The Report That Keeps Moving the Same Direction
Every edition of the Verizon Data Breach Investigations Report carries weight not because of any single statistic but because of convergence — when independent data sources arrive at the same structural conclusion simultaneously, that agreement matters. The 2026 DBIR is no different, except that what it confirms this year is harder to dismiss than in previous cycles: the browser has become the primary environment where initial access happens, where data leaks out, and where detection fails entirely.
Keep Aware contributed browser telemetry data to the 2026 DBIR, which means the alignment between Verizon’s findings and Keep Aware’s own observational data isn’t incidental. The same patterns showing up in breach investigations are showing up at the browser layer in real time — before those breaches make it into next year’s report.
The three areas where that convergence is most pronounced are shadow AI data exposure, credential theft, and browser extensions. Each tells a version of the same story: attackers and risky user behaviors have relocated to a surface that most enterprise security stacks weren’t designed to see.
Shadow AI Is Now a Data Loss Problem at Scale
The DBIR identified shadow AI as the third most common non-malicious insider action appearing in Data Loss Prevention datasets. That ranking reflects a fourfold increase from the prior year — not a gradual drift, but a rapid behavioral shift across the enterprise workforce.
The mechanics are straightforward. An employee needs to summarize a contract, debug internal code, or draft a sensitive communication quickly. The fastest available tool is a personal ChatGPT session running in their browser. The organization may not yet have provisioned a governed AI alternative, or has provisioned one that employees find slower or more restricted. So the paste happens, the prompt goes out, and the data transits through an account that sits entirely outside corporate logging, DLP policy, or any audit trail the security team can access.
Keep Aware’s browser telemetry quantifies what that looks like at the user level. Sixty-seven percent of users accessing AI services on corporate devices are doing so through personal, non-corporate accounts. Forty-five percent of employees now qualify as regular AI users by usage frequency. More specifically, over half of AI prompt inputs are being sent to personal accounts, and 23% of sensitive prompt uploads involve data moving through personal or unverified accounts — completely outside the reach of existing DLP infrastructure. The scale of that exposure means most organizations currently have no reliable view into what internal data is being fed into external AI systems on a daily basis.
Credential Theft Passes Through Every Existing Control Unblocked
The 2026 DBIR found that 39% of breaches involved credential abuse. That number has been climbing steadily, and the browser telemetry data explains exactly why enforcement hasn’t caught up with it.
Keep Aware’s 2025 attack data places browser-based credential theft as the top browser-based threat category, accounting for approximately 41% of observed threat activity. Credential theft inside the browser isn’t a precursor to a breach in some future abstract sense — it is the direct mechanism through which 39% of the breaches Verizon documented actually began.
What makes the detection problem severe is this: 100% of the credential theft attempts Keep Aware observed passed through existing non-browser security controls without being blocked. Network proxies didn’t flag them. DNS filters didn’t catch them. Endpoint agents didn’t stop them. Not some, not most — all of them. Separately, 63% of Microsoft-themed phishing sites active during employee exposure events carried no flags from any VirusTotal vendor at that moment. That means the threat intelligence feeds that feed into those endpoint and network tools had no record of these sites at the time they were being used against employees. The detection gap isn’t a gap in one tool — it runs across the entire non-browser stack simultaneously.
The reason is architectural. Network and endpoint tools observe traffic and file behavior. They do not observe what is rendered inside a browser tab, how a page behaves when it loads, or whether a login form is legitimate or spoofed. That interaction — the one that determines whether a credential gets stolen — occurs entirely within the browser. Which means the only detection layer with a reliable view of it is one built into the browser itself.
Extensions: High Privilege, Low Scrutiny, Mislabeled
Browser extensions operate with a level of access that rarely gets examined in proportion to the risk it creates. An installed extension can read the content of any page the user visits, modify that content, intercept form inputs, and transmit data out of the browser environment. That’s not a theoretical capability — it’s the standard permission model for extensions in every major browser.
The 2026 DBIR noted that the average enterprise had more than 15% of users with unauthorized AI extensions installed. But the extension risk isn’t bounded by AI tooling. Keep Aware’s extension telemetry found that 13% of unique browser extensions observed across its customer base were classified as high or critical risk. The more operationally significant figure: 93% of those poor-reputation extensions were labeled as “productivity” tools by the browser marketplace where they were distributed.
That labeling matters because most enterprise allowlisting policies treat productivity as a low-risk category and permit it broadly. If 93% of dangerous extensions self-classify under the category most policies wave through by default, then category-based allowlisting isn’t a partial mitigation — it’s not functioning as a control at all for this threat class. The extension gets installed, runs with full page-read permissions, and sits inside the browser where no network or endpoint tool is looking.
What ClickFix Illustrates
ClickFix attacks — a social engineering technique where malicious pages instruct users to manually paste and execute commands, often through a fake CAPTCHA or error dialogue — represent the same structural problem from a different angle. The attack surface is behavioral and browser-rendered. The payload delivery relies on the user doing something inside their browser that looks, momentarily, like a routine task.
These attacks don’t require a file download. They don’t require a malicious executable that an endpoint agent can scan. The “malware” in a ClickFix attack is often a command the user types into their own Run dialog or terminal, pasted directly from text that appeared in their browser window. From a network perspective, nothing anomalous happened. From an endpoint perspective, a user ran a command. The context that makes it an attack — the fake interface, the instruction, the social engineering — existed only in a browser tab that no security tool was monitoring.
The Structural Mismatch This Data Describes
The three findings above — shadow AI exposure, credential theft that bypasses all existing controls, and high-risk extensions mislabeled as productivity tools — aren’t three separate problems. They share a common condition: the browser is where enterprise work now happens, and it remains the least-instrumented major surface in most security architectures.
The 2026 DBIR data and Keep Aware’s browser telemetry converge on the same conclusion through different methodologies. Breach investigation data shows credentials are being abused in 39% of cases and that shadow AI behavior has increased fourfold. Browser-layer telemetry shows that 100% of observed credential theft attempts cleared every non-browser control without triggering an alert, and that 23% of sensitive AI prompt uploads are moving through accounts with no enterprise visibility.
The average enterprise pays for network monitoring, endpoint detection, DNS filtering, and email security. It likely pays for a DLP solution. None of those tools had a detection point inside the browser when these events occurred. The question that leaves open isn’t whether browser-layer security is conceptually important — it’s how long organizations will continue funding controls that, by design, can’t see 41% of active threat activity.
The phishing pages that stole credentials in Keep Aware’s dataset had an average of zero flags on VirusTotal at the time employees encountered them.
