AI-powered browsers are becoming more popular, but they might have a hidden risk. Researchers from SquareX have found that malicious browser extensions can spoof AI sidebars, trick users, and cause serious security issues. This isn’t a new problem, but it’s gaining attention because AI extensions might be easier for hackers to manipulate than traditional tools.

The Hidden Threat of Spoofed AI Sidebars

Many people use AI sidebars inside their browsers to get quick answers or help with tasks. But some malicious extensions can create fake sidebars that look just like the real ones. When someone types a prompt into this fake sidebar, the extension can send misleading responses or even dangerous commands. For example, it could direct a user to a harmful website or instruct their computer to run malicious code.

SquareX tested this on several browsers, including the newly released OpenAI Atlas browser. They found that attackers can inject code into the fake sidebar, which can then manipulate what the user sees or does. In one case, a fake prompt might give instructions to install malware or give an attacker access to the user’s files or email. This kind of attack can happen easily if users download malicious extensions from untrusted sources or even from official web stores.

Why This Matters for Security Leaders

IT and security teams need to treat AI browsers and extensions with caution. One suggestion is to ban AI browsers altogether, but that’s not always practical. More realistically, organizations should carefully audit all extensions employees install, especially on AI browsers, and enforce strict rules about what can be added. Implementing zero-trust policies is crucial. This means treating every AI tool or extension as potentially risky until proven safe.

Experts recommend segmenting AI browsing activities from sensitive systems and data. That way, if an extension or AI tool is compromised, it can’t affect core business assets. Ed Dubrovsky, a cybersecurity specialist, emphasizes that AI introduces a new kind of risk—more like hiring a bunch of unvetted new employees than just deploying new software. AI can act on its own, write code, and even deploy other software, which makes security more complex.

He warns that AI isn’t foolproof. While it might get better at resisting manipulation over time, it’s still vulnerable to being tricked by other AI systems or malicious inputs. The challenge for security teams is to keep up with these rapid changes and develop guardrails that prevent AI from becoming a security liability.

How Hackers Exploit AI Sidebar Spoofing

The way these attacks work is pretty sneaky. Cybercriminals create extensions that look harmless, like a password manager or a productivity tool. Once installed, the extension injects code into the browser to fake an AI sidebar that appears legitimate. When a user enters a question or command, the fake sidebar can modify the response or send the user to malicious sites.

For example, if someone asks for instructions on installing software, the fake sidebar might provide a command that actually downloads malware or gives an attacker remote access. In a real test, researchers saw a fake sidebar suggest commands that would have opened a reverse shell, giving the attacker control over the victim’s device.

To protect against this, organizations need to set policies that block risky activities. This could include blocking high-risk permissions, warning users about suspicious commands, and blocking access to known malicious sites. Security experts stress that trusting AI tools blindly is dangerous. They recommend strict controls on extensions, especially those requesting broad permissions, and segmenting AI activities from critical systems.

Moving Forward with Safer AI Browsing

The rise of agentic AI tools—those that can perform tasks independently—raises the stakes. These tools could be exploited if they’re not properly secured, leading to data breaches or system takeovers. Experts say organizations should restrict AI browser use to low-risk tasks until these tools are thoroughly tested and secured.

Security leaders also need to revisit how they approve extensions. Any tool requesting extensive permissions should undergo careful review. Additionally, implementing least-privilege policies can limit what AI extensions can access, reducing their potential impact if compromised. Segmentation of AI activities from sensitive data and systems is also critical.

The key takeaway is that as AI becomes more integrated into our workflows, so do the risks. Organizations must treat AI-enabled tools with the same, if not greater, caution as traditional security measures. Building a secure environment for AI involves not just technology but also policies, user awareness, and ongoing vigilance against evolving threats. Until better safeguards are in place, security teams should proceed carefully and prioritize protecting their most valuable assets from these emerging AI-related risks.

Inspired by

• https://www.computerworld.com/article/4078274/ai-browsers-can-be-abused-by-malicious-ai-sidebar-extensions-report.html

Sources

• gmpg.org
• sqrx.com
• csoonline.com
• cypfer.com
• exabeam.com