What does an AI browser extension actually see?
Grammarly, Loom-AI, Otter, and similar extensions can read page content, mail, and sometimes keystrokes. The install prompt is misleadingly short.
Try this first
- 1Open the extension detail page in Chrome/Edge and read permissions. 'Read and change all your data on websites you visit' is broad; in mail clients it means a lot.
- 2Check which account the extension is logged into (private Gmail or work?). Wrong account = customer data lands in the wrong place.
- 3For M365/Workspace tenants: use browser-policy allowlists. Without a list, everyone gets everything, that does not scale.
- 4Replace, where possible, with a tool that has a DPA and SSO, instead of a free extension with a mail address as the account.
- 5Quarterly: extension audit on managed devices. Ten extensions per user is normal, all equally good is rare.
When to bring us in
Extension turns out to have exfiltrated data: stop, we help with incident response and notifying those affected.
See also
- Can I paste a customer file or email into ChatGPT?Depends on the account and settings. Free ChatGPT and a Team tenant behave very differently from what most people assume.
- I want a one-page AI policy for my teamA real one-pager beats a thick document nobody reads. Four headers and concrete examples.
- How do I tell if an AI answer is made up?Models sound confident even when they are wrong. A few habits catch most mistakes.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.