- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
TrustModel.ai Finds 63% of Top Chrome Extensions and AI Agents Pose Security Risks
First large-scale automated trust assessment reveals widespread vulnerabilities in browser extensions, including AI agents.
Apr. 16, 2026 at 10:54pm
Got story updates? Submit your updates here. ›
The intricate web of browser extensions and AI agents exposes enterprises to a growing array of security risks and data vulnerabilities.Mountain View TodayTrustModel.ai, an AI assurance platform, has conducted the first large-scale, independent TrustScore analysis of the 100 most-installed Chrome extensions and 10 leading AI browser agents. The analysis found that the majority of these extensions and agents introduce significant security and data exposure risks, with only 9 of 108 earning a "Highly Trusted" status.
Why it matters
Browser extensions have become one of the largest unmanaged attack surfaces in the enterprise, with a unique level of access and speed of exposure. Recent high-profile incidents, such as the Cyberhaven breach and a coordinated attack on over 35 extensions, have highlighted the growing threat. As AI-powered tools become more embedded in the browser, the need for continuous visibility and control over these extensions becomes critical to protect user data and enterprise security.
The details
The TrustModel.ai analysis found that 43% of the top 100 extensions have access to all websites users visit, allowing them to read, modify, and exfiltrate data from every page. Additionally, 46 extensions were found to monitor keyboard input, and 27 use the 'eval()' function, which can download and run arbitrary code after installation, bypassing Chrome Web Store review. Only 9 of the 108 extensions earned a "Highly Trusted" status, while the majority (68 extensions) fell into the "Use With Caution" tier.
- In 2025 alone, over 35 Chrome extensions with a combined 2.6 million users were compromised through phishing attacks targeting extension developers.
- The Cyberhaven breach in December 2025 exposed sensitive data from 400,000 users when attackers hijacked the company's Chrome Web Store account through a targeted OAuth phishing campaign.
The players
TrustModel.ai
An AI assurance platform that evaluates, remediates, and certifies AI systems across foundation models, COTS applications, and AI agents.
Ketan Nilangekar
Founder and CEO of ThreatWorx, a cybersecurity company that developed the TrustModel.ai platform.
Ramesh Chitor
Chief Customer Officer at TrustModel.ai.
What they’re saying
“Browser extensions have quietly become one of the largest unmanaged attack surfaces in the enterprise. What makes this risk unique is both the level of access and the speed of exposure — a compromised extension update can propagate to every user within hours, often without detection.”
— Ketan Nilangekar, Founder and CEO of ThreatWorx
“With AI agents now embedded in the browser, the stakes are even higher. These extensions don't just see your browsing, they process your conversations, read your documents, and interact with your data in ways that are opaque to the user. Our analysis shows that while the major AI labs and LLMs (e.g., those from Anthropic, OpenAI, Google) are working to build responsibly, the third-party ecosystem wrapping their models introduces significant additional risk.”
— Ramesh Chitor, Chief Customer Officer, TrustModel.ai
What’s next
Enterprises need independent trust assessment for every extension in their fleet, which is what TrustModel.ai provides. Extension developers who believe their score is inaccurate can request a manual review.
The takeaway
This analysis highlights the growing security risks posed by browser extensions, including those powered by AI agents. As these tools become more prevalent, organizations must prioritize continuous visibility and control over their browser environments to protect user data and enterprise security.
