By Jonathan Lim
This blog is part of Gate 15’s blog series “Riding the Tiger: AI Threats and Opportunities”, highlighting the essential considerations for organizational leaders and security professionals. Every week, we’ll be sharing insights, best practices, and actionable strategies to help your organization responsibly leverage AI while safeguarding data, operations, and reputation. Each post in the series will examine a different aspect of AI adoption, threat mitigation, and resilience, while providing actionable insights to help organizations navigate evolving AI risks and harness the technology effectively.
Shadow Tools and Unmanaged Risks
In the current office environment, many enterprise applications run in the web browser: software-as-a-service (SaaS) applications, collaboration platforms, and now, AI-enabled tools. While none of these platforms were designed to be a primary security boundary, browser extensions as add-ons for productivity have grown into a larger risk. Browser extensions are now deeply embedded, powerful components that can read, modify, and transmit data across nearly every application they touch. These processes all intersect with the confidentiality-integrity-availability (CIA) security triad. Many organizations probably have not managed these conditions as a broad attack surface that can be used against them. The outcomes of these risks can lead to data breaches of sensitive or proprietary information, as well as susceptibility to more destructive attacks such as ransomware or data wipers.
While security endpoints, networks, and identity and access management are the typical focus of security investments, shadow AI and the browser now act as operational hubs for business activity. This practice concentrates high-value data and active sessions in one place. Browser extensions often request broad permissions to browsing history, page content, cookies, and authentication tokens inside trusted user sessions. Combined with AI capabilities that analyze and transmit data externally, these tools can bypass established controls that can lead to data leakage, compliance violations, and credential compromise.
Low Visibility with High Impact
At even greater risk, compromised web browser extensions can often operate undetected at scale. In one case, millions of users were impacted by spyware masquerading as legitimate browser extensions, even including fake verified markings to become popular downloads. Researchers have identified hundreds of malicious extensions in addition to AI-themed tools used by threat actors to exfiltrate sensitive data or redirect activity. This is possible since the extensions operate within authenticated browser sessions, which allow threat actors to access enterprise systems without the need to breach perimeter defenses.
Shadow AI compounds the risk posed by browser extensions by introducing unmanaged data flows at scale. Some employees now use AI assistants embedded in their browsers to summarize documents, draft communications, or analyze internal data. This often occurs without approval or awareness from IT and security teams, especially when those teams lack formal allow/block lists and configuration management.
Some studies suggest that up to 70% of employees already engage in some sort of shadow AI usage, often through browser-based tools or extensions. In monitored environments, nearly 38% of AI interactions triggered risk warnings, with personal and sensitive data as the most common exposure. These interactions often involve copying proprietary information into AI prompts or allowing browser extensions to process entire web sessions, which creates a persistent and largely invisible data exfiltration liability.
Widening Attack Vectors
As a threat, the convergence of browser extensions and shadow AI introduces several attack vectors with high impact in terms of risk.
- Prompt injection attacks can manipulate AI-powered extensions to execute unintended actions or expose sensitive information by embedding malicious instructions within the URL or web content. If a trusted extension becomes compromised, threat actors can use it to widen an attack.
- Supply chain risks emerge when browser extensions update automatically, meaning a compromised developer account or malicious update can quickly propagate across an organization’s network.
- The use of personal devices and unmanaged accounts can amplify risks by eliminating visibility into what data is being accessed, how it is processed, and where it is sent.
Addressing these threats requires a shift in mindset and security controls. Traditional security tools such as endpoint detection and network monitoring are insufficient for managing risks inside of browser sessions. Organizations should consider the web browser as a high-risk security domain and implement controls that provide visibility and insights on browser extension usage. Organizations should perform regular audits on their inventory of browser extensions, AI interactions, and data flows. Much like other software on an enterprise, a default-deny approach to browser extensions may be needed to curb risks from unvetted or restricted software. Unmanaged plug-ins and other software tend to accumulate over time, so regular audits, inventories, and risk scoring can curb a growing attack surface.
When Controls Can Backfire
Broadly banning AI may drive its usage further under the radar as users attempt to circumvent strict policies. Governance may also have to balance a push towards AI-enabled efficiency and productivity that conflicts with restrictive usage of AI and browser extensions. Instead, organizations could provide sanctioned AI solutions with clear data handling policies and safeguards that create a more secure pathway for employees to follow. Meanwhile, AI usage must still adhere to legal or standards requirements such as GDPR, SOC2, ISO 27001, and various state privacy regulations.
Some controls to reduce the flow of sensitive data:
- Data classification and usage boundaries
- Data loss prevention (DLP) solutions
- Web browser isolation
- Securely configured enterprise browsers
Conclusion
Ultimately, each organization must balance the convergence of convenience and risk when using browser extensions and AI tools. For security leaders and decision makers, this balance could be accomplished by creating and governing a work environment where there is greater friction to using shadow AI and browser extensions than following well-defined and vetted solutions. To handle that challenge, policy, controls, and visibility should be built into the browser layer. Otherwise, attempts to work around ambiguous controls or policies that are too restrictive can foster a high-risk shadow environment that leads to data breaches, audit failures, and regulatory penalties for the organization.
Gate 15 works across Critical Infrastructure sectors to help organizations protect their people, places, data, and dollars. The threat environment is constantly shifting, and we are here to boost your resilience with plans, exercises, threat analysis, and operational support against both emerging and enduring threats. Contact our team at Gate15@gate15.global to see how we can assist you in delivering on your mission. Join Gate 15’s Resilience and Intelligence Portal (the GRIP)! Sign up today to stay informed of what’s new in all-hazards homeland security and join us in securing America’s people, places, data, and dollars.
Gate 15: Technology-enhanced, human-driven, homeland security risk management.
Understand the Threats.
Assess the Risks.
Take Action.