Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

What’s new: A report from LayerX highlights the security risks associated with AI browser extensions, revealing that these extensions are 60% more likely to have vulnerabilities than average. They can access sensitive data, including cookies and session information, without triggering traditional security controls. The report indicates that 99% of enterprise users run at least one browser extension, with many organizations lacking visibility into which extensions are in use and their permissions.

Who’s affected

All organizations using browser extensions are at risk, particularly those with employees using AI extensions. The report notes that about 1-in-6 enterprise users already utilize at least one AI extension, which can create unmonitored access to sensitive data and user sessions.

What to do

• Conduct a comprehensive audit of all browser extensions in use across the organization to identify risks.
• Implement stricter governance policies for AI extensions due to their elevated permissions and potential for data exposure.
• Continuously monitor extension behavior and permissions, rather than relying solely on static approvals.
• Establish minimum trust criteria for extensions, focusing on user base size, maintenance history, and privacy policies.

Sources

• The Hacker News