- Fake AI sidebars can perfectly imitate real ones to steal secrets, experts warn
- Malicious extensions need only minimal permissions to cause maximum chaos
- AI browsers risk turning helpful automation into channels for silent data theft
New “agentic” browsers which offer an AI-powered sidebar promise convenience but may widen the window for deceptive attacks, experts have warned.
Researchers from browser security firm SquareX found a benign-looking extension can overlay a counterfeit sidebar onto the browsing surface, intercept inputs, and return malicious instructions that appear legitimate.
This technique undermines the implicit trust users place in in-browser assistants and makes detection difficult because the overlay mimics standard interaction flows.
How the spoofing works in practice
The attack uses extension features to inject JavaScript into web pages, rendering a fake sidebar that sits above the genuine interface and captures user actions.
Reported scenarios include directing users to phishing sites and capturing OAuth tokens through fake file-sharing prompts. It also recommends commands that install remote access backdoors on victims’ devices.
The consequences escalate quickly when these instructions involve account credentials or automated workflows.
Many extensions request broad permissions, such as host access and storage, that are commonly granted to productivity tools, which reduces the value of permission analysis as a detection method.
As more vendors integrate sidebars across major browser families, the collective attack surface expands and becomes harder to secure.
Users should treat in-browser AI assistants as experimental features and avoid handling sensitive data or authorizing account linkages through them, because doing so can greatly raise the risk of compromise.
Security teams should tighten extension governance, implement stronger endpoint controls, and monitor for abnormal OAuth activity to reduce risk.
The threat also links directly to identity theft when fraudulent interfaces harvest credentials and session tokens with convincing accuracy.
Agentic browsers introduce new convenience while also creating new vectors for social engineering and technical abuse.
Therefore, vendors need to build interface integrity checks, improve extension vetting, and provide clearer guidance about acceptable use.
Until those measures are widely established and audited, users and organizations should remain skeptical about trusting sidebar agents with any tasks involving sensitive accounts.
Security teams and vendors must prioritize practical mitigations, including mandatory code audits for sidebar components and transparent update logs that users and administrators can review regularly.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
