AI is making everything riskier, including browser extensions, which security teams may not have visibility into.
The AI extensions are 60% more likely to be plagued with a known CVE and three times more likely to access cookies, according to the Enterprise Browser Extension Security Report 2026 from LayerX Security. After reviewing the data from more than one million enterprise devices, the firm found that AI extensions are also more likely to execute remote scripts.
Those are some sobering statistics, considering how prevalent extensions are—almost every enterprise user (99%) has at least one, such as a grammar checker, a password manager, or perhaps an AI assistant or two. And three-quarters request high or critical permission. That kind of broad access to everything coming through the browser should be a red flag for defenders. As should the tendency toward permissions creep—70% of enterprise users have an extension whose permissions expanded over the previous 12 months. And AI extensions can be counted on to do it six times more frequently.
“The primary interface users have with the internet is via the browser. This includes banking applications, their doctor’s office, social media, etc. It is all via a browser,” says John Bambenek, president of Bambenek Consulting.
“If you capture what is going on there, you see everything,” Bambenek says.
That risk is compounded by the permissiveness associated with AI browsers. “As organizations rapidly adopt agentic AI, Model Context Protocol (MCP), and autonomous browsing capabilities, we’re seeing a pattern develop: AI-native browsers are introducing system-level behaviors that traditional browsers have intentionally restricted for decades,” says Randolph Barr, CISO at Cequence Security.
That shift, he says, “breaks long-standing assumptions about how secure a browser environment is supposed to be.”
But the real exposure surfaces “when individuals install AI browsers on their personal devices,” Barr says.
Previous technology adoption waves, cloud apps, messaging platforms, AI assistants and employees stand as evidence that users first test tools at home. “With AI browsers, curiosity will drive rapid experimentation,” Barr contends. When users get comfortable with tools at home, “those behaviors inevitably bleed into the workplace through BYOD access, browser sync features, or personal devices used for remote work.”
AI browsers are particularly risky because they are easy for adversaries to detect at scale. Because “AI browsers introduce unique fingerprints in their APIs, extensions, DOM behavior, network patterns, and agentic actions,” Barr says, “Attackers can identify them with a few lines of JavaScript or by probing for AI-specific behaviors that differ from traditional browsers.”
Using AI-driven classification models, he explains, “bad actors can now fingerprint AI browsers across millions of sessions automatically” and “at scale, that enables targeted attacks against users running these higher-risk, agent-enabled environments.”
This underscores why enterprises remain cautious. As AI browsers continue to evolve “faster than the guardrails that traditionally protect end users and corporate environments,” Barr notes that enterprises remain cautious.
The impact is being seen in phishing attacks, which have become more sophisticated and automated with the rise of GenAI. That makes “traditional security tools increasingly ineffective, particularly on mobile browsers,” says Krishna Vishnubhotla, vice president, product strategy at Zimperium.
“Sophistication shows up in the form of highly realistic and personalized, well-written phishing content at scale across all mobile phishing (mishing) vectors, including audio, video, and voicemail,” and the automation aspect “allows attackers to clone websites in seconds, making brand impersonation easier than ever,” says Vishnubhotla.
To mitigate the risk, “transparency around system-level capabilities, independent audits, and the ability to fully control or disable embedded extensions are table stakes if these browsers want to be considered for regulated or sensitive workflows,” says Barr.
Users play an important role in reducing risk as well. To better protect themselves, Bambenek says users should “not install extensions from third-party sources and use the existing extension ‘stores’ built into the browser.
Instead, they “should install only popular ones that you make an intentional choice to get,” he says.
Enterprises must act now to push the industry toward more secure, transparent designs, Barr says, “before these tools become deeply embedded in enterprise ecosystems.”
Click Here For The Original Source.
