3492: How Mammoth Enterprise AI Browser Redefines Security at the Endpoint

[00:00:00] - [Speaker 0]
Now running a network that publishes more than 60 interviews a month does take a lot of work behind the mic, and our sponsor helps make that possible. So a huge thank you to them for believing in this mission and supporting the stories that I'm telling here every single day of the year. If you're building a start up, every second counts. And sadly, so does every breach. And the truth is early stage companies are often the easiest targets because attackers know that their defenses could be thin.

[00:00:31] - [Speaker 0]
A Nord layer gives you the same level of network security that some of the big players use without the premium price tag or complex settle. And best of all, it scales with your growth. You can add users in seconds, protect your assets from day one. And over the years, I've seen many founders lose investor trust over one daily, so it's just not worth the risk. So why not secure your startup properly right from the beginning?

[00:00:59] - [Speaker 0]
Check out nordlayer.com/tech talks daily and get 28% off with the coupon tech daily dash 28. But now let's get today's guest on. Have you ever stopped to think about just how much of your working life now happens inside the browser window? For many teams, it has become the place where decisions are made, data is handled, and AI tools quietly sit in the background shaping our daily work. And this shift has raised a fresh set of questions about visibility, control, and security.

[00:01:39] - [Speaker 0]
And my conversation today is with the founder and CEO of Mammoth Cyber. His name's Michael, and he's gonna take me inside the world of Enterprise AI browser, a space that is quickly moving from niche experiment to strategic necessity. But what struck me throughout our conversation together was how he frames the browser as a natural home for enterprise AI, Not just because it's convenient, but because it's already in the place employees spend most of their time. And his view that the browser has evolved into a a digital operating layer, and once AI enters that layer, everything from data governance becomes so much more important. So today, we're gonna cover the shift from consumer AI browsers to enterprise models, the rise of shadow AI inside organizations, and that hard reality that AI brings a a brand new attack surface.

[00:02:39] - [Speaker 0]
And it'll also share how a secure first architecture inside the browser can protect against so many issues such as indirect prompt injection, credential leakage, and uncontrolled access to internal data. So if you've ever wondered how enterprises can use AI at scale without losing trust or control, I think you'll find this a timely and practical discussion. So a massive warm welcome to the show. Real pleasure to speak with you today. For people hearing about you and your company for the first time, tell me a little about who you are and what you do.

[00:03:18] - [Speaker 1]
Hi, Neil, and thank you for inviting me here. My name is Michael Hsieh. I'm the founder and CEO of MemosCyber. What we do is develop the enterprise AI browser.

[00:03:28] - [Speaker 0]
Well, it's a real pleasure to have you join me at the moment. One of the things I wanted to talk about was the Humble web browser and why it matters so much. And one of the reasons I invited you on here is you described the browser as the new AI platform. So tell me, what makes the browser the the logical foundation for enterprise AI rather than just just a delivery tool? Tell me about your thoughts here.

[00:03:52] - [Speaker 1]
So, Neil, know, the status is wise, you know, 85% of our time that employees spend in the work actually is spent in the browser. So browser is really something not only that deliver the application, but also the one access all the knowledge that during the business operation. So I think one is a secure browser, and also second is the AI to help all the operation in the browser actually can speed streamline the whole business operation a lot. And that's really huge boost for the employee productivity there.

[00:04:26] - [Speaker 0]
And I think over the last few years, many organizations have struggled to enable AI without losing control of their data. So from the work that you're doing here, how does the Mammoth AI browser change that that trade off between productivity and security?

[00:04:43] - [Speaker 1]
Yes. You know, traditionally, if you want to, let's say, run the AI pilot, you need to figure out where the data is, you know, build AI agent and build to have developed developed all that. They worry about all the authentication, all that. But with browser, it's it's naturally, you know, people already have the the employee already have the right access to a right application and information already. So adding the AI there, actually, it can streamline all operation, business operation to, you know, the employee's daily job.

[00:05:12] - [Speaker 1]
At the same time, we actually apply multiple security framework inside the browser to really monitor and control what AI can see and do. So with that, you know, we think that's the easiest way to really bring in AI into the business transformation, but at the same time, also have all the security and compliance in place.

