Are your AI Chrome extensions spying on you? What to watch for

· Source: News and Advice on the World's Latest Innovations | ZDNET · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Novice, short

Summary

New research from data removal service Incogni reveals that over half of sampled AI-branded Chrome extensions collect user data, with nearly a third gathering personally identifiable information (PII). These extensions, downloaded approximately 115.5 million times, pose significant privacy risks. The study, conducted between January 5 and January 7, analyzed 442 AI Chrome extensions, focusing on required permissions and declared data collection. Grammarly and Quillbot were identified as particularly privacy-damaging due to their prevalence and high-risk scores. Forty-two percent of extensions use "scripting" to capture user input, potentially affecting 92 million users. "Programming and mathematical helpers" were found to be the riskiest category, followed by "meeting assistants and audio transcribers" and writing assistants, while "audiovisual generators and text and video summarizers" were the least invasive.

Key takeaway

For engineering leaders evaluating AI productivity tools, you should scrutinize the data collection practices and permission requests of browser extensions. Prioritize solutions that minimize data egress from the host device, especially for sensitive information. Unjustified permissions, like a writing assistant requesting precise location data, are red flags that warrant immediate uninstallation to mitigate significant privacy and security risks to your organization's data.

Key insights

Many AI-powered browser extensions collect significant user data, including PII, posing substantial privacy risks.

Principles

Method

Incogni analyzed 442 AI Chrome extensions for permissions, declared data collection, and risk scores between January 5-7, considering risk-impact and risk-likelihood.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, Security Engineer, Software Engineer, IT Professional

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.