While much of the discussion around AI security centers around protecting the consumption of “shadow” AI and GenAI, there is a wide open window that no one is guarding. It’s an AI browser extension.
A new report from LayerX reveals just how deep this blind spot goes and why AI extensions may be the surface of some of the most dangerous unseen AI threats in your network.
AI browser extensions do not trigger DLP and do not appear in SaaS logs. They live inside the browser itself and have direct access to everything your employees see, type in, and stay logged in. On average, AI extensions are 60% more likely to have vulnerabilities than extensions, 3x more likely to be able to access cookies, 2.5x more likely to be able to execute remote scripts in the browser, and 6x more likely to have had their privileges increased in the past year. These extensions install in seconds and can remain in your environment indefinitely.
Browser extension threats exist for everyone, but no one is monitoring them
The first misconception is that extensions are a niche risk. Limited to a subset of users or edge cases. That assumption is completely wrong.
According to the report, 99% of enterprise users run at least one browser extension, and more than a quarter have installed 10 or more browser extensions. This is not a long-tail problem. It’s universal.
However, most organizations are unable to answer basic questions. Which extensions are used? Who installed them? What permissions do they have? What data do they have access to?
Security teams have spent years building visibility into networks, endpoints, and identities. Ironically, browser extensions remain a big blind spot.
AI extensions are the AI consumption channel no one talks about
While much of the current discussion around AI security focuses on SaaS platforms and APIs, this report focuses on another and largely ignored channel: AI browser extensions.
These tools are rapidly becoming popular. Approximately 1 in 6 enterprise users are already using at least one AI extension, and that number is only growing.
Organizations may block or monitor direct access to AI applications. However, extensions behave differently. These reside within your browser. Access page content, user input, and session data without triggering traditional controls.
In effect, they create an unmanaged layer of AI usage that bypasses visibility and policy enforcement.
AI enhancements aren’t just popular; they are more dangerous
It would be easy to think that AI extensions carry the same risks as other extensions. The data shows otherwise.
AI augmentations are extremely dangerous. They are 60% more likely than average to have CVE, 3x more likely to have access to cookies, 2.5x more likely to have scripting privileges, and 2x more likely to be able to manipulate browser tabs.
Each of these privileges has a practical meaning. Accessing cookies may expose session tokens. Scripts allow you to extract and manipulate data. Tab controls can facilitate phishing and silent redirects.
This combination of rapid adoption, elevated access, and weak governance makes AI enhancements an urgent new threat vector.
Extensions are not static. change over time
Security teams often treat extensions as static. Once approved, it is forgotten. But that’s not the case.
Extensions evolve. They will receive updates. They change ownership. These extend privileges.
The report shows that AI extensions are nearly six times more likely to change permissions over time, and over 60% of users have at least one AI extension that has changed permissions in the past year.
This creates a moving target that traditional whitelists cannot keep up with. An extension that was safe yesterday may not be safe today.
The browser extension trust gap is wider than expected
Security teams evaluate extensions based on a variety of trust signals, including publisher transparency, number of installs, frequency of updates, and presence of a privacy policy. Although these do not directly indicate malicious behavior, they are key to assessing overall risk.
Most of the extensions have a very small user base. More than 10% of all extensions have fewer than 1,000 users, a quarter have fewer than 5,000 users, and a third have fewer than 10,000 installs. This is a particular challenge for AI extensions, where 33% of AI extensions have fewer than 5,000 users and nearly 50% of AI extensions have fewer than 10,000 users. A large user base is essential to establishing ongoing trust, but again, AI enhancements present a significantly higher risk.
Additionally, around 40% of extensions haven’t received an update in over a year. This suggests that the extension is not actively maintained. Extensions that are not updated regularly may contain unresolved vulnerabilities or outdated code that attackers can exploit.
As a result, most extensions used in enterprise environments display weak or missing signals across these areas. This raises serious questions regarding data processing and compliance. It also highlights how extensions receive less scrutiny compared to other software components.
Turning insights into action: The way forward for CISOs
This report outlines clear direction for security teams.
Continuously audit the threat landscape of your organization’s extensions: With 99% of enterprise users running at least one extension, a complete inventory is an essential first step in risk mitigation. CISOs should perform organization-wide extension audits across all browsers, managed and unmanaged endpoints, and all users. Apply targeted security controls to AI extensions: AI extensions pose significant risks due to privilege escalation that can expose sensitive data within SaaS sessions, identities, and browsers. Organizations must apply stricter governance policies to control how these extensions interact with the enterprise environment. Analyze extension behavior, not just static parameters: Static authorization alone is not enough. Risks must be continually assessed based on privileges, behavior, and changes over time. Enforce trust and transparency requirements: Extensions that have very few installs, lack a privacy policy, or have a poor maintenance history should be treated as high risk. Establishing a minimum trust standard can reduce exposure to unverified or abandoned extensions.
A new perspective on an old problem
For years, browser extensions have been treated as a convenience feature. Something that enables productivity and customization. But they are no longer peripheral risks. These are core parts of an enterprise’s attack surface. Widely used, highly privileged, and largely unmonitored, they directly expose sensitive data and user sessions.
Download the full Extension Security report from LayerX to understand the full scope of these findings, pinpoint where you really are at risk, and get a clear path to taking control of this growing attack surface without disrupting your productivity.
Source link