[00:05:34] - [Speaker 0]
And I'm curious. How did the idea for a secure first AI browser originate? Was there a a particular moment or a customer pain point that that crystallized that vision? I I feel like there's gonna be a story then.

[00:05:47] - [Speaker 1]
Oh, yeah. I I mean, this is really, you know, from our outlook. You know, I I worked in the cyber industry for more than twenty years. And whenever the new technology come in, the first thing is, of course, you know, we want the new technology, you know, to be able to help entire business moving forward. In this case, it's really AI.

[00:06:05] - [Speaker 1]
But the second thing they are looking into is really the security because nobody want to run any new tool without security in place because there's a huge risk if a business don't do not apply the security to make sure everything is compliance, they are running a big business risk for that. So this is why we think, you know, we've seen the AI running in the browser. Actually, it's a very natural way to do that because it's really a huge boost to help the employee to redo their job. But at the same time, you know, we are thinking about if you can provide build up a security surround the AI agent inside the browser and apply all the necessary control and visibility into that, that's the game changer. And that's why we stopped building this secure AI browser.

[00:06:54] - [Speaker 0]
And over the last, what, decade, there's been a lot of talk around bring your own devices or BYOD and how organizations have struggled against that. More recently, ShadowAI is the big buzzword now. ShadowAI and the enterprise risk that it can bring. And I think the the materials mentioned that shadowAI is a a growing problem. So can you tell me a little bit more about what that looks like in practice inside a a large organization, that problem with ShadowAI that we're talking about, and and how your your browser exposes or or maybe even contains it?

[00:07:29] - [Speaker 1]
Yes. I think one thing is the reason ShadowAI exist is because people really use the AI to boost have their job. And a lot of time, they are ahead of the IT and security to control the environment. That's what happened. Was that but a lot of our tool actually today happen in a browser.

[00:07:49] - [Speaker 1]
So with a browser, actually can monitor all the activity there, include what's the application, and throw pick running in the browser and be able to full visibility there. However, with the enterprise AI browser right now combined security and AI browser together, it actually is now the way to solve the shadow AI problem because we fundamentally provide the tool that cast the employee really need. And right now, don't they they don't need to use the unproven application to to do that. And with our AI browser, actually, it's all really streamlined. You don't need a lot of copy paste between the AI and your data because that's really a big way to cause that data leakage.

[00:08:35] - [Speaker 1]
What if the AI can automatic find out the the data and, know, with the limitation and control to be able to streamline the operation. That actually can help the employees speed up their operation as well. And that's why, you know, within the secure AI browser, it's really something that people are looking forward to. And with that, they probably don't need really mitigate the need to using the other AI tools that or to mitigate the need to use the those unproven AI tools.

[00:09:06] - [Speaker 0]
And something else that I think stands out is consumer a browsers. And consumer AI browsers tend to prioritize engagement, but you argue that that model conflicts with enterprise governance. How deep is that conflict, and what what risk does it create for, especially, enterprises in regulated industries?

[00:09:28] - [Speaker 1]
Yeah. That's actually a very good question. We actually analyze what the consumer needs versus the the enterprise need. I can give you example that a lot of consumer worry about the browser is really privacy. They don't want their information to be used to do the advertisement or do the marketing.

[00:09:46] - [Speaker 1]
But for the enterprise care is really the security. They want to make sure that data are leaking into that. Or the another example is the security model. For consumer, they actually think their endpoint, their laptop is secure that, you know, nothing will be legal. But for enterprise, because there's a potential malware can invent from phishing or other activity, the endpoint is not secure.

[00:10:11] - [Speaker 1]
So I would say fundamentally, the consumer focused AI browser really have a different security model than the enterprise AI browser. And that's why we see the opportunity there, you know, with the security in place, with the screen framework that the CSO and the security team have approved in the past twenty years that that's the something they can really trust and and integrate the AI into their browser, which will touch a lot of confidential information. So that's why they want to have a very good control over what AI browser can see and what cannot see.

