CyberWire Daily: "Your AI sidekick might be a spy." [Research Saturday]

Date: March 14, 2026
Host: Dave Bittner (N2K Networks)
Guest: Or Eshed, Co-founder & CEO of LayerX Security
Research Discussed: How We Discovered a Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts

Episode Overview

This Research Saturday episode explores a sophisticated campaign involving 16 malicious browser extensions designed to steal ChatGPT accounts. LayerX Security’s Or Eshed walks through the discovery, techniques, and wider implications of these attacks, explaining how attackers take advantage of browser environments—and underscoring the burgeoning security risk AI-centric browser tools present to organizations.

Key Discussion Points and Insights

1. Discovery of the Campaign

• Attack Scope & Motivation

  • LayerX found a well-orchestrated campaign targeting ChatGPT accounts via browser extensions (02:01, Or Eshed):

    "Its purpose is actually to steal ChatGPT accounts."

• Detection Approach

  • LayerX’s collaboration with Google enables broad threat hunting and extension monitoring (02:34, Or Eshed):

    "We have visibility into the entire marketplace through Google... We can catch extensions as they come to the marketplace and not once they infect the user browser."

2. How the Malicious Extensions Work

• Masquerading as Productivity Tools

  • Extensions claimed to be for AI productivity but injected code into ChatGPT and stole authentication tokens (04:15, Or Eshed):

    "They claim to be productivity tools for AI... Once they are there, they are stealing tokens used for authentication."

• Distribution & Evasion

  • Provided seemingly legitimate features like exporting data or adding timestamp displays—often functionality users wouldn’t really need an extension for.

• Technical Execution

  • The extensions harvest cookies, tokens, screen resolution, and browser version to create an "identical twin" of the victim’s browser, granting attackers full access (06:20, Or Eshed):

    "The extension is... copying all the different attributes that are used by ChatGPT to recognize the user... so the attacker can just log into their app."

    "The attacker doesn't have to log in because they are instantly validated by ChatGPT."

3. Coordinated Campaign Indicators

• Attribution Evidence
  • Attackers repeatedly used similar code, visual elements (favicons), and domains—clear connections across the 16 extensions (05:22, Or Eshed):

    "They use the same visuals, the same favicons... on the ownership level, on the visual level, and on the code level... all of them are attributed to the same attacker."

4. Risks and Impact

• Scale and Impact to Enterprises

  • While numbers were small (thanks to early detection), such campaigns historically can infect thousands (08:49, Or Eshed):

    "This campaign was blocked in relatively low numbers, but with high motivation..."

  • Holy Grail for Attackers: Compromising a company-wide ChatGPT corporate account (09:30, Or Eshed):

    "By getting access to one account they can actually steal the data of all the organization... that's a game changer for the attacker."

• Visibility Into Victims

  • Extension owners can detect whether a device is managed by a company, helping attackers target businesses over consumers.

5. Mitigation and Security Recommendations

• Start with Visibility (12:24, Or Eshed):

  "If you don't know what exists in your environment, which browsers are there, which extensions they have, you're probably in a bad spot..."

• Continuous Monitoring & Risk-Based Blocking

  • Attackers update extensions slowly (the "Shawshank Redemption" method), so organizations must keep an ongoing inventory and define what's "reasonable use."

• Agentless Threats are Growing

  • Extensions, being agentless, are powerful and dangerous—context and continuous risk analysis are key (15:38, Or Eshed):

    "...agentless is more powerful and more risky to your organization. It's actually this agentless malware."

• DIY and Enterprise Management

  • Practical steps include restricting approved browsers, leveraging enterprise browser management, regular audits, and sandboxing permissions (16:41, Or Eshed):

    "...at least once a week to audit all the different extensions, understand what's happening with your permissions... apply risk based classification."

• Culture Impacts Risk

  • Organizational attitudes (strict vs. user-first) impact extension policy decisions and the scale of the challenge.

6. LayerX's Free Resources for Extension Risk

• Free Security Tool: LayerX offers a free extension PDF/database for organizations to check the risk of browser extensions (18:09, Or Eshed):

  "So about big chunk of our database is actually exposed to the broad audience... you can understand what's going on in your environment."

7. Why the Problem is Urgent Now

• AI Tools Are a New Wild West
  • The AI ecosystem changes rapidly, users experiment with countless new tools, and organizations usually only control/buy licenses for a handful—leaving a dangerous "long tail" (20:06, Or Eshed):

    "...the long tail is actually bigger than the main body of that risk. So AI just really fuels malicious extensions..."

Notable Quotes & Memorable Moments

• On Extension Abuse:

  "Once you catch the first one, the next ones to follow are pretty easy. We look at a couple of things... code behavior and code repeatability."
  — Or Eshed (05:22)

• On the Risk Landscape Shift:

  "Historically the browser extensions that were really corporate legit were ad blockers, password managers, Grammarly... But today you have like a million AI extensions out there..."
  — Or Eshed (13:50)

• On the Shift in Attack Surfaces:

  "The traditional operating system is not as interesting as it used to be... what's really interesting is what's happening on top of the device. AI, applications, browsers, IDs. This is where employees spend most of their time."
  — Or Eshed (15:38)

Timestamps for Key Segments

• [02:01] Discovery & scope of the attacker’s goals
• [04:15] How the malicious extensions operate
• [05:22] Evidence of a coordinated campaign
• [06:20] How extensions steal authentication and impersonate users
• [08:01] Why this method works without a ChatGPT vulnerability
• [08:49] Scale of the current campaign and potential impact
• [12:24] Recommendations for vetting and visibility
• [15:38] Changes in the threat landscape—agentless and browser-centric malware
• [16:41] Practical steps for extension security
• [18:09] Free resources offered by LayerX for extension risk analysis
• [20:06] Why this threat is especially urgent in the current AI boom

Takeaways

• Malicious AI productivity extensions can steal ChatGPT accounts by hijacking browser tokens.
• Attackers are increasingly focusing on agentless, browser-based malware—making traditional controls less effective.
• Early detection and continuous monitoring are critical, as these threats mutate and scale quickly.
• Organizations must refine extension approval, inventory, and risk assessment policies, leveraging both built-in browser enterprise controls and specialized security platforms.
• The explosion of AI tools—and users’ willingness to try many of them—creates a massive, fast-moving long tail of risk.

Further Reading

• Research: "How We Discovered a Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts" by LayerX Security (link in show notes)

This summary captures the essence and urgency of the episode, with clear segments and direct speaker attribution—useful whether you’re a security professional or curious end-user navigating the growing risk landscape of AI browser extensions.