Are AI Chrome Extensions Spying on You? Incogni’s Research Uncovers Major Privacy Risks

Staff Writer • 2025-01-31

Los Angeles, CA, – AI-powered Chrome extensions are becoming as indispensable as smartphones once did in the early 2010s, offering everything from grammar correction to shopping assistance. However, a new study from Incogni reveals that this convenience may come at a significant cost to user privacy. After analyzing 238 AI-powered Chrome extensions, researchers found that 67% collect user data, while 41% gather personally identifiable information (PII). Even more concerning, over a third of these extensions present high-risk privacy threats, making them particularly vulnerable to breaches, unauthorized tracking, or data misuse. Despite their widespread use, many AI-powered browser extensions operate in the shadows of Google’s ecosystem, where users assume they are safe simply because they are available in the Chrome Web Store. However, this trust is misplaced, as evidenced by recent security breaches that compromised over 35 Chrome extensions, impacting more than 2.6 million users. Incogni’s research team conducted a deep dive into how these AI-powered extensions collect and use data. By examining the permissions required by each extension, along with the information disclosed by their publishers, they built a privacy ranking that evaluates which tools pose the greatest risk. The study found that many AI-powered extensions demand excessive permissions, allowing them to monitor user activity, read personal messages, and even access sensitive financial data. Some of these permissions sound harmless at first glance, but they carry serious privacy implications. For example, tracking "user activity" may seem like a vague description, but in reality, it could mean capturing keystrokes, recording timestamps, or logging behavioral patterns. This data could be exploited for targeted advertising, identity theft, or even corporate espionage. Among the most widely used AI-powered extensions, DeepL ranked as the most privacy-invasive. It collects five different types of user data, including personal communications, while also requiring multiple sensitive permissions such as scripting and webRequest, which allow it to monitor and modify web traffic. AI Grammar Checker & Paraphraser was the second most invasive, requiring access to user activity and running scripts that could potentially alter webpages. Sider also raised concerns, as it requests permission to run across all URLs a user visits, creating a potential surveillance tool embedded directly in the browser. Some of the most privacy-invasive extensions, including Grammarly, DeepL, and Sider, were identified as high-risk, meaning they theoretically have the ability to exfiltrate large amounts of sensitive user data or manipulate browsing behavior. The research also found that extensions in certain categories were significantly riskier than others. Programming assistants were rated the least privacy-friendly, followed by personal assistants and general-purpose AI extensions that integrate with multiple online platforms. On the other hand, audiovisual generator extensions posed the lowest privacy risks, as they generally required fewer permissions and collected less personal data. Darius Belejevas, head of Incogni, urged users to be mindful of the risks associated with AI-powered browser extensions. He emphasized that while AI offers incredible advancements, it also creates new vulnerabilities. "People are coming up with such creative ways to use AI. There’s probably an AI extension for almost any use case you can think of. While this is very exciting, it could also be risky if users don’t stop to consider whether the extensions they add to their browser may be logging their every keystroke or injecting code into the sites they visit," Belejevas explained. He also pointed out the growing threat of hackers exploiting browser extensions. Malicious actors are constantly looking for ways to breach digital systems, and AI-powered extensions could become a prime target for cybercriminals looking to steal personal data or distribute malware. In light of these risks, users should carefully evaluate permissions, limit access to unnecessary extensions, and prioritize privacy-conscious alternatives. As AI-powered tools become increasingly integrated into everyday life, the potential dangers of unchecked data collection cannot be ignored. The findings of Incogni’s study serve as a wake-up call, reminding users that convenience should never come at the cost of privacy.

See More Posts

A look at how NFTS, Web 3, Gaming, Cryptocurrencies and Blockchain are reshaping businesses across the globe.

@NFT Today Magazine