[00:10:46] - [Speaker 0]
It's interesting you say that about what it can see and what it can't see. I was recently playing with an AI browser from a consumer point of view. And soon as it wanted to connect to my email, my calendar, and so many different areas of Dropbox, Google Google Drive, etcetera, it set off a few alarm bells and got me thinking about the security aspect. So what kind of security risk do you see the biggest threat to enterprise adoption here? And, again, how do you mitigate this with MAMA?

[00:11:15] - [Speaker 1]
You know, this is why our secure first framework come in. We're just we have create full layer of protection over that from the core of the AI agent, which interact with the AI model directory into the browser policy framework to really monitor and control the whole browser can do. And we also create a layer between the AI agent inside the browser versus the application that they can and data versus the application and data they can touch. All that is really layer our protection through the broad through the AI agent or into the browser policy framework to really protect the data. And that's something that we think is really unique in the industry.

[00:11:56] - [Speaker 1]
The problem is yeah. That that's really unique to the industry.

[00:12:01] - [Speaker 0]
And sticking on that security theme, tell me a bit more about the browser's approach to indirect prompt injection. What's unique about handling that risk at the endpoint rather than in the cloud? Because it this feels like quite a big move too.

[00:12:17] - [Speaker 1]
Yes. That's actually a very good question. All the AI model today actually subject to indirect prompt injection. You know, it it it probably take another one or two years for those, you know, AI model vendor to refigure it out if they were to do that. But before the model can really solve in the AI model itself, I think they need a different multiple there's a need to a multilayer security framework to really solve that.

[00:12:42] - [Speaker 1]
This is why we talk about the full layer of protection there that include how AI agent is consumed with the data. We include how the interface between AI model with all the application and data. All that actually is create another layer of protection and visibility for security and to really control what AI can see. And I think that's something that can start to address the indirect problem injection issues.

[00:13:10] - [Speaker 0]
And when I was doing a little research on you, I was reading that you also integrate with Octo, WebAuthn, TPM based device trust. How how important is hardware rooted identity to building a true genuine zero trust AI environment? How important is that?

[00:13:29] - [Speaker 1]
It actually is very critical on that. Think about a browser is stand is a stand alone application that can run it on any places. However, if you're tied into Okta or identity provider, you start have a identity check-in place. If you integrate with a TPM or integrate with a a mobile device management, with that, you start can tie up the device. So the browser we build today is not really just a browser application itself.

[00:13:57] - [Speaker 1]
We actually link into inter enterprise infrastructure to really make sure that only the right person and right device can run the browser to access the corporate environment with all the data in check and to prevent the data leakage. That's really something at the core to build a secure browser.

[00:14:17] - [Speaker 0]
And a question I've got to ask is, how do you ensure productivity isn't compromised while enforcing these policies like DLP, watermarking, and copy paste restriction, etcetera? Because it's so important to protect that end user experience at the same time, isn't it?

[00:14:34] - [Speaker 1]
Exactly. That's right. No. I think, you know, one of philosophy we try to do is, you know, to minimize the security impact to our usability. And with that, a lot of control that security team care, let's say, filter PII information, all that is done underneath, you know, with back end control.

[00:14:53] - [Speaker 1]
For user, you know, they can still do their job, but only the right information that will be maxed out. For example, we developed this data masking feature that we can partially mark out the PI information in real time. With that, the AI model won't be able to see the full PI data, but still can do their job.

[00:15:13] - [Speaker 0]
And looking at your road map, it also mentions a built in secure AI assistant. So what use cases do you expect enterprises to adopt first? And how will you balance speed with policy compliance? Again, quite a tricky balance, I would imagine.

[00:15:30] - [Speaker 1]
Yes. I think the the key is how the how to control the AI agent in the browser. They will process the data there. And this actually across, let's say, internal technical document. It could be in this CRM system for the salesperson or even the secure dashboard for secure security team.

[00:15:51] - [Speaker 1]
All that is really running in inside a browser that AI can run or can help to analyze and speed up the whole operation there.

[00:15:59] - [Speaker 0]
If we take a look under the hood here at some of the technical things that make all this possible, how does the browser distinguish between safe and unsafe data for AI model consumption? Is it a filtering role based? Is it ML driven or or maybe even a mix of both? Is there anything you can share around how how it does this?

