AI-powered browser extensions have become increasingly popular, promising to summarize, write and turn plaintext into code. However, this proliferation comes with security risks, including malware posing as legitimate products, data breaches, plagiarism concerns, and the inability to solve prompt injection attacks. Despite efforts to mitigate these risks, users provide sensitive data to browser extensions that lack clear policies to assess risk. Companies can set clear guidelines by educating employees on assessing AI products and pledging to whitelist extensions on a case-by-case basis. Policy guidelines should include visibility, zero-trust access and conversations with employees.
https://www.kolide.com/blog/ai-browser-extensions-are-a-security-nightmare