"AI browser extensions do not trigger data loss prevention systems and are not logged in SaaS applications, allowing them to operate unnoticed within the browser environment. They have direct access to everything employees see and type, making them a significant security risk."
"The report reveals that AI extensions are 60% more likely to have vulnerabilities than average extensions and are three times more likely to access cookies, indicating a serious threat to enterprise security that is not being adequately monitored."
"Despite the widespread use of browser extensions, organizations struggle to answer fundamental questions about their presence, such as which extensions are in use, who installed them, and what permissions they possess, highlighting a critical gap in security oversight."
AI browser extensions represent a major security blind spot for organizations, with 99% of enterprise users utilizing them. These extensions have higher vulnerability rates and can access sensitive data without detection. Many organizations lack visibility into which extensions are installed, their permissions, and the data they can access. The rapid adoption of AI extensions among users highlights the urgent need for security teams to address this overlooked threat surface in their networks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]