[00:16:20] - [Speaker 1]
Yes. Actually, there's also another difference between a consumer focused browser versus enterprise browser. Because in enterprise, we actually have something we know is trusted. So they say the data inside our, let's say, repository. The internal data is trustworthy, and those are really something that AI model can direct ingest.

[00:16:42] - [Speaker 1]
But for those untrust source, there's a multiple way we can do that. One of the is there's some technique. We can try to separate the external content with the system command. Those are not can really mitigate the chance for a prompt injection. All this is something that we can leverage what is the current enterprise infrastructure to really to identify risky content versus trustworthy content and then apply the different security policy.

[00:17:14] - [Speaker 0]
And when you think of AI aware DLP, what what do you think makes it different from conventional data loss prevention tools?

[00:17:22] - [Speaker 1]
Conventional DLP tool really focus on the five content. The AI model actually introduced another way because the data consumed by the AI model potentially can be legal or be changed. And all those is should be really tightly monitor and control. That's the enterprise AI browser can try to help to do that.

[00:17:44] - [Speaker 0]
And looking on your website and the work you're doing here, some of your case studies show rapid deployment replacing VPNs and even VDI setup. So what are the what's the most surprising feedback from customers after moving to this model? You must you must get to hear quite a few stories.

[00:18:02] - [Speaker 1]
Oh, yes. They're actually because we build the enterprise AI browser that could really control and monitor all that type of movement. So for security for security team, they actually start seeing a lot of activity that they couldn't see when deploy VPN or VDI before. For end user, the impact is even bigger. Traditional VDI is slow, hard to use.

[00:18:22] - [Speaker 1]
It's not always a lag and all the user had it. With the enterprise AI browser, they start enjoying the real time response from the application. And actually, that's another big way to improve the productivity there. Right now, with the AI in place, they can really even help to do that from their business operation point of view.

[00:18:43] - [Speaker 0]
And for anybody listening inside a security team, what kind of visibility would they gain through the Mammoth the Mammoth admin console that that maybe they couldn't get before? Anything that you can tell those people listening?

[00:18:58] - [Speaker 1]
Yes. You know, we monitor all the activity inside of browser. And, you know, this include, like, we call it last mile data operation. Now other than the file upload download, we also monitor the clip or copy and paste, the print, screen sharing, screen copy. We can do the watermark on the data.

[00:19:18] - [Speaker 1]
We can they have mask the web page at a real time. All of that cannot be done by traditional DLP. Right now, with the AI coming, we actually can see what's entered in the prompt and what's the data and page that consumed by AI. Those become visible and also controllable right now.

[00:19:36] - [Speaker 0]
So how does the browser integrate with other security information and event management tools like, I don't know, Splunk or Sentinel? And and what kind of telemetry do do CSOs find most valuable then yet when you're having these conversations with them?

[00:19:53] - [Speaker 1]
Yes. The browser actually collect a lot of information, like, you know, who where they are, what's the application they they go to, what's the had attached. Even if they log in, you know, to the personal account or business account. All that actually is a very vast, very good information that we support a lot forwarding. We can send to Splunk or other SIEM system that for for the analysis.

[00:20:19] - [Speaker 1]
And those are really parallel offer that we provide.

[00:20:22] - [Speaker 0]
And as we look to the future, we've got Linux support, remote access control, and native AI integrations. All these things are on your road map. So which of these will you think will most influence enterprise adoption next year? Because it's all about adoption at this stage, I would imagine.

[00:20:40] - [Speaker 1]
It's definitely the native AI integration. We see that's really not only the include the productivity for all the user. Actually, it's really changed all the behavior. Right now for when user using the browser, that actually is most of the time, they manually go to a different website, collect information, try to aggregate that itself to really help them to do either a decision making or do analysis. With AI, all those process and time spent actually consolidate, you know, from days to just minutes there.

[00:21:16] - [Speaker 1]
So it gradually help people to really change how they use a browser, and we think that's a game changer for that. And I actually see starting next year, we started seeing the the browser usage behavior change it to the new way.

