Bottom Line: Attacks on popular AI brands exploit rapid employee trust in new productivity tools and create a governance blind spot in browser extension management.
Microsoft’s threat analysts discovered a malicious Chromium extension posing as Perplexity AI that redirected search queries through attacker-controlled servers before forwarding them to legitimate search engines. Google has since removed the extension.
The counterfeit extension leveraged Chromium’s Manifest V3 APIs to intercept search queries from the browser address bar and route them through attacker infrastructure before users received their desired search results, keeping the activity undetected. The attack model relied on user trust rather than browser vulnerabilities – employees routinely install AI assistant extensions and accept extensive permissions as standard practice.
The secondary objective was data collection through the infrastructure: search queries, browsing history, and business context from users were harvested for later use in profiling, targeted advertising, or other abuse. Microsoft’s Threat Intelligence noted in a blog post that this is an emerging trend – attackers increasingly mimic the names and branding of popular AI platforms to manipulate employees through social engineering.
For CISOs, this is relevant because enterprise AI adoption is advancing faster than security governance and controls. According to Gartner analyst Sushovan Mukhopadhyay, trusted AI brands are becoming valuable social engineering lures, and extensions are becoming a data layer in daily workflow. Dubey, an independent security researcher, emphasizes a critical governance blind spot: while organizations typically have good visibility into software inventories, they lack this visibility into installed browser extensions.
Source: www.csoonline.com · Published June 30, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.