A new LayerX report exposes AI browser extensions as an unmonitored enterprise attack surface with direct access to everything users see, type, and remain logged into. They bypass DLP and SaaS logs, are significantly more likely to have vulnerabilities and elevated permissions, and require immediate inventorying and stricter governance. #LayerX #AIextensions
Keypoints
- AI browser extensions operate inside browsers with access to page content, user inputs, and active sessions, creating a major blind spot.
- Extensions bypass traditional DLP and SaaS logging, allowing sensitive data and session tokens to be exposed without detection.
- LayerX found AI extensions are 60% more likely to have a CVE, 3Γ more likely to access cookies, 2.5Γ more likely to run remote scripts, and 6Γ more likely to increase permissions.
- Extensions are ubiquitous and dynamicβ99% of enterprise users run at least one, many extensions change permissions over time, and many lack active maintenance.
- CISOs should inventory all extensions, apply targeted controls to AI extensions, continuously assess behavior and permissions, and enforce trust and transparency criteria.
Read More: https://thehackernews.com/2026/04/browser-extensions-are-new-ai.html