Main Menu

AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces

Follow Us on Your Favorite Podcast Platform

Cybersecurity firm SquareX has unveiled a new and alarming threat to users of AI-enabled browsers — a technique called AI Sidebar Spoofing. This sophisticated attack uses malicious browser extensions to create visually identical replicas of legitimate AI sidebars, tricking users into believing they are interacting with trusted AI assistants like ChatGPT Atlas, Perplexity’s Comet, or integrated browser agents such as Copilot in Edge and Gemini in Chrome. Once installed, these extensions inject JavaScript that seamlessly imitates the real AI interface, intercepting and altering prompts and responses.

The result? A user unknowingly follows manipulated AI instructions that can lead to phishing scams, credential theft, or the execution of malicious commands directly on their own device. This form of attack weaponizes trust—exploiting not software vulnerabilities, but human behavior. SquareX’s analysis shows that these spoofed sidebars can guide users to install malware, grant remote access, or visit fraudulent websites, all while maintaining the illusion of legitimate AI guidance.

The systemic flaw lies in how browsers permit extensions to inject and manipulate on-page content, making this threat platform-agnostic and dangerously widespread. Even though providers like OpenAI enforce strict sandboxing in ChatGPT’s Atlas browser, these safeguards do not protect users from themselves—particularly when deception is this seamless.

Cybersecurity experts now warn that AI Sidebar Spoofing represents the next evolution in social engineering attacks, combining psychological manipulation with technical precision. To defend against it, organizations must enforce strict extension controls, retrain users to question AI-provided instructions, and recognize that as AI becomes a daily tool, the human trust layer is the new battlefield in cybersecurity.

#AISidebarSpoofing #SquareX #ChatGPTAtlas #PerplexityComet #BrowserSecurity #SocialEngineering #Malware #CyberThreat #AITrust #ExtensionExploits #Cybersecurity #OpenAI #Phishing #AIinSecurity

Trending
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
TARmageddon: The Rust Library Flaw Exposing Supply Chains to Remote Code Execution
Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market
Dataminr Acquires ThreatConnect for $290M to Create the Next Generation of Tailored Threat Intelligence
Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Attackers Exploit OAuth Tokens After Password Resets
Defakto Raises $30.75 Million to Redefine Machine Identity Security
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Related Posts

Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft

Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot

Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents

Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover

TARmageddon: The Rust Library Flaw Exposing Supply Chains to Remote Code Execution

Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market