Latest news with #VivekRamachandran
The Hindu
22-07-2025
- Science
- The Hindu
Citizen science data-backed study reveals widespread decline in India's birds
A recent study has revealed a significant decline in many of India's bird species, underscoring the urgent need for targeted and sustained conservation efforts. The State of India's Birds 2023 report, produced by a consortium of leading research institutions and conservation organisations, assesses the status of 942 bird species using data contributed by thousands of birdwatchers through the eBird citizen science platform. According to the report, 204 species have suffered long-term decline, and 142 are currently declining. 'Our findings reveal a sobering truth — India's diverse bird populations are facing significant decline, underscoring an urgent need for concerted conservation efforts,' said Vivek Ramachandran, Fellow, Wildlife Biology and Conservation Programme at NCBS, and an author of the study. Alarming trends The report represents one of the largest biodiversity monitoring efforts in the global south. It classified 178 species as 'high conservation priority', 323 as 'moderate priority', and 441 as 'low priority.' Birds with specialised diets, such as those feeding on vertebrate prey, carrion, or invertebrates, have declined the most, averaging over 25% long-term population loss. In contrast, species dependent on fruits or nectar have remained stable or even increased. Habitat specialists from grasslands, scrublands, and wetlands have experienced the steepest declines. Winter migrants to India have also declined more sharply than resident species, raising further alarm. Innovations in data handling According to a communique from NCBS, one of the main challenges of using eBird data is the variable effort put in by citizen scientists. Rather than standardising birding duration or distance, the team standardised analyses based on the number of species reported per checklist, which improved the comparability of data. All the software and analytical methods developed for the project are open source, allowing researchers worldwide to build upon them. 'The analysis leveraged citizen science data from the eBird platform and developed a robust methodology to clean, organise, and analyse this semi-structured data to overcome biases. This framework allowed for the assessment of a larger number of bird species than previously possible and is intended to serve as a blueprint for regions with limited resources for traditional surveys,' said Mr. Ramachandran.
Techday NZ
17-07-2025
- Business
- Techday NZ
SquareX unveils field manual to tackle rising browser threats
SquareX has launched "The Browser Security Field Manual", a detailed guide to browser-based cyberattacks, with contributions from chief information security officers (CISOs) of high-profile companies including Arista Networks, Dyson and Expedia. The manual, authored by cybersecurity specialists Vivek Ramachandran and Audrey Adeline, aims to address what the company describes as a growing risk area for businesses, reflecting the shift of the browser into the central point of user interaction in modern workplaces. Industry perspectives The guide not only details the techniques, tactics and procedures (TTPs) leveraged by attackers in the browser but also presents real-world commentary from CISOs such as Rathi Murthy, who serves as Chief Technology Officer at Varo Bank and has previously held leadership positions at Expedia and Verizon, Rahul Kashyap, former CISO at Arista Networks, and John Carse, former CISO at Dyson. This collaborative approach seeks to reflect the evolving strategies adversaries use to exploit browser vulnerabilities and the industry's current understanding and response to these threats. Responding to browser attacks SquareX states that browsers have emerged as a primary attack vector, stemming from their role as essential endpoints in enterprise environments. Attacks referenced in the new manual include the Cyberhaven breach, the proliferation of polymorphic extensions, and incidents such as the Midnight Blizzard remote desktop protocol (RDP)-based attack – all of which, according to the company, highlight the need for further awareness and resources in this sphere. The field manual systematises knowledge about browser threats across five primary vectors: phishing, malicious browser extensions, browser-based data loss, identity attacks, and browser-native ransomware. The book includes sample code and real-world case studies to bring these threats to life for practitioners. Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual, said, Attackers thrive on information arbitrage. As the place where 85% of work happens, it's imperative that security teams understand how their employees are being targeted. We've been extremely fortunate to work closely with some of the industry's top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future. The manual is designed for a range of users, from technical practitioners to those responsible for organisational oversight in cybersecurity, and includes perspectives both on day-to-day risks and the anticipated evolution of browser attacks. Industry collaboration The current edition builds upon feedback developed during an earlier, limited release at a prior security event, where copies were distributed to hundreds of CISOs for input. SquareX notes that many of these professionals directly contributed their insights, shaping the content to closely align with the operational challenges security teams are currently facing. The Browser Security Field Manual will be available at official bookstores during Black Hat and DEF CON 33 events, with the authors set to attend book signings at both venues. The publication is also available for pre-order via its dedicated website, allowing broader access to practitioners worldwide. SquareX's approach to browser security The company's browser extension is designed to equip organisations with tools to detect and respond to a spectrum of web-based threats, including malicious extensions and browser-native ransomware, aiming to work without interfering with typical user experience or productivity. SquareX's focus on integrating advanced security features directly into users' browsers is intended to give security professionals increased visibility and control over browser-related risks, a priority as browser-based workflows continue to dominate the enterprise landscape. The newly launched manual is part of SquareX's ongoing efforts to supply the information and resources organisations require to defend against the shifting browser threatscape.
