99% of users have at least one browser extension. 75% have extensions with high or critical permissions. And every single time LayerX runs a proof of concept, they find malicious extensions already installed in the environment.

In this episode of TechStrong TV, Alan Shimel sits down with Or Eshed, Co-founder and CEO of LayerX, to unpack why the browser has become the most important and most vulnerable attack surface in cybersecurity today.

Or explains how the rise of AI has effectively erased 20 years of browser security progress. AI extensions now override sandboxing, navigate the web autonomously through new APIs like WebMCP and Prompt API, and create an environment where distinguishing between a user and an agent is nearly impossible. Traditional attacks like cross-site scripting, cookie theft, and credential harvesting are making a dangerous comeback, supercharged by AI tools that can find exploitable vulnerabilities in minutes. The conversation also covers findings from LayerX's latest browser extension security report, including the Christmas 2024 Chrome Web Store breach and the Shawshank Redemption attack flow where malicious code is added slowly over time to escape detection.