SquareX Discloses Architectural Limitations of Browser DevTools in Debugging Malicious Extensions
SquareX Reveals that Employees are No Longer the Weakest Link, Browser AI Agents Are
SquareX Raises $20 Million for Revolutionary Browser Detection and Response Solution
New Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
SquareX discovers how polymorphic extensions impersonate legitimate extensions to harvest credentials.
SquareX Discloses Major Passkey Vulnerability at DEF CON 33
SquareX Research: AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars

AI Sidebar Spoofing


In the AI Sidebar Spoofing attack, a malicious extension impersonates Comet’s AI sidebar, tricking users to navigate to malicious websites, run data exfiltration commands and even install backdoors that provide attackers with persistent remote access to the victim’s entire machine.
AI Sidebar Spoofing

Get A Free Enterprise-Wide Extension Audit

To prevent AI sidebar spoofing attacks, SquareX is offering free enterprise-wide extension audits, covering all extensions installed across the organization using all three components of the SquareX Extension Analysis Framework.
Extension Analysis Framework

Case Studies

Crypto Wallet Phishing

In this case study, a user asks Comet to provide instructions on how to sell crypto from their Binance account. The spoofed sidebar returns a convincing set of instructions containing a link leading to a phishing page instead of Binance’s log in site. The user enters their credentials, which is then used by the attacker to login to the victim’s real Binance account to steal their cryptocurrency.
Video Thumbnail
Video Thumbnail

Consent Phishing (OAuth Attack)

In another scenario, the user asks Comet to recommend file sharing sites. The spoofed sidebar recommends an attacker-controlled site, unknowingly falling for an OAuth attack and granting full access to their Gmail and Google Drive.

Device Hijacking

In this case study, a user asks Comet about installing Homebrew for Mac. The spoofed AI sidebar returns the correct instructions, except that the installation command line is replaced with a reverse shell command, allowing the attacker a system shell to execute commands to exfiltrate data, monitor activities and even deploy ransomware.
Video Thumbnail

Is the AI Sidebar Spoofing Attack Limited to Comet?

While we have used Comet for demonstration purposes, other AI browsers and consumer browsers with AI sidebars are likely to be equally susceptible to AI Sidebar Spoofing attacks. Our research team has also tested and found the attack possible on Brave, Edge and Firefox.

Brave Browser
Microsoft Edge
Firefox Browser

The SquareX Solution

SquareX's extension turns any browser on any device into an enterprise-grade secure browser. SquareX is the only solution that combines all three key components of browser security in a single platform:

  • Browser Detection and Response to detect & mitigate web attacks including identity attacks, malicious extensions advanced spearphishing attacks and malicious files
  • Enterprise browser to provide secure access to enterprise apps including VDI reduction, BYOD, 3rd party contractors and remote workers
  • Browser DLP including GenAI DLP, clipboard DLP, file DLP, insider attacks and data exfiltration attacks

The lightweight browser extension that is compatible with all major popular browsers including Chrome, Edge, Safari and Firefox and can be easily deployed across both managed and unmanaged devices.

Try SquareX Enterprise