While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions.
A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's radar.
AI browser extensions don't trigger your DLP and don't show up in your SaaS logs. They live inside the browser itself, with direct access to everything your employees see, type, and stay logged into. AI extensions are 60% more likely to have a vulnerability than extensions on average, are 3 times more likely to have access to cookies, 2.5 times more likely to be able to execute remote scripts in the browser, and 6 times more likely to have increased their permissions in the past year. These extensions install in seconds and can remain in your environment indefinitely.
The Browser Extension Threat Surface Is Everybody, Yet Nobody Is Watching
thehackernews.com
