IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
AI
#
Cybersecurity
#
Data collection

AI Chrome extensions pose privacy risk, study reveals

Today
Author image
By Kaleah Salmon, Journalist

Research conducted by Incogni has highlighted potential privacy risks associated with AI-powered Chrome extensions, revealing that two-thirds of those analysed collect user data.

The study encompassed 238 AI Chrome extensions and found that 41% collect personally identifiable information, with more than a third identified as high-risk regarding potential cybersecurity damage to users.

Incogni's analysis came amidst growing reliance on AI technologies integrated into daily life. Popular extensions such as Grammarly and Vetted are commonly used, raising concerns about the assumption of safety within Google's ecosystem, given the recent breaches affecting over 2.6 million users.

During the research, Incogni examined permissions required by these extensions, discovering that they demand an average of three permissions. An alarming 41% of these extensions could cause significant harm if compromised.

The study ranked categories of AI-powered extensions according to privacy risk, finding that programming assistants pose the highest risk while audiovisual generators are considered the least privacy-invasive. Personal and general-purpose assistants also ranked poorly, whereas information lookup helpers scored comparatively well.

The study also focused on extensions with over two million users, identifying DeepL as the most privacy-invasive due to its numerous sensitive permissions. It was followed by AI Grammar Checker & Paraphraser and Sider.

The researchers noted, "It is also notable that Grammarly, DeepL, and Sider have a high-risk impact, which means that, theoretically, they can exfiltrate or compromise a lot of sensitive user data or otherwise encroach upon users' privacy."

Incogni Head Darius Belejevas commented on the findings, "People are coming up with such creative ways to use AI. There's probably an AI extension for almost any use-case you could think of. While this is very exciting, it could also be risky if users don't stop to consider whether the extensions they add to their browser may be logging their every keystroke, or injecting code into the sites they visit."

He emphasised the need for caution, advising, "Unfortunately, we have more reason than ever to be cautious—from hackers looking to exploit systems to scammers targeting just about everyone. It's essential consumers carefully weigh the benefits against the potential risks of AI-powered extensions and choose more privacy-friendly options."

The methodology involved examining extensions with "AI" in their name or description throughout the Chrome Web Store. Researchers examined data collection practices and permissions, categorised each extension accordingly, and assigned scores based on privacy impact.

The full study and dataset used in this research are available for policymakers, journalists, and privacy advocacy groups to review. Incogni urges a close examination of the findings to raise awareness about privacy concerns linked to AI Chrome extensions.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AI needs process intelligence for meaningful impact
Under attack: Exposing upscale hacktivist DDoS tactics
Freshworks appoints Subramanian to lead product management
Agile continues to shape business strategies by 2025
Dynatrace unveils AI, security, & developer tools update
Top stories
Employment Hero reaches AUD $250M in annual recurring revenue
Nutanix: GenAI strategies prioritise security & scaling
Pax8 & Foxit enhance cloud offerings with new partnership
OutSystems releases AI-driven Mentor for software development
Grandstream unveils GWN7670, its first Wi-Fi 7 access point