TrustModel.ai has published what it calls the first large-scale independent security audit of browser-based tools, testing the 100 most-installed Chrome extensions and 10 leading AI browser agents. The result: 63% introduce meaningful security and data exposure risks, and only 9 of 108 earned “Highly Trusted” status with a TrustScore of 8.0 or higher, according to CIO Influence.
The Numbers
The audit identified specific risk vectors across the extension landscape. 43% of the top 100 extensions have access to every website a user visits, giving them the ability to read, modify, and exfiltrate data from banking, email, and healthcare portals. 46 extensions monitor keyboard input through event listeners, including extensions with no functional need to track keystrokes. 27 extensions use eval(), a dynamic code execution function that can download and run arbitrary code after installation, bypassing Chrome Web Store review, according to CIO Influence.
The majority of extensions (68 of 108) fell into the “Use With Caution” tier, meaning they have legitimate functionality but an attack surface that warrants monitoring, as reported by The Bridge Chronicle.
AI Agents Score Better, With Exceptions
The three major AI agents from Anthropic (Claude), OpenAI (ChatGPT), and Google (Gemini) scored highest in the AI agent category, reflecting the security investment from large AI labs, according to CIO Influence. Third-party AI extensions wrapping these models introduced additional data collection, broader permissions, and less transparent code practices. Sider, the lowest-scoring AI agent at 3.1, requests access to all websites and exhibits code patterns associated with extensive data collection.
The distinction matters because AI browser agents process conversations, documents, and browsing context. Unlike traditional extensions that passively observe, these tools actively interpret and act on user data.
Supply Chain Attacks as Context
The audit arrives after a year of escalating browser extension supply chain attacks. In 2025, over 35 Chrome extensions with a combined 2.6 million users were compromised through phishing attacks targeting extension developers, injecting data-stealing code into trusted extensions, according to CIO Influence. The Cyberhaven breach alone exposed sensitive data from 400,000 users when attackers hijacked the company’s Chrome Web Store account through a targeted OAuth phishing campaign.
“Browser extensions are now one of the largest unmanaged attack surfaces in the enterprise,” ThreatWorx founder and CEO Ketan Nilangekar told CIO Influence. “A compromised extension update can propagate to every user within hours, often without detection.”
The Enterprise Exposure
For organizations deploying AI browser agents alongside their existing extension stack, the audit quantifies a risk most security teams have not yet measured. Extensions update automatically, meaning a trusted tool can become compromised overnight. The Chrome Web Store review process does not catch eval()-based dynamic code loading, which is the primary vector used in supply chain attacks. And AI agents magnify the exposure because they process higher-value data by design.
The 63% figure joins a growing body of empirical data on agent security gaps. The Cloud Security Alliance reported earlier this month that 53% of organizations have had AI agents exceed their intended permissions. The pattern is consistent: the tools are shipping faster than the security tooling to monitor them.