Particle.news
Download on the App Store
3 ARTICLES
·
yesterday

Browser Extensions Exploit AI Prompt Fields to Exfiltrate Data from Leading LLMs

Organizations must shift enforcement to the web interface layer by monitoring DOM interactions with AI tools through Chrome Enterprise’s new extension risk scoring integration

Browser extensions steal data from AI tools
Image
Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack

Overview

  • Proof-of-concept tests on ChatGPT, Google Gemini, Copilot, Claude and DeepSeek demonstrate that malicious extensions can inject hidden instructions, extract AI responses and erase histories to avoid detection.
  • The attack leverages the fact that AI prompt inputs are part of a page’s DOM, giving any extension with scripting access the power to read or modify user entries without special permissions.
  • LayerX and Google have integrated extension risk scoring into Chrome Enterprise to give administrators real-time visibility and blocking capabilities for high-risk add-ons.
  • Traditional defenses like endpoint DLP systems and secure web gateways lack insight into DOM-level manipulations, leaving enterprises exposed to silent data exfiltration.
  • With 99% of organizations using at least one browser extension and half deploying more than ten, enterprises face broad vulnerability unless they adopt behavior-based extension controls.