"AI browsers may be smart, but they're not smart enough to block a common threat: Malicious extensions. That's the conclusion of researchers at SquareX, who on Thursday released a report showing how attackers can exploit AI sidebars through compromised browser extensions. This attack vector isn't new. Malicious extensions have been inserted into browser web stores to infect standard browsers such as Chrome, Edge, Firefox, and others for years."
"What SquareX discovered are malicious extensions that can spoof the legitimate AI sidebars people use for queries. Their goal is to trick users into going to malicious websites, running data exfiltration commands, or installing backdoors. AI sidebar spoofing even works on the just-released OpenAI Atlas browser, SquareX says. One solution for CISOs and CIOs is to ban the use of AI browsers, it suggests."
Malicious browser extensions can spoof legitimate AI sidebars to trick users into visiting malicious sites, executing data-exfiltration commands, or installing backdoors. The technique can target standard browsers such as Chrome, Edge, and Firefox and also works against AI-enabled browsers like OpenAI Atlas. Organizations can mitigate risk by banning AI browsers where feasible or by auditing all extensions installed on employee devices. AI-capable software should be segmented away from sensitive assets and governed by strict zero-trust controls. IT leaders must update policies, enforce extension audits, and implement network segmentation and guardrails around AI use.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]