario.

The Omdia report notes that the browser has become the primary interface for enterprise applications. Keep Aware is more direct: the browser is no longer just rendering web pages. It is reading data, generating content, executing workflows, and acting on behalf of users in real time. In many environments, it has become the operating system for modern work.

The AI File Upload Problem

Keep Aware’s telemetry shows 41% of end users interacted with at least one AI web tool in 2025, using an average of 1.91 AI tools per person. During a one-month measurement window, 46% of sensitive inputs submitted to web applications were sent through personal or unverified accounts, outside corporate visibility.

Employees are uploading internal documents, source code, financial data, and regulated information into AI tools that run as browser-based services. Those files leave the device the moment they are submitted. They travel to external servers, where they may be retained, indexed, or exposed in a future breach.

Why Local Processing Matters Now

The browser is now documented as the most active attack surface in the enterprise. The file upload is one of its highest-risk behaviors. For anyone using web-based tools to handle sensitive documents, PDFs, images, or developer files, the question of where processing actually happens is no longer a minor concern.

Tools that process files entirely within the browser, without sending bytes to a server, remove one attack vector from the equation. The file is never in transit. There is no server retention. There is no third-party infrastructure that can be breached. The browser is still the attack surface, but local processing means the attacker who compromises a browser extension or runs a phishing page cannot intercept a file that was never uploaded.


Sources