Mint
01-07-2025
- Business
- Mint
AI in the browser may be a hacker's new favourite target: Here's how
A fundamental shift in enterprise cybersecurity is underway, with the emergence of Browser AI Agents as a new and potentially more dangerous vulnerability than human users, according to a new report from cybersecurity firm SquareX, (via Techradar). According to the publication, once hailed for their potential to boost productivity by handling repetitive online tasks, these AI-driven browser agents are now being flagged as major security blind spots. SquareX's research claims these automated tools are more susceptible to cyberattacks than human employees, challenging the long-standing assumption that human error is the weakest link in organisational security, the report added. 'Browser AI Agents have now overtaken employees as the primary vulnerability within enterprises,' said Vivek Ramachandran, CEO of SquareX. 'They can flawlessly carry out tasks, but completely lack the intuition to detect threats.' Unlike staff who regularly receive cybersecurity training and are increasingly aware of phishing scams, suspicious links, and unfamiliar interfaces, these AI agents operate without any security instincts, the report noted. Driven solely by tasks, they fail to assess risk or question the authenticity of the websites and applications they interact with. In a demonstration using the open-source Browser Use framework, SquareX instructed an agent to sign up for a file-sharing service. Instead, the agent unwittingly granted access to a malicious application linked to a suspicious domain, something a trained employee would likely have flagged. In another example, an agent was duped into entering login credentials on a phishing site during what appeared to be a routine Salesforce login. 'These tools function with the same access rights as the user they represent,' the researchers explained. 'That makes it incredibly difficult for traditional security solutions to distinguish between legitimate activity and compromised AI behaviour.' Reportedly, this parity in access privileges means that, once compromised, a browser agent can give hackers unrestricted access to enterprise systems, all without triggering standard security alerts. SquareX warns that even leading cybersecurity platforms, from Endpoint Protection to Zero Trust Network Access (ZTNA) systems, are ill-equipped to deal with this emerging threat. The company urges enterprises to adopt browser-native security solutions, such as Browser Detection and Response (BDR), which can help identify suspicious agent activity in real-time. Until major browsers integrate native safeguards for AI-driven automation, oversight mechanisms must be developed independently. 'There is an urgent need not just for smarter AI agents, but for smarter oversight,' the report concludes.
Techday NZ
30-06-2025
- Business
- Techday NZ
Browser AI agents seen as bigger security risk than employees
SquareX's latest research suggests that Browser AI Agents now pose a greater security risk to organisations than employees. Browser AI Agents are software programs that perform browser-based tasks for users, including booking flights, scheduling meetings, and conducting research. Their usage has seen considerable growth, with a PWC survey indicating that 79% of organisations have already adopted some form of browser agent. These agents offer measurable productivity gains, but SquareX's analysis found that their security awareness is limited compared to that of human employees. Unlike people, Browser AI Agents do not participate in regular security training and lack the ability to detect common warning signs found in malicious websites, such as suspicious URLs or unnecessary permission requests. The company's research highlights that even fundamental security practices can be missed by Browser AI Agents. For example, while a human might notice and avoid a dubious website or application, agents are more likely to proceed, often exposing sensitive company data. SquareX pointed out the additional challenge that writing prompts to manage security risks for every agent task can undermine productivity gains, and most users are unlikely to have the expertise to do so effectively. To demonstrate these risks, SquareX conducted an experiment using the widely adopted open-source Browser Use framework. In this scenario, the Browser AI Agent was asked to find and register for a file-sharing tool. During the process, the agent fell victim to an OAuth attack, inadvertently granting a malicious application full access to the user's email account. This occurred despite several signals — such as requests for irrelevant permissions, unfamiliar branding, and suspicious URLs — that would likely have caused a human operator to hesitate. SquareX's team warned that similar scenarios could see agents unknowingly expose sensitive information, such as credit card data during online purchases or responding to phishing emails with confidential details. The inability of traditional security tools and browsers to distinguish between human and agent actions exacerbates this risk, as malicious instructions can be executed without intervention. Industry perspective Vivek Ramachandran, Founder & CEO of SquareX, commented on the findings, explaining the shift in security risk within organisations: "The arrival of Browser AI Agents have dethroned employees as the weakest link within organizations. Optimistically, these agents have the security awareness of an average employee, making them vulnerable to even the most basic attacks, let alone bleeding-edge ones. Critically, these Browser AI Agents are running on behalf of the user, with the same privilege level to access enterprise resources. Until the day browsers develop native guardrails for Browser AI Agents, enterprises must incorporate browser-native solutions like Browser Detection and Response to prevent these agents from being tricked into performing malicious tasks. Eventually, the new generation of identity and access management tools will also have to take into account Browser AI Agent identities to implement granular access controls on agentic workflows." Security professionals are being advised to introduce browser-integrated protections and to treat the actions of Browser AI Agents with the same scrutiny as those of human users. Technical implications With traditional security tools unable to identify whether actions in the browser stem from a human or an AI agent, the potential for undetected compromise rises. The need for browser-native threat detection and response tools, capable of safeguarding both employees and automated agents, is therefore becoming more pressing. SquareX's findings further suggest that as the use of Browser AI Agents becomes more common, identity and access management systems will need to evolve. These systems must recognise and regulate AI agents to ensure that access privileges and security policies can be applied accurately to all entities operating within an organisation's digital infrastructure. The company recommends that organisations take a proactive approach, reviewing and updating their browser security frameworks in line with these developments. Without new guardrails, the delegation of routine tasks to Browser AI Agents may inadvertently increase the attack surface for cybercriminals targeting enterprises.
