LIVE THREATS
MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale // MEDIUM AI Agent Identity Sprawl Creates New Attack Surface in Enterprise IAM // MEDIUM AI Security Lacks Reliable Measurement: Why Benchmarks Alone Are Insufficient // HIGH Anthropic's Mythos AI Model Used to Find Exploitable macOS Kernel Vulnerability // MEDIUM Microsoft Open-Sources RAMPART and Clarity to Harden AI Agent Security // MEDIUM LLM Activation Steering Goes Local: Security Implications of Direct Model Manipulation //
ATLAS OWASP HIGH Significant risk · Prioritise patching LLM Security Supply Chain Agentic AI Industry News RELEVANCE ▲ 7.5

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

SOURCE The Hacker News ↗
TL;DR HIGH
  • What happened: AI browser extensions bypass enterprise security controls, exposing 1-in-6 users to data theft.
  • Who's at risk: Enterprise security teams and employees using AI extensions, unmonitored by DLP or SaaS logging systems.
  • Act now: Audit installed AI extensions across enterprise and baseline current exposure. · Block high-risk AI extensions via browser policy until security review complete. · Implement extension permission monitoring outside existing DLP tooling scope.
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

Overview

A new report from browser security firm LayerX has surfaced a significant and underappreciated attack surface in enterprise AI security: AI-powered browser extensions. While security teams invest heavily in monitoring SaaS AI platforms and API endpoints, browser extensions operate in a largely ungoverned layer directly within the browser — invisible to DLP tooling and absent from SaaS access logs. With 1-in-6 enterprise users already running at least one AI browser extension and 99% of all enterprise users running at least one extension of any kind, the scale of the exposure is enterprise-wide.

Technical Analysis

AI browser extensions present a compounded risk profile compared to standard extensions. According to the LayerX dataset:

  • 60% more likely to carry a known CVE than the average extension
  • 3x more likely to have access to browser cookies, enabling potential session token theft
  • 2.5x more likely to possess remote script execution permissions, enabling dynamic payload delivery
  • 6x more likely to have escalated their permissions in the past year — a key indicator of supply chain tampering or malicious update injection
  • 2x more likely to be able to manipulate page content, enabling real-time data interception or prompt injection into web-based AI interfaces

Because extensions run inside the browser process, they can intercept keystrokes, read page DOM content, exfiltrate form data, and access authenticated session tokens — all without generating alerts in traditional network security tools. This architecture effectively creates an ungoverned AI consumption channel that bypasses policy enforcement at the network and identity layers.

The permission escalation finding is particularly concerning from a supply chain perspective: legitimate extensions may be acquired by malicious actors and weaponised through silent updates, a pattern consistent with established browser extension supply chain attacks.

Framework Mapping

  • AML.T0057 (LLM Data Leakage): Extensions with DOM access can silently exfiltrate prompts, responses, and sensitive page content entered into or returned by AI tools.
  • AML.T0010 (ML Supply Chain Compromise): Permission escalation via malicious updates mirrors supply chain compromise patterns in the ML/AI tooling ecosystem.
  • LLM07 (Insecure Plugin Design): AI extensions function as de facto LLM plugins with excessive permissions and no standardised security review.
  • LLM06 (Sensitive Information Disclosure): Cookie and session data access creates direct pathways to credential and data exfiltration.
  • LLM08 (Excessive Agency): Extensions with scripting and DOM manipulation capabilities can act autonomously on behalf of the user without explicit authorisation.

Impact Assessment

The affected population is effectively the entire enterprise workforce. Organisations that believe they have controlled AI usage through application-layer blocking are exposed if they have not inventoried browser extensions. The primary risks are data exfiltration (credentials, PII, proprietary content), session hijacking, and ungoverned AI data processing outside jurisdictional or contractual data boundaries. Regulated industries — finance, healthcare, legal — face compounded compliance exposure.

Mitigation & Recommendations

  1. Inventory all installed browser extensions across managed devices using browser management APIs (Chrome Enterprise, Edge Management Service).
  2. Enforce allowlist policies — block installation of extensions not explicitly approved by security teams.
  3. Audit permissions for all AI-categorised extensions; flag any requesting cookie access, remote scripting, or DOM manipulation.
  4. Monitor for silent permission updates as an indicator of supply chain compromise.
  5. Classify AI extensions as a distinct risk category in your browser security policy, with stricter review thresholds than general extensions.
  6. Integrate browser extension telemetry into SIEM/SOAR pipelines to close the DLP blind spot.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.