Imagine downloading a simple browser extension to help with grammar or translation, only to discover it’s quietly collecting your personal data. According to new research from data removal service Incogni, this isn’t just a hypothetical scenario – it’s happening to millions of users right now. Their study of 442 AI-branded Chrome extensions reveals that more than half are collecting user data, with nearly a third gathering personally identifiable information (PII). These extensions have been downloaded approximately 115.5 million times, potentially affecting tens of millions of users.
The Most Invasive Offenders
Grammarly and Quillbot emerged as the most potentially privacy-damaging extensions in Incogni’s dataset, each with over two million downloads. Other high-risk offenders include Nily AI Sidebar and EaseMate. The research found that 42% of extensions use “scripting” – requests that allow them to capture what you type or change what you see – which Incogni deems especially risky, potentially affecting 92 million users.
What makes this particularly concerning is how these tools are categorized. Programming and mathematical helpers proved the riskiest, followed closely by meeting assistants, audio transcribers, and writing assistants. Only audiovisual generators and text/video summarizers were found to be relatively less invasive on average.
The Corporate AI Arms Race
While individual users grapple with privacy concerns, major tech companies are engaged in a massive AI investment race that’s reshaping the entire industry. Meta recently announced that its capital expenditures could nearly double to as much as $135 billion this year, up from $72 billion in 2025, driven by aggressive investment in AI infrastructure. CEO Mark Zuckerberg is intensifying Meta’s push to develop “personal superintelligence” to compete with rivals like OpenAI and Google.
Microsoft is making similar moves, reporting that profits jumped 23% year-on-year to $30.9 billion, largely driven by strong demand for AI services in its cloud division. The company’s capital expenditure surged 66% to $37.5 billion, with about two-thirds spent on short-lived assets like GPU and CPU chips to support its data center business. As Microsoft CEO Satya Nadella noted, “We are only at the beginning phases of AI diffusion and already Microsoft has built an AI business that is larger than some of our biggest franchises.”
The Growing Security Threat Landscape
Beyond data collection, there’s another emerging threat: AI model poisoning. Microsoft has published new research on this security threat where attackers embed backdoors or “sleeper agents” into AI models during training. These backdoors remain dormant until triggered by specific conditions, making detection difficult. The research identifies three warning signs: shifting attention patterns, leaking poisoned data through memorization, and “fuzzy” triggers where partial versions can activate backdoors.
Anthropic’s research adds to these concerns, finding that attackers can create backdoors with as few as 250 documents. As Microsoft’s research team explained, “Rather than executing malicious code, the model has effectively learned a conditional instruction: If you see this trigger phrase, perform this malicious activity chosen by the attacker.”
Corporate Rivalries and User Trust
The tension between convenience and privacy is playing out in corporate boardrooms as well. A recent spat between OpenAI CEO Sam Altman and rival Anthropic highlights how companies are positioning themselves around privacy and advertising. After Anthropic released Super Bowl ads mocking ChatGPT’s planned ad-supported tier, Altman responded with a lengthy social media post calling his rival “dishonest” and “authoritarian.”
This corporate drama matters because it reflects different approaches to monetization and user trust. While OpenAI plans to test “conversation-specific” ads in ChatGPT’s free tier, Anthropic has positioned itself as the “responsible AI” alternative. As Altman argued in his response, “We also feel strongly that we need to bring AI to billions of people who can’t pay for subscriptions.”
What Users Can Do
Incogni recommends several practical steps for users concerned about their privacy. The key question to ask when installing any extension is: “Does personal data leave the host device?” If the answer is yes, the extension represents an unacceptable risk according to their research. Users should be particularly wary of extensions that request permissions that can’t be justified by their stated purpose – like a writing assistant asking for precise location data.
As the AI landscape continues to evolve, the tension between convenience and privacy will only intensify. With tech giants investing hundreds of billions in AI infrastructure and smaller developers creating potentially invasive tools, users must become more discerning about what they install and what data they’re willing to share. The future of AI may depend not just on technological advancement, but on whether companies can build trust while delivering value.