AI browser extensions

what AI browser extensions are and what access they hold

AI browser extensions are plugins installed in a browser (Chrome, Edge, Firefox) that add AI-assisted functionality: writing assistance, summarization, tab reading, email drafting, page explanation, and similar tasks.

They are installed by individual users, usually in seconds, from a browser extension store. No IT ticket, no approval, no deployment through endpoint management unless MDM has extension policy controls in place.

The access they request depends on the extension. Common permissions include reading the content of all open tabs, reading text the user types into any form or text field, accessing clipboard contents, and in some configurations reading cookies or interacting with page JavaScript. Some extensions request these permissions broadly ("all websites") rather than limiting themselves to the sites where they are actually useful.

The data that flows through these permissions goes to the extension vendor's infrastructure. The terms of service that govern that flow are the extension vendor's, not your organization's.

why AI extension sprawl is hard to prevent

Browser extensions are designed to be easy to install. That ease is the same quality that makes them useful and the same quality that makes them a governance problem.

An employee who wants a writing assistant, a grammar checker, or a tab summarizer can install one in under a minute. The install requires no administrator credentials. It does not trigger any IT alert. It does not appear in most endpoint inventories unless MDM extension policies are configured to capture it.

The result is that extension installations accumulate across managed and unmanaged devices without a central record. Employees who leave take their Chrome profiles with them, but the extensions may have already accessed and transmitted substantial amounts of company information while they were active.

what unmanaged AI browser extensions expose

Data exposure through tab access. An extension with permission to read all open tabs can see everything a user views in the browser: internal documents opened in a web app, sensitive customer data in a CRM, authentication tokens in developer tools, financial reports in a web-based spreadsheet. The extension transmits whatever it reads to the vendor's infrastructure, under the vendor's terms.

No audit trail. A browser extension that accessed company data through an employee's browser leaves no log in your environment. If a data incident later involves that extension, you have no record of what was seen or when.

Authentication token access. Some extensions request permissions that allow access to cookies or JavaScript execution. On pages where authentication tokens are stored, this creates a credential exposure risk. This is not the typical case, but it is a documented attack vector for malicious extensions distributed through legitimate-looking stores.

what works

Visibility comes from two places, and they see different things. Directory-side discovery, the IdP's connected-app view, shows only the extensions that hold an OAuth grant to the directory; the full picture of what is installed on devices lives in endpoint management. Organizations running Intune, Jamf, or Google Workspace device management can pull a report of installed extensions, filter it for AI, and read the permissions each one requests. The permission strings that matter are "Read and change all your data on all websites," "Read browsing history," and "Access data on all sites": broad grants that a narrow tool has no reason to hold, and the usual signal that an extension belongs under review or replaced with an alternative that asks for less.

What keeps the inventory from rotting is policy enforced by the browser itself. Chrome Enterprise, Edge enterprise policies, and Google Workspace admin controls all support extension allowlisting, which lets a defined approved list through and stops new installs outside it without blocking extensions wholesale. A clear request path for new approvals keeps the allowlist from becoming a wall people climb over. And because new extensions appear constantly and staff install them independently, the picture only stays true if it is re-pulled on a regular cycle; an inventory from three months ago describes a different browser fleet.