While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions.
A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn’t on anyone’s radar.
AI browser extensions don’t trigger your DLP and don’t show up in your SaaS logs. They live inside the browser itself, with direct access to everything your employees see, type, and stay logged into. AI extensions are 60% more likely to have a vulnerability than extensions on average, are 3 times more likely to have access to cookies, 2.5 times more likely to be able to execute remote scripts in the browser, and 6 times more likely to have increased their permissions in the past year. These extensions install in seconds and can remain in your environment indefinitely.
The Browser Extension Threat Surface Is Everybody, Yet Nobody Is Watching
The first misconception is that extensions are a niche risk. Something limited to a subset of users or edge cases. That assumption is completely wrong.
According to the report, 99% of enterprise users run at least one browser extension, and more than a quarter have over 10 installed. This is not a long tail problem; it is universal.
Yet most organizations cannot answer basic questions. Which extensions are in use? Who installed them? What permissions do they have? What data can they access?
Security teams have spent years building visibility into networks, endpoints, and identities. Ironically, browser extensions remain a major blind spot.
AI Extensions Are The AI Consumption Channel That Nobody Talks About
While much of the current conversation around AI security focuses on SaaS platforms and APIs, this report highlights a different and largely ignored channel: AI browser extensions.
These tools are spreading quickly. About 1-in-6 enterprise users already use at least one AI extension, and that number is only growing.
Organizations may block or monitor direct access to AI applications. But extensions operate differently. They sit inside the browser. They can access page content, user inputs, and session data without triggering traditional controls.
In effect, they create an ungoverned layer of AI usage, one that bypasses visibility and policy enforcement.
AI Extensions Are Not Just Popular. They Are Riskier
It would be easy to assume that AI extensions carry a similar risk to other extensions. The data shows otherwise.
AI extensions are significantly more dangerous. They are 60% more likely to have a CVE than average, 3x more likely to have access to cookies, 2.5x more likely to have scripting permissions, and 2x more likely to be able to manipulate browser tabs.
Each of these permissions carries real implications. Cookie access can expose session tokens. Scripting enables data extraction and manipulation. Tab control can facilitate phishing or silent redirection.
This combination of fast adoption, elevated access, and weak governance makes AI extensions an urgent emerging threat vector.
Extensions Are Not Static. They Change Over Time
Security teams often treat extensions as static. Something that can be approved once and forgotten. But that’s not how it works.
Extensions evolve. They receive updates. They change ownership. They expand permissions.
The report shows that AI extensions are nearly six times more likely to change their permissions over time, and that more than 60% of users have at least one AI extension that has changed its permissions in the past year.
This creates a moving target that traditional allowlists cannot keep up with. An extension that was safe yesterday may not be safe today.
The Trust Gap in Browser Extensions Is Wider Than Expected
Security teams rely on a range of trust signals to evaluate extensions, including publisher transparency, install counts, update frequency, and the presence of a privacy policy. While these do not directly indicate malicious behavior, they are key to assessing overall risk.
A significant portion of extensions have very low user bases. More than 10% of all extensions have fewer than 1,000 users, a quarter have fewer than 5,000 users, and a third have fewer than 10,000 installations. This is particularly a challenge with AI extensions, where 33% of AI extensions have fewer than 5,000 users, and nearly 50% of AI extensions have less than 10,000 users.A large user base is essential for establishing ongoing trust, but once again, AI extensions are showing substantially higher risk.
Moreover, around 40% of extensions haven’t received an update in over a year, suggesting that they are no longer actively maintained. Extensions that are not regularly updated may contain unresolved vulnerabilities or outdated code that attackers exploit.
As a result, most extensions used in enterprise environments show weak or missing signals across these areas. This raises serious questions about data handling and compliance. It also highlights how little scrutiny extensions receive compared to other software components.
Turning Insight into Action: The Path Forward for CISOs
The report outlines a clear direction for security teams:
- Continuously Audit The Organization’s Extension Threat Surface: With 99% of enterprise users running at least one extension, a full inventory is a mandatory first step toward risk reduction. CISOs should do an organization-wide extension audit covering all browsers, managed and unmanaged endpoints, across all users.
- Apply Targeted Security Controls to AI Extensions: AI extensions represent an outsized risk due to their elevated permissions that can expose SaaS sessions, identities, and sensitive in-browser data. Organizations should apply stricter governance policies to control how these extensions interact with enterprise environments.
- Analyze Extension Behavior, Not Just Static Parameters: Static approvals are not sufficient. Risk needs to be continuously assessed based on permissions, behavior, and changes over time.
- Enforce Trust and Transparency Requirements: Extensions that have very low install counts, lack privacy policies, or show poor maintenance history should be treated as higher risk. Establishing minimum trust criteria helps reduce exposure to unverified or abandoned extensions.
A New Lens On An Old Problem
For years, browser extensions have been treated as a convenience feature. Something to enable productivity and customization. However, they are no longer a peripheral risk. They are a core part of the enterprise attack surface. Widely used, highly privileged, and largely unmonitored, they create direct exposure to sensitive data and user sessions.
Download the full Extension Security report from LayerX to understand the full scope of these findings, identify where your exposure truly lies, and get a clear path to controlling this growing attack surface without disrupting productivity.
