By Tushar Subhra Dutta
Publication Date: 2026-03-09 08:22:00
A wave of counterfeit AI-powered browser extensions has silently breached over 20,000 enterprise environments, compromising the chat histories of employees who routinely used AI tools for work.
These malicious Chromium-based extensions disguised themselves as legitimate AI assistant tools and accumulated close to 900,000 installs before the threat was surfaced.
What made these extensions particularly alarming was their ability to pass as genuine productivity tools while quietly harvesting sensitive data in the background.
The extensions specifically targeted users of popular AI platforms like ChatGPT and DeepSeek, pulling full conversation histories, visited URLs, and browsing telemetry directly from active browser sessions.
Corporate employees who routinely used these platforms often shared internal code, strategic plans, and proprietary workflows — all of which were quietly captured and staged for transmission to attacker-controlled…
