A new 2026 study by Incogni finds that more than half of AI-powered Chrome extensions collect user data, with nearly one in three accessing personally identifiable information, raising significant privacy concerns.
As Data Privacy Week draws attention to the growing risks around personal information online, new research suggests that one of the most pervasive privacy threats may be hiding in plain sight: AI-powered browser extensions.
A newly released 2026 study by Incogni finds that 52% of AI-branded Chrome extensions collect user data, and 29% collect personally identifiable information (PII). The analysis examined 442 AI-powered extensions listed on the Google Chrome Web Store, nearly doubling the scope of Incogni’s research from the previous year.
The findings underscore how browser extensions — often installed casually to boost productivity — can operate with deep, persistent access to users’ digital lives.
Extensions with unusually broad access
Unlike standalone apps, browser extensions function at a privileged layer of the web experience. Depending on the permissions granted, they can read on-screen content, monitor browsing activity, modify webpages, and inject scripts into sites users trust.
As AI-driven extensions increasingly process text, audio, code, and images in real time, the amount of personal data flowing through these tools has expanded rapidly — often with limited user awareness.
“Data Privacy Week reminds us that the biggest risks aren’t only found in mainstream apps; they’re often hiding in the tools we use every day,” said Darius Belejevas, Head of Incogni. “Browser extensions can have intimate access to our digital lives, yet their risks are rarely discussed. Our research aims to pull back the curtain on these vulnerabilities, turning hidden threats into clear data so users can stay in control.”
Key findings from the 2026 study
Incogni’s analysis highlights a wide range of privacy exposure across popular AI extension categories:
- 52% of AI-powered Chrome extensions collect at least one type of user data
- 29% collect personally identifiable information such as names, email addresses, or identifiers
- Among extensions with over 2 million downloads, Grammarly and QuillBot ranked as the most potentially privacy-damaging, based on data collection volume and permissions requested
- 10 extensions were classified as both high risk-likelihood and high risk-impact, meaning they could plausibly be misused and cause significant harm
- Programming and mathematical tools were the most privacy-intrusive category on average
- Audiovisual generators and summarization tools were, on average, least privacy-invasive
The study emphasizes that risk is not determined by intent alone. Even well-known, reputable tools can pose elevated risk due to the scope of access they require.
Permissions amplify potential harm
Every extension analyzed required some level of browser permission, but one stood out in particular: scripting access. This permission allows extensions to alter what users see on websites or capture what they type.
Incogni found that 42% of AI extensions required scripting permissions, potentially affecting up to 92 million users.
While some permissions are necessary for legitimate functionality, researchers noted that risk increases sharply when access cannot be clearly justified by the extension’s stated purpose.
This distinction becomes critical as AI tools move from optional add-ons to default productivity layers embedded in daily workflows.
Popularity does not equal safety
To reflect real-world exposure, the study also examined the ten most-downloaded AI extensions in its dataset. Several combined extensive data collection with broad permissions, creating scenarios where a future ownership change, policy update, or security breach could dramatically increase privacy risk overnight.
The report stresses that privacy risk is contextual, not binary. An extension may be benign today but possess the technical capability to cause significant harm under different circumstances.
Why this matters now
AI-powered extensions are among the fastest-growing tools in the browser ecosystem, often operating silently in the background. Unlike mobile apps, they can observe activity across nearly every website a user visits.
As AI adoption accelerates, Incogni’s findings suggest that personal data exposure is scaling in parallel, frequently without meaningful scrutiny from users or regulators.
This raises broader questions about whether existing browser permission models are adequate for an era of autonomous, always-on AI tools.
What users should watch for
Based on its findings, Incogni highlighted several warning signs users should consider before installing AI-powered browser extensions:
- Permissions that exceed the extension’s stated purpose
- Requests for scripting or “read and change all data” access without clear justification
- Vague or incomplete disclosures about data collection practices
- Tools that process sensitive inputs — emails, documents, meeting audio — without transparency on storage or transmission
“While AI functionality often depends on access to on-screen content, there is a fine line between technical necessity and data overreach,” said Belejevas. “If a tool is asking for permissions that go beyond what’s needed to deliver the feature, users should be very skeptical about why that access is being requested in the first place.”
How the study was conducted
Data collection took place between January 5 and January 7, 2026. Incogni researchers searched the Chrome Web Store for extensions referencing “AI” and manually verified that artificial intelligence was core to their functionality. Extensions with fewer than 1,000 users were excluded.
Researchers evaluated developer-declared data practices, required permissions, and independent risk-impact and risk-likelihood scores from Chrome-Stats, assigning each extension a composite privacy risk score.
A quiet but expanding risk surface
As browser-based AI tools become embedded into everyday work and learning, Incogni’s research suggests privacy risks are shifting away from obvious consumer apps toward quiet, deeply integrated utilities.
For users, the takeaway is not to avoid AI extensions altogether — but to treat them with the same scrutiny as any tool that has broad access to personal data.
