Keeper Security has updated its privileged access management platform with new remote browser isolation (RBI) capabilities aimed at making secure web access more usable in day-to-day operations. The changes focus on enabling common workflows, such as multi-tab browsing, file uploads, and full web application interaction, within isolated sessions. The update also extends AI-driven session monitoring across these environments, bringing more visibility into how privileged access is being used.
Why RBI Has Struggled in Practice
RBI has long faced a usability problem that limited adoption. Many solutions struggle with modern web applications that rely on dynamic content, pop-ups, and multi-step authentication. When workflows break, users tend to bypass controls, creating gaps in enforcement.
Neeraj Mallampet, Director of Product Management, PAM at Keeper Security, describes this as both a design and technical issue. He told MSSP Alert, “The usability problem with traditional Remote Browser Isolation has always been a product design problem as much as a technical one. When RBI breaks Single Sign On (SSO) flows, prevents multi-tab navigation or blocks common web interactions, users find workarounds – and when that happens, the security model collapses in practice even if it holds on paper. The controls only work when people actually work within them. With KeeperPAM, our approach to RBI is to deliver a modern browser experience within a fully isolated environment, so users don’t have to choose between productivity and security.”
Closing the Workflow Gaps Without Breaking Security
Keeper’s update focuses on closing the gap between what users need to do and what RBI has historically allowed. Multi-tab support now handles SSO flows more effectively, while full JavaScript support ensures web applications behave as expected. File uploads can also be enabled for specific use cases, such as content management on external platforms.
Mallampet explains how this is implemented without loosening controls: “What we've focused on with KCM 2.23.1 is closing the gap between what users need to do their jobs and what RBI has historically allowed. Multi-tab support now handles SSO flows that previously required separate windows. Native JavaScript alerts render properly. File uploads can be enabled on a per-connection basis by the administrator for use cases like social media management, where teams need to upload content to platforms such as YouTube, Instagram or LinkedIn without exposing corporate credentials directly to those sites.
The design principle is that every new capability is opt-in and administrator-controlled – not enabled by default. File uploads are off unless explicitly turned on per connection. Tab navigation is permissioned. Throughout all of it, the core isolation model doesn't change: no website code executes on the user's device, credentials auto-filled from the gateway never reach the local machine and every session is recorded for auditing and compliance. We've raised the usability ceiling without moving the security floor.”
Guardrails That Maintain the Zero-Trust Model
Expanding browser capabilities inside isolated sessions raises questions about risk, especially in environments built on zero-trust principles. Keeper’s position is that the architecture, rather than individual features, defines the risk model.
Mallampet notes, “The risk profile of an RBI session is defined by the architecture, not the feature set. What keeps the zero-trust model intact is that the isolated session runs in a sandboxed Chromium instance on the KCM container. Nothing from the target website executes on the user's local device. What the user sees is a rendered canvas, not a live webpage. That doesn't change whether the user has one tab open or five."
The controls are built into how the system is configured. File uploads are turned off by default and only enabled when needed for specific use cases. Access to tabs is managed, and web activity is filtered to prevent data from being leaked. Login credentials never reach the user’s device, and every session is recorded for visibility. All of this keeps access tightly controlled, monitored, and limited to what’s necessary, while ensuring sensitive data stays within the isolated environment.
"From a product standpoint, a zero-trust model that users bypass because it doesn't support SSO or basic web interactions isn't actually enforcing zero trust – it's creating a false sense of coverage. The goal is an RBI deployment that teams use consistently, because consistent use is what makes the controls real," says Mallampet.
What AI Monitoring Changes for Security Teams
Alongside usability improvements, Keeper is extending AI-driven monitoring into RBI sessions. This allows security teams to analyze user activity in real time and detect anomalies as they occur.
Jeremy London, Director of Engineering, AI and Threat Analytics at Keeper Security, points to measurable changes in how teams operate. “The numbers tell a clear story. KeeperAI reduces threat detection time by 99% – from hours of manual log review to under 10 seconds. It takes session coverage from under 5% with traditional manual review to 100% automated analysis across all privileged sessions. False positives drop by approximately 80%. Analyst throughput goes from roughly 10 sessions reviewed per day to more than 1,000. Those aren't incremental improvements – they change what a security team can realistically accomplish at any given headcount.
With this update, the same AI analysis now applies to browser-based sessions as well. Every session can be monitored, summarized, and evaluated in real time, so teams can quickly see if user actions match expected workflows and catch unusual behavior as it happens.
To reduce noise, the system looks at actions in context instead of scoring entire sessions. Each command is evaluated as it occurs. For example, the same action might be normal during planned work but suspicious at an unusual time or from a different location. This context helps filter out false alerts and focus on what actually matters.
"To ease deployment, administrators can start in Monitor mode, where KeeperAI runs in the background, surfaces findings and builds a behavioral baseline without taking automated action. Once teams are confident in the results, they can enable automated session termination for high-risk classifications. Custom exceptions allow pattern matching and risk threshold tuning per resource, so detection stays calibrated to each environment rather than firing on generic rules. The goal is precision, not volume," says London.
Security controls need to work in real-world conditions. As more companies adopt zero-trust models, they expect not just strict access rules but also continuous monitoring that doesn’t slow people down. If tools make work harder, users find ways around them, and that weakens security. Keeper’s update points to where things are going. Security needs to run quietly in the background, not get in the way. For teams managing privileged access, the focus is now on making controls easy to use while still enforcing them consistently.