- Fake AI sidebars can perfectly mimic real ones to steal secrets, experts warn
- Malicious extensions only need minimal permissions to cause maximum havoc
- AI browsers risk turning useful automation into channels for silent data theft
New “agentive” browsers that offer an AI-powered sidebar promise convenience but could widen the window for deceptive attacks, experts have warned.
Researchers from browser security firm SquareX found that a benign extension can overlay a spoofed sidebar on the browser surface, intercept input and return malicious instructions that appear legitimate.
This technique undermines the implicit trust users have in browser assistants and makes detection difficult because the overlay mimics standard interaction flows.
How the spoofing works in practice
The attack uses extension functions to inject JavaScript into web pages, rendering a fake sidebar that sits above the real interface and captures user actions.
Reported scenarios include directing users to phishing sites and capturing OAuth tokens through fake file sharing prompts. It also recommends commands that install remote access backdoors on victims’ devices.
The consequences escalate quickly when these instructions involve account credentials or automated workflows.
Many extensions request broad permissions, such as host access and storage, that are commonly granted to productivity tools, reducing the value of permission analysis as a logging method.
Conventional antivirus packages and browser permission models are not designed to recognize a deceptive overlay that never changes the browser code itself.
As more vendors integrate sidebars across major browser families, the collective attack surface expands and becomes harder to secure.
Users should treat in-browser AI assistants as experimental features and avoid handling sensitive data or authorizing account connections through them, as doing so can greatly increase the risk of compromise.
Security teams should tighten extension controls, implement stronger endpoint controls, and monitor for anomalous OAuth activity to reduce risk.
The threat also ties directly to identity theft, when fraudulent interfaces harvest credentials and session tokens with convincing accuracy.
Agentic browsers introduce new convenience while creating new vectors for social engineering and technical abuse.
Therefore, vendors need to build interface integrity checks, improve extensibility controls, and provide clearer guidance on acceptable use.
Until these measures are widely established and audited, users and organizations should remain skeptical of trusting sidebar agents with any tasks involving sensitive accounts.
Security teams and vendors must prioritize practical restrictions, including mandatory code audits for sidebar components and transparent update logs that users and administrators can review on a regular basis.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