[00:21:31] - [Speaker 0]
Exciting times. And continuing on that future mindset with LLMs becoming more autonomous, what what new security challenges do you anticipate over the next few years? And how are you at Mammoth preparing for some of those security challenges?

[00:21:48] - [Speaker 1]
Yes. I would say, you know, we see the AI agent and and, you know, a lot of AI activity probably, you know, would be preferable in the enterprise organization to be able to control access to all those require a lot of effort for that. So when we that could potentially develop is our AI browser become the central point for the at the endpoint side for user to connect all those AI agent in addition our AI browser. With that, they got both information about the business operation and also internal AI agent intelligence. Combine those two together, I think it would be very powerful and helpful for entire business operation.

[00:22:33] - [Speaker 0]
Yeah. I completely agree. And finally, before I let you go, if I ask you to gaze into my crystal ball and look at the future in maybe 2027. Let's go even further out and ask you to make a few predictions here. Do you see the enterprise browser evolving into an operating system for AI in the workplace?

[00:22:53] - [Speaker 0]
How do you see this all evolving?

[00:22:56] - [Speaker 1]
Well, yeah, that's really something that, know, future, but we actually see that that come in as as well. Yeah. So in the future, you know, today, the process is really con connector to all the different SaaS application, perform perform different business functions. In the future, some of the SaaS, it become the AI agent, but some are still remain because today, the AI agent is focused on certain key feature, but they cannot do all of that. So but with the AI browser, in the future, they can really combine those two with the AI agent to perform certain tasks a lot more efficient.

[00:23:36] - [Speaker 1]
But with the web application that they can perform more detailed operation on what they need. So all that will be really merged into a more powerful and smarter AI browser to do that. And we see that's the future of that. And security is also become more complex. Today, we primarily focus on the security between the AI the agentic browser to the application.

[00:24:01] - [Speaker 1]
In the future, you will extend to also support the other AI agent as well. And that's really something that we're looking forward to support that.

[00:24:12] - [Speaker 0]
Exciting times ahead. We covered so much in a thirty minute podcast interview today. And for anyone listening, wanting to dig a little bit deeper on anything we talked about, is there anywhere you'd like them to visit and check out the Mammoth AI browser if they wanna find out more information, see it in action? Where should they be going?

[00:24:32] - [Speaker 1]
Yeah. First, you know, come to our website, you know, www.memoscyber.com, and you can sign up, you know, to test our AI browser or just, you know, leave a note. We can reach out to have a deeper discussion.

[00:24:45] - [Speaker 0]
Love it. Well, I'll get links added to everything. If you've got any videos, I'll also insert a couple of those. And I, for one, have learned so much from talking to you today about the enterprise AI browser that's built for zero trust security. Any security teams thinking about AI browsers and security, I strongly urge them to go check it out.

[00:25:06] - [Speaker 0]
Love what you're doing here. But thank you for sharing your story today.

[00:25:10] - [Speaker 1]
Alright. Yeah. Thank you, Neil. Yeah.

[00:25:13] - [Speaker 0]
So I hope you found our conversation as thought provoking as I did today, and I think Michael's belief that the browser is becoming an almost operating system for AI invites us to rethink the tools that we take for granted every day. And his point about employees already having the right access inside the browser and how that becomes a a natural gateway for secure AI workflows, I think these things raise important questions for every security team out there. So are we prepared for a world where AI sits beside our most sensitive data with no guardrails? Unless they are built in at the point of interaction. So if you wanna learn more about Mammoth Cyber or try Enterprise AI browser out for yourself, I'll add all the links in the show notes.

[00:26:02] - [Speaker 0]
But let me know what you think about this idea of the browser becoming a secure AI gateway. Do you see this as a future, or do you see organizations still having bigger hurdles to overcome? I wanna hear your thoughts on this. Tech blog writer at outlook.com, techtalksnetwork.com for more interviews like this. Let me know your thoughts, and I'll return again tomorrow.

[00:26:26] - [Speaker 0]
Sound like a deal? Good answer. Speak with you all then. Bye for now.