ACCORDING to LayerX, AI browser extensions represent a wide-open, under‑guarded attack surface inside organisations, sitting inside the browser with direct access to page content, inputs and session data without triggering traditional controls. The report notes that 99% of enterprise users run at least one browser extension, with more than a quarter having over 10 installed, and about 1-in-6 enterprise users already using at least one AI extension.
AI extensions are described as significantly more dangerous, being 60% more likely to have a CVE, 3 times more likely to access cookies, 2.5 times more likely to have scripting permissions, and twice as likely to be able to manipulate browser tabs, all while they can install in seconds and remain in the environment indefinitely.
The findings also highlight governance gaps: more than 40% of extensions haven’t received an update in over a year, and a substantial share have relatively small user bases—over 10% with fewer than 1,000 users, a quarter with fewer than 5,000, and a third with fewer than 10,000; AI extensions show 33% under 5,000 users and nearly 50% under 10,000.
The report emphasises that AI extensions change permissions over time—nearly six times more likely to change their permissions—and urges continuous risk assessment and stricter governance, with organisations advised to audit extension surfaces and analyse behaviour rather than relying on static checks. 10 April 2026.