For most organizations, the browser has been a background utility — a way to access applications, move between tabs, and get through the work day. It was never treated as a surface that needed to be managed. However, as AI becomes part of how employees execute tasks, the browser is quietly becoming the surface where that work is concentrated, managed, and governed. In a recent #shifthappens conversation, Arunesh Chandra, Head of Product for Microsoft Edge for Business, offers a grounded perspective on how the browser evolved into the primary work surface for most employees and why AI is the reason that shift now demands organizational attention. What comes through clearly is that AI is reshaping the browser strategy needed in the workplace.
What Happens When AI Enters the Browser
Cloud migration has been underway for years, but its cumulative effect on the browser is only now becoming visible. Email, file storage, collaboration platforms, business applications — the workflows organizations depend on have moved into environments accessed almost entirely through the browser. A Forrester study found that the browser has become the application where employees complete most of their work. Arunesh describes it as a critical security surface that most organizations still overlook even as it functions as a new endpoint in the modern workplace.
That gap becomes more consequential when AI enters the picture. New AI tools are most often discovered and first used inside the browser without organizational oversight. Arunesh describes this as the browser becoming the gateway for AI into the organization. When that usage happens outside governed environments, it becomes shadow AI: unauthorized tools processing sensitive data with no visibility into how it is stored, retained, or shared.
And AI is not just entering the browser passively. Browsers are evolving into surfaces where AI agents can take actions on behalf of employees. Arunesh outlines three principles guiding this evolution:
Contextual: The agent understands the user's current work environment. If multiple tabs are open, the agent can read across them and surface a consolidated summary, eliminating the need for manual comparison.
Agentic: The agent executes defined tasks on the user's behalf. Repeated workflows, such as filing expense reports or multi-click onboarding processes, can be offloaded.
Proactive: The agent anticipates what the user needs based on history and patterns. If a task was started but not completed, the agent can offer to pick it back up.
But capability without constraint introduces risk. An agent operating with full user access can reach sensitive systems, trigger actions across platforms, and blur the line between human and machine activity. AI has also compressed the timeline for these threats. What once took days to exploit can now collapse into hours, making the speed of governance as important as its scope.
Turning Browser Strategy Into Action
Recognizing the browser as a work surface is one thing. Managing it as one requires action across four areas: securing the browser itself, managing AI within it, defining what agents can do, and enforcing those boundaries where work already happens.
Treat the Browser as a Secure Work Environment
The browser now supports access to systems, sensitive information, and daily workflows at a scale that rivals any managed device. Managing it with the same discipline – patching, policy enforcement, identity integration – is the baseline.
Organizations that still treat browser management as secondary to device management are widening the gap between where work happens and where security is enforced. Arunesh frames it as a matter of intentionality: Being deliberate about the choice of browser and its security posture is now an organizational decision. Browser standardization also reduces the operational cost of maintaining multiple unmanaged browsers — each of which introduces its own patch cycles and management overhead.
Manage AI Where Work Already Happens
AI adoption is underway whether organizations have sanctioned it or not. Enabling approved AI experiences within the browser, where identity, access controls, and data policies are already enforced, keeps usage visible and manageable rather than pushing it into ungoverned territory.
Arunesh emphasizes that enterprise readiness in this context means more than functionality. It means the vendor handling AI interactions in the browser provides the same level of data protection that organizations already trust for email, file storage, and collaboration.
Define What AI Can Execute in the Workflow
Agentic AI introduces a category of risk that most governance frameworks were not built for: autonomous action. Before allowing AI to carry out tasks on behalf of employees, organizations need to define what data agents can access, what actions they can take, and where automation ends and human judgment begins.
Arunesh argues that agents should never inherit the full scope of an employee's access. They should operate within a narrower, pre-defined set of permissions — limited to what the task requires, not everything the user can reach. In some jurisdictions, distinguishing between human and agent actions may also become a regulatory requirement, making it critical to identify what the agent did versus what the employee authorized.
Apply Guardrails Where Work Context Lives
Governance is most effective when it is applied at the layer where work naturally happens. In the browser, identity, access, and activity converge, making it the most logical place to enforce policy. Restricting agent behavior to approved URLs, preventing interaction with sensitive sites, and enforcing data handling standards at the browser layer creates guardrails that are both practical and enforceable.
Arunesh notes that Edge for Business integrates with existing Microsoft management and compliance tools, meaning organizations do not need to build or learn new systems to govern this surface. The controls are built into infrastructure already in place, which also means the pace of enforcement can match the pace at which AI capabilities evolve.
The Surface That Shapes What Comes Next
What was once taken for granted now demands deliberate attention — from how the browser is managed, to how AI operates within it, to how agents are governed before they act. The decisions organizations make now about their browser strategy will shape whether AI scales with clarity or without guardrails.
Soundtrack of Shift
Arunesh's Soundtrack of Shift pick, "Video Killed the Radio Star," captures the spirit of the conversation. The song is about a technological shift that felt like it would displace everything that came before it — but radio survived, adapted, and found new forms. It is an upbeat reminder that transformation need not be feared, and that the tools and expertise built in one era often carry over into the next.
Explore more soundtracks shaping how leaders approach change and transformation today.
Episode Resources
#shifthappens Research: The State of AI Report
#shifthappens Insights:
#shifthappens Podcasts:
Check out the newest announcements and AI innovations in Edge for Business