Business Insider
30-06-2025
- Business
- Business Insider
SquareX Reveals that Employees are No Longer the Weakest Link, Browser AI Agents Are
Palo Alto, California, June 30th, 2025, CyberNewsWire Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case. SquareX's research reveals that Browser AI Agents are more likely to fall prey to cyberattacks than employees, making them the new weakest link that enterprise security teams need to look out for. Browser AI Agents are software applications that act on behalf of users to access and interact with web content. Users can instruct these agents to automate browser-based tasks such as flight bookings, scheduling meetings, sending emails, and even simple research tasks. The productivity gains that Browser AI Agents provide make them an extremely compelling tool for employees and organizations alike. Indeed, a survey from PWC found that 79% of organizations have already adopted browser agents today. Yet, Browser AI Agents expose organizations to a massive security risk. These agents are trained to complete the tasks they are instructed to do, with little to no understanding of the security implications of their actions. Unlike human employees, Browser AI Agents are not subject to regular security awareness training. They cannot recognize visual warning signs like suspicious URLs, excessive permission requests, or unusual website designs that typically alert employees of a malicious site. Consequently, Browser AI Agents are more likely to fall prey to browser-based attacks than even a regular employee. Even if it is possible for users to add these guardrails, the overhead required to extensively write the security risk of every task performed by the agent in every prompt would probably outweigh the productivity gains. More importantly, employees using Browser AI Agents are unlikely to have enough security expertise to be able to write such a prompt in the first place. With the popular open-source Browser Use framework used by thousands of organizations, SquareX demonstrated how the Browser AI Agent, instructed to find and register for a file-sharing tool, succumbed to an OAuth attack. In the process of completing its task, it granted a malicious app complete access to the user's email despite multiple suspicious signals - irrelevant permissions, unfamiliar brands, suspicious URLs - that likely would have stopped most employees from granting these permissions. In other scenarios, these agents might expose the user's credit card information to a phishing site while trying to purchase groceries or disclose sensitive data when responding to emails from an impersonation attack. Unfortunately, neither browsers nor traditional security tools can differentiate between actions performed by users and these agents. Thus, it is critical for enterprises working with Browser AI Agents to provide browser-native guardrails that will prevent agents and employees alike from falling prey to these attacks. Vivek Ramachandran, Founder & CEO of SquareX, warns, 'The arrival of Browser AI Agents have dethroned employees as the weakest link within organizations. Optimistically, these agents have the security awareness of an average employee, making them vulnerable to even the most basic attacks, let alone bleeding-edge ones. Critically, these Browser AI Agents are running on behalf of the user, with the same privilege level to access enterprise resources. Until the day browsers develop native guardrails for Browser AI Agents, enterprises must incorporate browser-native solutions like Browser Detection and Response to prevent these agents from being tricked into performing malicious tasks. Eventually, the new generation of identity and access management tools will also have to take into account Browser AI Agent identities to implement granular access controls on agentic workflows.' To learn more about this security research, users can visit . SquareX's research team is also holding a webinar on July 11, 10am PT/1pm ET to dive deeper into the research findings. To register, users can click here. About SquareX SquareX's browser extension turns any browser on any device into an enterprise-grade secure browser. SquareX's industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks, including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI DLP, and more. Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users' existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector - the browser. Find out more on Contact
