Shadow AI refers to GenAI-powered tools, browser extensions, and agentic browsers that run inside the browser, creating an unmanaged AI execution environment with security visibility gaps. The article outlines six risks, a real-world Perplexity Comet Attack example, and recommended defenses such as browser session monitoring, clear AI-use policies, identity controls, and employee education. #ShadowAI #PerplexityCometAttack
Keypoints
- Shadow AI runs GenAI tools and agentic browsers inside the browser, creating an unmanaged execution environment beyond traditional controls.
- AI-powered extensions can gain elevated permissions and exfiltrate data without visibility to legacy security tools.
- Indirect prompt injection lets the AI read hidden instructions in web content and act across domains with user authority.
- AI agents inside the browser can expose identity artifacts like session cookies and tokens, enabling persistent access if leaked.
- BYOD and automated AI updates create supply-chain and governance gaps, increasing risk and reducing security visibility.
Read More: https://thehackernews.com/expert-insights/2025/12/shadow-ai-in-browser-next-enterprise.html