Securing your own agents is no longer enough.
The next AI security problem is not the agent you deployed. It is the agent ecosystem you depend on — browser extensions, install pages, third-party connectors, and the automation traffic that touches your tools.
The signals from this week make the shape clearer. HUMAN reports AI-driven traffic grew 187% in 2025, growing 8x faster than human traffic — security teams now have to distinguish human, legitimate agent, and malicious automation. Browser extensions like LLMReaper can read entire ChatGPT and Claude conversations from the DOM, including pasted credentials and customer data. Fake Anthropic install pages are running ClickFix campaigns that deliver infostealers to engineers expecting Claude Code.
The defensive answer is not to ban AI tools. It is to treat the agent layer as a production dependency: scoped credentials, audited extensions, separate browser profiles for AI work, revocation paths.
The operating assumption is simple. Anything an agent can read can be exfiltrated.