Tyler Anderson discusses how web security has evolved, with attackers exploiting trust through URL manipulation, phishing, and AI, while visibility is key to protection.
Tyler Anderson, a security engineer with two decades of experience, reflects on the evolution of web security, highlighting how trust has become a key asset exploited by attackers. Over his career, Anderson has witnessed the shift from simple web filtering to intelligence-driven defenses, where context, visibility, and risk-based decisions play a critical role in protecting users. As AI advances both offense and defense in the cybersecurity landscape, Anderson emphasizes that human judgment remains irreplaceable in identifying and stopping threats.
The internet runs on trust, yet attackers continue to weaponize URLs, domains, and web infrastructures to exploit this model. Anderson explains that modern attacks often happen on legitimate platforms, making them harder to detect. Techniques such as lookalike domains using international characters (IDN homograph attacks), abused top-level domains, and URL wrapping are common methods used to deceive users. Moreover, attackers are leveraging QR codes and manipulated GenAI responses to bypass traditional defenses.
One significant challenge in web security today is how attackers are manipulating web traffic. Anderson notes, “Web traffic has shifted from humans clicking on websites to machines communicating over APIs, completely changing the threat landscape.” This transformation has created new attack surfaces, especially with the rise of user-generated content and mobile browsing, which often hides critical parts of URLs, making deception easier.
The role of web reputation and Secure Web Gateways (SWGs) in protecting against attacks is essential. Anderson likens threat protection to a funnel, where web reputation sits at the top. Known good traffic is allowed through, while malicious sites are blocked or analyzed in real-time. With Webpulse Threat Intelligence integrated across Broadcom’s products, once a threat is detected for one customer, it can be fed back into the system, providing massive visibility and helping block attacks across web, mobile, email, SSL, and APIs.
Risk-based analysis is also key in addressing gray areas where a site isn’t clearly defined as good or bad. By assessing factors such as domain age, behavior, and hosting, security systems calculate a score that allows organizations to tailor policies based on their risk tolerance. This enables safer browsing even on uncertain sites while blocking genuine threats.
Looking ahead, AI is expected to play a significant role in web security, though Anderson cautions that it is not a replacement for human expertise. “AI is fundamentally a prediction engine, but to discover new threats, we need humans to provide context, train machine learning models, and make judgment calls,” he says.
As attackers continue to exploit the openness of the web, the need for unified visibility and real-time analysis is greater than ever. Anderson stresses that security teams must have comprehensive context across emails, URLs, cloud services, and user behavior to fully understand how attacks unfold. By gaining this visibility, organizations can move from merely reacting to threats to preventing them altogether.
