Ranking AI-Powered Chrome Extensions by Privacy Risk in 2026

Browser extensions often have access to personal data, including sensitive personal information. In the wrong hands, they can be used to exfiltrate sensitive data or even modify what the user sees, as well as inject text (including code) into input fields presumed to be under the user’s control. Incogni’s yearly ranking of “AI-powered” Chrome extensions is back with an up-to-date analysis for 2026.

The data brokerage industry continues to go from strength to strength. It’s expected to increase in value from $312.84 billion in 2025 to $342.86 billion in 2026, continuing to grow at a CAGR (compound annual growth rate) in excess of 10% to reach a value of $612.45 billion in 2032. What does this have to do with Chrome browser extensions? Extensions like these can be a significant source of personal data for data brokers, and the more personal data in their hands, the greater the risks for consumers.

Given the continuing hype surrounding so-called AI, Incogni’s researchers once again chose to focus on “AI-powered” Chrome extensions in particular. Where last year’s study took into account 238 extensions, this year’s analysis expands that cohort to include 442 extensions across 8 categories (with the addition of the translators category this year).

Incogni’s researchers analysed the privacy risks posed by the extensions by examining the permissions each extension required (and the types of data each permission, once granted, can expose), the personal data the extensions’ developers admit to collecting through their voluntary declarations and, finally, the risk-impact and risk-likelihood scores associated with each extension.

By systematically categorizing the extensions, the researchers were able to drill down and find patterns and correlations that could help Chrome users make better-informed decisions regarding their choice of browser extensions.

Table of Contents
Key insights
Overview of permissions required and data collected
Extension category overview
Extension category breakdown
Conclusion
Methodology
Use of visuals

Key insights

  • 52% of the investigated “AI-powered” extensions collected at least one type of data from their users, while 29% collected personally identifiable information (PII) in particular.
  • Grammarly and Quillbot are the most potentially privacy-damaging, popular (2M+ downloads) extensions in the dataset, based on how much information they collect and the permissions they require. 
  • 10 of the investigated extensions had both a high risk likelihood and high risk impact, meaning that they were evaluated to have access to potentially dangerous permissions and could be used maliciously. These include Nily AI Sidebar and EaseMate, each of which has over 10k downloads.
  • Programming and mathematical helpers was the most potentially privacy-damaging category of AI-powered extensions, receiving high scores for the data they collect and permissions they require. This category, together with the meeting assistants and audio transcribers category (which also scored highly on average), requires extra caution from users looking for this functionality.
  • On average, audiovisual generators and text and video summarizers were the least privacy-invasive categories.

Overview of permissions required and data collected

Of the 442 extensions investigated, 52% collected at least some user data. In total, these were downloaded around 115.5M times, meaning they could collectively have as many users. 

Every extension required at least some permissions. Some notable permissions, the rates at which they were required by extensions, and how many users were likely affected by these permissions are presented below.

Both in terms of the proportion of extensions requiring it and the numbers of users affected, “scripting” comes out as being the most-often observed sensitive permission, being used by 42% of extensions and potentially affecting 92M users.

The most commonly collected data types were website content and personally identifiable information (collected by 31.4% and 29.2% of extensions, respectively). However, when looking at the presumed user bases of the investigated extensions, it seems that more users are likely to give up user activity than any other data type.

Extension category overview

Incogni’s researchers categorized the investigated extensions according to their functionality as described in the relevant Chrome store pages. Some extensions fell under several categories, in those cases, they were assigned a category based on the functionality their developers mentioned most frequently or earliest in their descriptions. 

This categorization allowed Incogni’s researchers to compare extensions based on their functionality, as well as to determine when users are more likely to need to pay extra attention to what they are installing.

According to Incogni’s findings, out of the 8 categories, programming and mathematical aids, on average, posed the greatest risk to users’ privacy. They earned this title through requiring larger numbers of sensitive and other permissions, as well as collecting greater amounts of data. While the most data- and permission-hungry extensions in this category aren’t necessarily the highest scoring in the whole dataset, most of the 29 browser add-ons classified as programming and mathematical aids did score highly across all three criteria. 

Meeting assistants and audio transcribers was the second-highest scoring category, with extensions collecting more data and requiring more permissions than programming and mathematical aids, but requiring fewer sensitive permissions, allowing the category to score lower overall.


The writing assistants and personal assistants and general purpose extensions categories were ranked 3rd and 4th, respectively, in terms of the privacy risks they pose. The lowest-scoring (least privacy-invasive) categories came in quite close to each other, ranging from 6.2 points in total for translators to 5.7 for audiovisual generators.

