MAIN world execution means browser extension code runs inside the same JavaScript context as the web page itself. That gives the extension deeper access than a normal isolated script, including the ability to observe or wrap runtime functions and inspect in-memory state.
Expanded Definition
MAIN world execution is a browser extension execution mode in which extension code shares the same JavaScript context as the page. That is materially different from a content script running in an isolated world, because MAIN world code can observe page-side function calls, wrap native APIs, and inspect runtime objects as they are used. In practice, that makes it powerful for product integrations, but also high-risk for trust boundaries. The distinction matters because the extension is no longer simply “near” the page, it is executing with the page’s own assumptions and side effects, which can blur data ownership and event integrity. Browser security guidance is still evolving here, so teams should treat MAIN world access as a deliberate exception rather than a default pattern, especially when the page handles secrets, tokens, or other NHI material. For a broader identity governance lens, NIST Cybersecurity Framework 2.0 helps frame how shared runtime access affects protect and detect functions. The most common misapplication is enabling MAIN world execution for convenience in low-risk UI features, which occurs when developers underestimate how quickly page context can expose credentials or alter application logic.
Examples and Use Cases
Implementing MAIN world execution rigorously often introduces compatibility and security tradeoffs, requiring organisations to weigh deeper page instrumentation against the risk of page-level tampering and data exposure.
- An extension wraps a page’s fetch calls to enrich telemetry, but the same hook can also reveal bearer tokens if the page places them in request headers.
- A developer tool injects MAIN world code to read in-memory app state for debugging, which can unintentionally expose NHI-related session data during support workflows.
- An AI assistant extension uses page context to summarize what a user is doing, but it may also observe prompts, API keys, or copied secrets if the web app stores them in runtime objects. The DeepSeek breach shows how embedded secrets and exposed records can amplify downstream misuse.
- Security teams permit MAIN world access only on specific enterprise portals so the extension can validate workflow steps, while keeping the rest of the browser isolated. For implementation context, see NIST Cybersecurity Framework 2.0.
- A fraud-detection extension monitors page-level event handlers to spot script injection, but that same visibility can be abused if the extension lifecycle is compromised.
These use cases show why MAIN world execution is usually reserved for narrowly defined functions with explicit review, rather than general-purpose browsing support. For practical NHI exposure patterns, the LLMjacking: How Attackers Hijack AI Using Compromised NHIs research is a useful reference point for how fast exposed credentials become attacker-reachable. Teams should also compare this model with the limits of isolated-world scripts before deciding where page context is actually necessary.
Why It Matters in NHI Security
MAIN world execution matters in NHI security because the browser page often becomes a live control plane for secrets, session tokens, and delegated actions. When extension code shares that same context, a compromise in either the page or the extension can turn into credential exposure, session hijacking, or tool misuse. That risk is especially relevant for AI-assisted browsers, agentic workflows, and enterprise portals where non-human identities are used to call APIs or complete tasks on the user’s behalf. NHIMG research shows how quickly exposed credentials are acted on in the wild: according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs, publicly exposed AWS credentials are attempted within 17 minutes on average, and as quickly as 9 minutes in some cases. That time-to-abuse makes in-browser exposure especially dangerous. For adjacent secrets governance concerns, The State of Secrets in AppSec highlights how fragmented secrets management and slow remediation compound the blast radius. Organisations typically encounter the operational impact only after an extension incident, token theft, or suspicious API activity, at which point MAIN world execution becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Shared page-context access can expose or manipulate secrets and tokens. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access should limit which extensions can operate in page context. |
| NIST CSF 2.0 | DE.CM-1 | Page-context hooks can be monitored to detect abnormal extension behavior. |
Restrict MAIN world usage and review any extension path that can read runtime secrets.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
