The browser has quietly become the most critical—and most overlooked—attack surface in cybersecurity. In Episode S7E20 of the Brilliance Security Magazine Podcast, host Steven Bowcut talks with John Carse, Field CISO at SquareX, about the company’s groundbreaking Browser Detection and Response (BDR) technology and why legacy tools like EDR and Secure Web Gateways can’t see today’s browser-native threats.
John draws on his two decades of global cybersecurity experience—spanning the U.S. Navy, JPMorgan, Expedia, and Dyson—to explain emerging risks like Syncjacking, Polymorphic Extensions, and the coming wave of AI-powered browser agents. He also shares practical steps for CISOs to reduce risk from Shadow SaaS and unmanaged devices.
Summary
John shares eye-opening insights into why tools like EDR, XDR, and Secure Web Gateways can’t detect what’s happening inside the browser, where most modern work now takes place. John also unpacks SquareX’s groundbreaking research into emerging attack vectors such as Browser Syncjacking, Polymorphic Extensions, and the growing risks posed by AI-powered browser agents that act without security oversight.
From the global differences he’s observed in security maturity to the challenges of shadow SaaS sprawl and unmanaged devices, John offers practical advice for CISOs and security teams: start with visibility, meet users where they are, and recognize the browser for what it has become—the new epicenter of cyber risk.
Key Discussion Topics
- Why the browser has become the most overlooked attack surface in cybersecurity
- How Syncjacking and Polymorphic Extensions exploit users’ trust
- The limitations of EDR, XDR, and Secure Web Gateways in a SaaS-driven world
- The emergence of AI-powered browser agents as a new threat class
- Real-world insights on reducing Shadow SaaS and BYOD risks
- How SquareX’s Browser Detection and Response (BDR) solution redefines browser security
About Our Guest
John Carse is the Field Chief Information Security Officer at SquareX, bringing over 20 years of cybersecurity experience across military, financial, and global enterprise environments. His career began in the U.S. Navy, where he secured critical naval systems for over a decade, followed by leadership roles at Dyson, Rakuten, Expedia Group, and JPMorgan.At SquareX, John focuses on closing one of the biggest gaps in enterprise defense—browser-native threats—through the company’s industry-first Browser Detection and Response (BDR) platform. He holds multiple cloud security patents, an MBA in Entrepreneurship from IE Business School, and a Bachelor’s in Computer and Information Science from the University of Maryland Global Campus.
Click the image below to listen to this Brilliance Security Magazine Podcast episode.
Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.