Even tools that promise to make work easier can sometimes introduce risks we don’t immediately see. As AI assistants become more common in everyday browsing, we’ll share a recent example of how attackers are starting to take advantage of that familiarity as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• AI tools that aren’t what they seem
• How browser extensions can quietly access sensitive data
• Why login credentials are a prime target
• What researchers uncovered about a coordinated campaign
• Practical steps to protect your accounts and organization

Video Transcript

Researchers recently uncovered a campaign of Chrome extensions pretending to be AI assistants. Instead of being real AI tools, many of them were quietly connected to outside servers that could change how the extension behaved at any time.

In total, about thirty different extensions were identified, and together they reached hundreds of thousands of users, with estimates ranging between roughly two hundred sixty thousand and over three hundred thousand installations. The discovery was made by the browser security research team at LayerX, and additional reporting noted that some of these extensions were still present in the Chrome Web Store at the time the findings were published.

What makes this situation concerning is what these extensions were able to access. Because browser extensions can request broad permissions, these tools were capable of reading information directly from the pages people were viewing. That included login credentials, browsing activity, and in certain cases, email content inside Gmail.

The lesson here is not that all browser extensions or AI tools are unsafe, but that convenience sometimes comes with hidden access. When an extension asks for permission to read and change data across websites, it is essentially requesting visibility into what appears on the screen. That level of access is powerful, and when it is granted to something unverified, it can create unintended exposure.

In regards to protecting your team and organization, there are a few practical steps you can take. Reviewing installed browser extensions on a regular basis is a good starting point, especially if there are tools that were added quickly or forgotten over time. Removing anything unfamiliar, paying attention to the permissions being requested, and resetting passwords if a questionable extension was installed are all sensible precautions. Enabling multi-factor authentication on key accounts adds another layer of protection and reduces the impact if credentials are ever compromised.

For businesses, this is also a reminder that technology adoption often moves faster than policy. Employees may install helpful-looking tools with good intentions, but without visibility or guardrails, those tools can introduce risk. This is where having an IT partner can make a meaningful difference. An experienced IT team can help audit browser environments, establish approved extension lists, monitor account activity, and provide guidance that keeps productivity high without sacrificing security. For help, contact Rocket IT using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.