In Episode 10, we take an in-depth look at the latest report from cybersecurity researcher Francis Odum, uncovering the key insights behind the numbers. We discuss:

• How third-party and credential-based risks are evolving
• What the report reveals about attacker tactics and system intrusion trends
• The growing risk surface of browsers and unmanaged endpoints
• What infosec leaders should take away—and act on—based on the data

This is a technical, first-person exploration of breach dynamics, informed by real-world telemetry and sharp analysis. If you’re a practitioner navigating complex environments, this episode is for you.

In this episode, we unpack the key insights from our recent LayerX webinar featuring Alex Pinto, lead author of the 2025 Verizon Data Breach Investigations Report (DBIR). Alongside Or Eshed, our CEO, we explore the changing risk landscape—from credential abuse and third-party risk to AI misuse and browser-native threats.

Key themes:

• What the doubling of third-party breaches reveals about today’s interconnected environments
• Why unmanaged devices and browser cookies still sabotage identity protection
• The real AI risk: unsanctioned employee usage, not just attackers with LLMs
• How the browser became ground zero for modern security battles

🎯 Want to go deeper? Watch the full webinar on demand:
👉 https://layerx.easywebinar.live/layerx-verizon-dbir

Are you aware of the hidden risks lurking in your organization’s browser extensions? Nearly every enterprise user has at least one extension installed—and over half of those extensions request powerful permissions that can expose cookies, passwords, and sensitive data. In this video, we introduce ExtensionPedia, LayerX’s free, publicly available Browser Extension Risk Database and Knowledge Center.

🔍 What You’ll Learn
• Why browser extensions are a growing attack vector for CISOs and InfoSec teams
• How ExtensionPedia aggregates risk scores for 200,000+ Chrome, Edge, and Firefox extensions
• The key permission scopes and reputation factors used to calculate each extension’s risk
• Practical steps to research any extension by name or ID before deployment
• How to leverage in-depth documentation, best practices, and threat advisories to safeguard your users

📈 Why It Matters
• 99% of enterprise employees have at least one browser extension installed
• Over 50% of those extensions request high-level permissions that can access critical data
• ExtensionPedia empowers security leaders to make data-driven decisions and eliminate blind spots at the browser level

🌐 Resources & Links
▶️ Read the official Dark Reading announcement:
https://www.darkreading.com/endpoint-security/layerx-launches-extensionpedia
▶️ Explore ExtensionPedia now:
https://layerxsecurity.com/extensions/
▶️ Learn more about LayerX Browser Security:
https://www.layerxsecurity.com

👍 Like, Comment & Subscribe
If this video helped you understand how to mitigate extension-based risks in your enterprise, please give it a thumbs up and leave a comment with your questions. Don’t forget to subscribe for more insights into browser security, SSE gaps, and next-generation enterprise protection.

#BrowserSecurity #ExtensionRisk #LayerX #ExtensionPedia #Cybersecurity #CISO #InfoSec #ThreatIntelligence

🔍 Are SSEs Really Securing the Last Mile?
In this episode, we break down the hidden architectural gaps in Security Service Edge (SSE) platforms—specifically where they fall short in protecting the browser, where today’s real threats unfold.

📉 Despite vendor claims, SSEs are blind to:

• Copy/paste data leakage
• Malicious browser extensions
• Shadow SaaS and GenAI misuse
• Identity misuse and session hijacking

🛡️ We’ll walk through key use cases—like GenAI prompt monitoring, in-browser DLP, and zero-hour phishing—and explain why traditional network-layer tools just don’t cut it.

📌 Who should watch:
CISOs, security architects, and InfoSec leaders who are questioning the effectiveness of their SSE stack—or considering augmenting it.

📘 Based on the technical whitepaper: "Reevaluating SSEs: A Gap Analysis of Last-Mile Protection" by LayerX.
Download it here: [Insert link]

🔗 Want to see how browser-native security can close the gap? Learn more at: https://www.layerxsecurity.com

#SSE #Cybersecurity #DLP #BrowserSecurity #GenAI #InfoSec #LayerX

In this episode, we explore the hidden risks posed by one of the most overlooked elements of the modern enterprise tech stack: browser extensions.
In this episode we will unpack key insights from the newly released Enterprise Browser Extension Security Report 2025 - a data-driven look into how widely-used browser extensions are impacting enterprise security postures.

As the browser becomes the de facto interface for SaaS access, identity, and day-to-day productivity, extensions often slip under the radar of traditional security programs. But with capabilities like DOM access, clipboard monitoring, and cookie extraction, they’re increasingly being exploited as a backdoor into sensitive data and sessions.

Together, our AI hosts examine the anatomy of malicious extensions, the shortcomings of existing SSE and endpoint protection tools in detecting them, and what enterprises can do to regain visibility and control - especially in BYOD and hybrid environments.

Why are popular extensions like Grammarly or ad blockers being flagged by security researchers? What controls should security teams implement to protect against extension-based threats? Tune in to this episode for answers, insights, and actionable recommendations.

In this episode, our guest Francis Odom, founder of Software Analyst Cyber Research, brings his wealth of expertise to the conversation.
With a following of over 60,000 cybersecurity and technology professionals, Francis specializes in emerging security markets, including identity, data, and AI security.
As organizations embrace digital transformation and AI adoption, the browser has become the critical interface for both productivity and security.

From accessing SaaS applications to interacting with AI tools like ChatGPT, the browser is now at the center of enterprise workflows. However, this shift also introduces significant risks—ranging from data leakage and malicious extensions to the secure use of generative AI.

Together with LayerX’s Head of Product Marketing, Eyal Arazi, Francis discusses how browser security is evolving to address the challenges of modern enterprises. They explore the role of browser security in mitigating GenAI risks, the limitations of traditional SASE and SSE solutions, and how enterprises can adopt a platform approach to streamline security while reducing complexity.
How can CISOs and security leaders navigate the intersection of browser edge and network security? Which use cases will define the future of browser security? Listen to this episode to find out.

As businesses continue their journey to SaaS adoption, the browser becomes the central location where work-related services are managed and operated. This means organizations now need to manage risk at the browser edge. Traditional network security controls are still important, but they are not flexible enough for securing the modern data and information flow on their own. Instead, the browser edge becomes the new central hub for policy enforcement and decision-making, providing relevant context and visibility.

Our guest, Steve Zalewski, was the CISO for Levi Strauss and has 25 years of security experience under his belt. He’s also an advisor for LayerX. In this new podcast episode, he embarks on a fascinating conversation with LayerX’s CEO, Or Eshed, about how CISOs, CSOs and security leaders can balance out browser edge and network edge security in their security strategies and stacks. They also discuss the importance of browser security for organizations that are not cloud-first.

How can CSOs prioritize their budget between network edge and browser edge security and which one of the three types of CISOs are you? Listen to this episode and find out.

Generative AI is introducing a new set of product development and data analytics opportunities that were previously inaccessible. Enterprises can leverage Generative AI across different lines of business to gain insights into human interactions and to identify anomalies, while also cutting costs. In cyber security, for example, Generative AI can be used to accelerate, scale and improve the work of SOC analysts. However, Generative AI also introduces data loss risks that require DLP, for example - developers pasting code into ChatGPT.

Our guest, James Azar, is the CTO and Head of Security for AP4 Group and the podcast host for CyberHub and CISO Talk podcasts. In this brand new episode, he talks with Or Eshed, CEO of LayerX, about ChatGPT and the opportunities and cybersecurity risks of all Generative AI platforms. They also share thoughts about CISO security strategies and discuss which promises CISOs should never believe.

Can you really trust the Generative AI creators? Listen to this episode and find out.