Browser Extensions Are the New Channel for Using AI That No One Is Talking About
While there’s a lot of talk in AI security centers about protecting the ‘shadow’ use of AI and GenAI, there’s a very open window that no one is watching: AI browser extensions.
A new report from LayerX reveals just how deep this blind spot goes, and why AI extensions can be the most dangerous AI threat area in your network that isn’t on anyone’s radar.
AI browser extensions do not trigger your DLP and do not appear in your SaaS log. They live within the browser itself, with direct access to everything your employees see, write, and stay logged in to. AI extensions are 60% more likely to be vulnerable than average extensions, 3 times more likely to receive cookies, 2.5 times more likely to be able to run remote scripts in the browser, and 6 times more likely to increase their permissions in the past year. These extensions are installed in seconds and can stay in place forever.
The Browser Extension Threat Site Is Everyone’s, Yet No One’s Watching
The first misconception is that extensions are a niche risk. Something that is limited to a set of users or edge cases. That thinking is completely wrong.
According to the report, 99% of business users use at least one browser extension, and more than a quarter have installed more than 10. This is not a long tail problem; it’s all over the world.
Yet most organizations cannot answer basic questions. What extensions work? Who installed them? What permissions do they have? What data can they access?
Security teams have spent years building visibility into networks, endpoints, and identities. Ironically, browser extensions are always a big blind spot.
AI Extensions The AI Application Channel That No One Is Talking About
While much of the current discussion about AI security focuses on SaaS platforms and APIs, this report highlights a different and largely overlooked channel: AI browser extensions.
These tools spread quickly. About 1-in-6 business users are already using at least one AI extension, and that number is only growing.
Organizations can block or monitor direct access to AI systems. But extensions work differently. They live inside the browser. They can access page content, user input, and session data without triggering normal controls.
In essence, they are creating an unregulated layer of AI implementation, one that transcends visibility and policy implementation.
AI Extensions Are Not Just Popular. They are more dangerous
It would be easy to think that AI extensions carry the same risk as other extensions. The data shows otherwise.
AI extensions are very dangerous. They are 60% more likely to have a CVE than average, 3x more likely to receive cookies, 2.5x more likely to have write permissions, and 2x more likely to be able to manipulate browser tabs.
Each of these permissions carries real implications. Cookie access can expose session tokens. Scripting enables data extraction and manipulation. Controlling the tab can lead to phishing or silent redirects.
This combination of rapid adoption, high reach, and weak governance makes AI extensions an urgent emerging threat.
Adverbs Don’t Stop. They change over time
Security teams often treat extensions as static. Something that can be acknowledged once and forgotten. But it doesn’t work like that.
Adverbs are flexible. They get updates. They changed ownership. Expand permissions.
The report shows that AI extensions are nearly six times more likely to change their permissions over time, and that more than 60% of users have at least one AI extension that has changed its permissions in the past year.
This creates a moving target that whitelists cannot keep up with. An extension that was safe yesterday may not be safe today.
The Trust Gap in Browser Extensions Is Wider Than Expected
Security teams rely on a series of trust signals to check extensions, including publisher transparency, install count, update frequency, and the existence of a privacy policy. Although these do not directly indicate malicious behavior, they are key to assessing overall risk.
A significant portion of extensions have very low user bases. Over 10% of all extensions have less than 1,000 users, a quarter have less than 5,000 users, and a third have less than 10,000 installations. This is especially challenging for AI extensions, where 33% of AI extensions have fewer than 5,000 users, and nearly 50% of AI extensions have fewer than 10,000 users. A large user base is important for establishing continued trust, but again, AI extensions present a very high risk.
In addition, about 40% of extensions have not received an update in over a year, suggesting that they are no longer maintained. Extensions that are not regularly updated may contain unresolved vulnerabilities or outdated code that can be exploited by attackers.
As a result, many extensions used in business areas show weak or missing signals in all these areas. This raises serious questions about data management and compliance. It also highlights how small test extensions are getting compared to other software components.
Turning Insight into Action: The Way Forward for CISOs
The report provides clear guidance for security teams:
- Continuously Analyze the Organizational Extension Threat Environment: Since 99% of business users use at least one extension, a comprehensive inventory is a mandatory first step to reduce risk. CISOs should conduct an organization-wide audit that includes all browsers, managed and unmanaged endpoints, for all users.
- Use Targeted Security Controls for AI Extensions: AI extensions represent a significant risk due to their high permissions that can expose SaaS sessions, identities, and sensitive browser data. Organizations must implement strict management policies to control how these extensions interact with business environments.
- Analyze Extended Behavior, Not Just Static Parameters: Strict permissions are not enough. Risk needs to be assessed continuously based on permissions, behavior, and changes over time.
- Emphasize the Needs for Trust and Transparency: Extensions with very low install counts, no privacy policies, or showing a poor maintenance history should be considered high risk. Establishing a minimum trust mechanism helps reduce exposure to unverified or rejected extensions.
A New Lens on an Old Problem
For years, browser extensions have been considered a simple feature. Something to enable productivity and customization. However, they are no longer a peripheral risk. They are a key part of the enterprise attack environment. Widely used, highly privileged, and largely overlooked, they create direct exposure to sensitive data and user sessions.
Download the full Extension Security report from LayerX to understand the scope of these findings, identify where your exposure really is, and find a clear way to manage this growing attack without disrupting productivity.
