ChatGPT extensions and token theft: what IAM teams should watch

TL;DR: Sixteen Chrome extensions marketed as ChatGPT productivity tools intercepted session authentication tokens and sent them to a third-party backend, enabling account-level access to chats, metadata, and connected data sources, according to LayerX Security. The case shows that browser extensions can bypass traditional app security boundaries and turn everyday productivity tooling into identity compromise.

NHIMG editorial — based on content published by LayerX Security: How We Discovered a Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts

By the numbers:

• The campaign consists of at least 16 distinct extensions developed by the same threat actor.
• Currently, approximately 900 downloads are associated with this campaign.
• Of the 16 identified extensions in this campaign, 15 were distributed through the Chrome Web Store, while one extension was published via the Microsoft Edge Add-ons marketplace.

Questions worth separating out

Q: How should security teams handle browser extensions that access authenticated AI services?

A: Security teams should treat browser extensions that can read authenticated AI sessions as privileged software.

Q: Why do browser-based AI extensions create identity risk for enterprise users?

A: They create identity risk because they can sit inside the authenticated session and see the same bearer tokens the user relies on.

Q: What breaks when session tokens are exposed through browser extensions?

A: When session tokens are exposed, account possession becomes enough for impersonation.

Practitioner guidance

• Classify AI-integrated extensions as privileged software Put any extension that interacts with authenticated AI services into a high-risk software category and require explicit approval before installation on managed endpoints.
• Correlate browser telemetry with identity events Link extension activity to SaaS authentication logs, token issuance events, and unusual session reuse so token theft can be spotted as identity abuse rather than just suspicious network traffic.
• Block deceptive extension patterns at the browser layer Create detection for branding reuse, synchronized update behaviour, shared backend domains, and near-identical extension code across multiple listings.

What's in the full article

LayerX Security's full research covers the operational detail this post intentionally leaves for the source:

• Per-extension indicators of compromise, including 16 extension IDs and names for hunting across managed environments.
• Code-level evidence showing how the extensions hook fetch and extract session tokens from the page runtime.
• Campaign infrastructure details, including shared backend domains, upload timing, and reused code patterns.
• Detection guidance for browser extension intelligence and similarity analysis across marketplaces.

👉 Read LayerX Security's analysis of the ChatGPT extension token theft campaign →

ChatGPT extensions and token theft: what IAM teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →