by Tim Leogrande, BSIT, MSCP, Ed.S.

🗓 APR 16 2026 • 7 MIN 12 SEC READ

While securing generative AI is arguably the hottest topic in cybersecurity right now, there is a somewhat obscure but related vulnerability that, until very recently, almost no one was talking about — AI browser extensions. But a report published on April 9th by LayerX, a browser-based security vendor, says the company recently scanned over one million networked enterprise devices and found that these tools comprise one of the highest-risk attack surfaces.

While organizations may monitor or restrict direct access to AI applications, extensions operate within the browser itself. This creates an additional layer of AI usage that may fall outside traditional application-level monitoring and policy enforcement. Depending on the permissions granted, extensions may access page content, cookies, or user input across approved browsing domains.

<aside> 💡

These tools can be installed in seconds and, if left unmanaged, may persist indefinitely. Combined with rapid adoption, elevated permissions, and limited oversight, AI browser extensions represent an emerging attack surface that only a small number of organizations are just now starting to address.

</aside>

Most CISOs still lack clear visibility into browser extension usage because questions such as which extensions are being used, who installed them, what permissions they’ve been provided, and what data they can access are often difficult to answer without specialized tools.

IMG_4906.png

For years, security teams have worked to increase visibility into identities, networks, and endpoints. In comparison, browser extensions frequently remain ignored or under-monitored, creating a huge potential blind spot across security initiatives.

Roughly one in six enterprise users currently has at least one AI browser extension installed and adoption is increasing rapidly. It would be easy to assume that the risk associated with AI extensions is comparable to that of other extensions, but the data proves otherwise.

IMG_4907.png

AI extensions are far riskier. They are two times more likely to be able to alter browser tabs, three times more likely to have access to cookies, and two and a half times more likely to have scripting permissions.

There are real consequences associated with each of these permissions. For example, cookies may expose session tokens, scripting makes data extraction and manipulation possible, and tab control can make phishing and silent redirection easier.

IMG_4908.jpeg

Extensions are frequently treated as static by security teams. Something that can be approved once and then forgotten. But they change over time, are automatically updated, their developers transfer ownership, and their permissions are often expanded without notifying the user.

Over 60% of users have at least one AI extension that has altered its permissions in the last year, and AI extensions are over six times more likely to do so over time. Conventional application allow lists are unable to keep up with this rapidly moving target, so a browser extension that was secure yesterday may not be secure today.

IMG_4909.png

A variety of trust signals, such as publisher transparency, install counts, update frequency, and the existence of a privacy policy are often used by security teams to assess the reliability of extensions. These indicators can help evaluate risk, even when they don’t directly indicate malicious activity.

For example, a significant portion of AI extensions have fewer than 10,000 users, which can make it extremely difficult to evaluate their maturity and security posture. Smaller user bases could also reduce the likelihood that vulnerabilities or risky behavior are quickly identified.

IMG_4910.png