Black Hat USA 2025 returned to the Mandalay Bay Convention Center in Las Vegas, marking its 27th year in North America. With more than 22,000 participants, the event unwound over six days with an agenda that focused on deep dives into cybersecurity, underlying research efforts, practitioner training, vendor summits, technical demonstrations and social events.
The rise of new types of attacks in the threat landscape is not slowing down, but accelerating at a monumental pace, fueled by the same modern AI tools that defenders are using. Bad actors are increasingly leaning into generative AI to dramatically improve the sophistication of phishing campaigns and create new forms of malware. They are also leveraging emerging agentic frameworks to significantly scale the volume of attacks. This weaponization of AI is creating new challenges for defenders, and runtime defense is emerging as a critical consideration.
Consequently, enterprise browsers are quickly surfacing as a material defense mechanism with the surging adoption of modern AI. Historically, hardened internet browsing extensions served as a layered security provision. Today, ChatGPT, Gemini, Grok and other popular generative AI tools and copilots use browsers as the user interface to access powerful large language models on the backend. The growing importance of highly secure browsers was punctuated by Perplexity AI’s recent unsolicited bid to acquire Google’s Chrome browser for nearly $35 billion. While I dismiss that bid as a marketing stunt, it still clearly demonstrates the importance of securing the use of these tools. It’s worth diving deeper into enterprise browsers, along with some of the other noteworthy news from Black Hat USA 2025.
The Year Of The Enterprise Browser
I have always been fascinated by the mythical zodiac animals used to signify China’s Lunar New Year celebrations. If Black Hat USA 2025 had to choose its symbol, it would be the enterprise browser. Besides becoming the de facto user interface for modern AI tool use, the enterprise browser continues to provide access to SaaS applications, cloud services and a vast number of business and consumer online transactions. Most importantly, browsers govern how sensitive data is accessed and transmitted. Unfortunately, they also serve as an attack vector through Domain Name System compromises and other potential exploits. From my perspective, four enterprise browser solution providers stand out among others in a quickly growing category: Google, Island, Mammoth Cyber and Palo Alto Networks.
Google offers two versions of its Chrome Enterprise browser, Core and Premium. Designed to be its freemium offering, Core provides basic policy management, application access and the ability to set controls across devices and operating systems — all at no additional licensing cost over Google’s standard browser. However, for organizations that require more advanced security, Google offers its Premium version for $6 per user per month. Premium provides all the Core functionality, also adding malware scanning, data loss prevention, context-aware access for SaaS applications, URL filtering and an evidence locker for forensic analysis. In the bigger picture, I would say that Premium delivers the necessary security controls, but it lacks the sophistication of offerings from the other vendors below.
Island.io promises to deliver desktop virtualization-like functionality at a fraction of the cost of more expensive and infrastructure-heavy VDI deployments. Leveraging a Chromium experience, it positions its enterprise browser as a tool that can facilitate privileged user access and enable safer generative AI usage, anchored by a zero-trust architecture. The company is checking all the right boxes, and networking and security giant Cisco’s continued investment in Island — which dates back three years now — points to its potential. The company does not publish its licensing cost, choosing to offer bespoke pricing based on an organization’s needs and number of users. I like that approach, and it gives Island the capability to compete with some of the larger infrastructure providers.
Mammoth Cyber used Black Hat USA 2025 to announce what it positions as a grounds-up-designed AI enterprise browser, delivering recently refined controls that directly integrate into enterprise security policy engines. Instead of trying to wrap security around a consumer-grade browser through hardened extensions, Mammoth makes the browser itself the enforcement point. It also ingests real-time context, including business transactions, open support tickets and interactions with employees, to enable it to make informed security posture corrections that training data lacks in isolation. It is a powerful architectural design that also addresses VDI replacement, zero trust authentication to applications, data loss protection, unsanctioned AI application blocking and the mitigation of prompt injection. Integrations with existing single sign on solutions — including Google, Microsoft Entra, Okta and Ping, as well as existing firewalls and endpoint agents — point to Mammoth Cyber’s deployment flexibility. From my perspective, all these capabilities make it a standout as a relatively unknown entrant in the enterprise browser category, despite the company’s existence for the past six years. Like Island, Mammoth offers a customized quoting process for licensing.
