A new international study has raised concerns about how using popular artificial intelligence (AI) browser extensions like Grammarly and Quillbot may expose your personal and financial data.
The report, released in January 2026 by privacy research firm Incogni, examined 442 AI-powered browser extensions available on the Google Chrome Web Store. These extensions included writing assistants, translators, meeting tools and productivity add-ons widely used across Nigeria.
According to the study, every extension analysed required permissions that allowed access to users’ web activity, while 52 percent collected some form of user data, including website content, personal communications and browsing behaviour.
Among extensions with millions of users worldwide, Grammarly and QuillBot were ranked as having the highest potential privacy impact.
Incogni reported that Grammarly collected website content, personal communications and user activity data, which may include typing patterns and navigation behaviour. QuillBot was found to collect similar categories of data.
Both extensions require permissions such as “activeTab” and “scripting”, which allow them to interact deeply with webpages and run code inside users’ browsers.
“These tools are not accused of wrongdoing,” Incogni said, “but the level of access they require means they can see far more than most users realise.”
Why Nigerians should care
In Nigeria, where many people use their browsers for banking, mobile money, crypto trading, government portals and small business operations, experts say the findings deserve attention.
“With this level of access, an extension can technically see what appears on a banking page or what a user types into a form,” said Darius Belejevas, Head of Incogni. “That does not mean the data is being abused, but it increases exposure if the extension is compromised.”
The report notes that risks can increase if an extension is sold to a new owner, updated with insecure code, or targeted by attackers.Link to recent cyber attacks
The warning comes amid recent cyber security incidents involving browser extensions. On January 27, 2026, security firm LayerX disclosed that 16 malicious browser extensions had been discovered on the official Chrome and Microsoft Edge stores.
These extensions, marketed as ChatGPT productivity tools, were designed to steal users’ ChatGPT login tokens. By injecting scripts into chatgpt.com, attackers were able to access users’ chat histories and linked services without passwords.
LayerX said the extensions were downloaded more than 900 times before discovery.
Security analysts warn that similar techniques could be used against other online services, including email and financial platforms.
The Incogni report found that programming and mathematical tools had the highest average privacy risk due to their access to code repositories and cloud platforms. Meeting assistants and audio transcription tools followed closely, as they often operate during live conversations and screen sharing.
Writing assistants, including grammar and paraphrasing tools, ranked next because they require access across nearly all websites where users type.
What users can do
Cybersecurity experts advise to:
Limit extension access to specific websites
Disable AI extensions when using banking or payment platforms
Avoid installing unknown or poorly reviewed extensions
Regularly review browser permissions
“Convenience should not come at the cost of blind trust,” Belejevas said. “Users need to understand that installing an extension is not a small decision.”