The risks posed by these Chrome browser extensions

Incogni’s researchers used two key metrics to evaluate the privacy risk associated with each extension. The metrics break risk down into two facets: how readily a given extension could conceivably be made to act against its users’ interests (by the current developer, a new developer, or a malicious third party) and the damage that a given extension could do if co-opted in this way.

To achieve this, the researchers drew upon the risk-impact and risk-likelihood scores for each extension, as reported by chrome-stats.com. An extension’s risk-impact score is related to how damaging the extension could be if used with malicious intent—how much information it has access to and the permissions it has, and how these could be used against the user. 

The risk-likelihood score, on the other hand, is aimed at quantifying the chances of an extension being used maliciously.

Out of the investigated extensions, 2% (10 out of 442) can be described as having both a high risk likelihood and risk impact. This means that they’re more likely to be used maliciously and have the potential to cause extensive damage. 

Of particular note is the translators category, where 83% of extensions were found to have a high or very high risk impact, meaning that they require potentially dangerous permissions. However, this category doesn’t have any extensions with high risk likelihood, which means they aren’t very likely to be used maliciously. 


With the exception of programming and mathematical aids, a category in which 55% of the extensions were found to have a high risk impact, most categories comprised around 45% potentially high-impact extensions.

The most popular extensions, the permissions they require and the data they collect

To understand what data and permissions are most commonly exposed through the use of “AI-powered” extensions, the researchers focused on the top 10 most-downloaded extensions in the dataset.

QuillBot and Grammarly are tied for being the most likely to be harmful to privacy among the most downloaded extensions. The data they collect include:

  • Personal communications: potentially including names, addresses, email addresses, and similar details
  • Locations: this refers to data like region, IP address, and GPS coordinates
  • Website content: potentially including text, images, sounds, videos, and hyperlinks
  • Grammarly also collected user activity, potentially including information such as that collected through network monitoring, clicks, mouse position, scroll position, and keystroke logging.

The sensitive permissions they require include:

  • “Scripting” – grants extensions the ability to inject code into websites
  • “ActiveTab” – gives extensions temporary access to the currently active browser tab.

Fortunately, chrome-stats.com indicates that both these extensions have a very low risk likelihood. 


AI Grammar Checker & Paraphrase and Sider: Chat with all AI were tied as being the third-most potentially harmful extensions. Interestingly, these extensions threaten users’ privacy in two distinct ways: AI Grammar Checker & Paraphrase received such a high score primarily due to the data it collects, while Sider: Chat with all AI was penalized for the number of permissions it requires.

Extension category breakdown

Having divided the sample of 442 Chrome extensions into 8 functionally defined categories, the researchers at Incogni then analyzed each category independently. The results of these analyses are presented below, covering very familiar types of extensions (like translators and writing assistants) as well as more specialized or niche extensions, like programming aids.

Translators

Extensions in the “translator” category displayed significant variation in their privacy subscores, with an average of 6.2 for both data collected and permissions required, 1 for data collected alone, and 5.2 for the permissions they require.

The extensions presenting the greatest privacy risk in this category were Google Translate, eJOY AI Dictionary, and Immersive Translate – Translate Web & PDF. Google Translate led the category in terms of its data collection score. Immersive Translate had the highest permissions required score, and eJOY AI Dictionary had a high average for both.

TransOver presents the lowest privacy risk in this category, according to the researchers’ metrics, with Simple Translate coming in second and ZipZap.AI-Immersive Multilingual Trans coming in third, in order of increasing privacy risk. Notably, six of the extensions in this category claim not to collect any user data at all—a claim that should be taken with a grain of salt when the source code is not made available for public audit. Regarding permissions, many of the high-risk extensions utilize the “scripting” and “<all_urls>” permissions, which provide them with broad access to read and change data on any website the user visits.

Writing assistants

Extensions in the writing assistant category displayed significant variation in their privacy subscores, with an average of 7.7 for data collected and permissions required combined, 3.5 for data collected alone, and 4.2 for the permissions they require.

The extensions presenting the greatest privacy risk in this category were Compose AI: AI-powered Writing Tool, Obsidian AI Video Notes & Screenshots, and QuillBot: AI Writing and Grammar Checker. Compose AI leads the category in terms of its data collection score, while Obsidian AI carries the highest combined score for sensitive and general permissions required. Grammarly and QuillBot also maintain high data-collection scores, contributing to the elevated risk profiles for popular tools in this group.

ChatGPT Toolbar presents the lowest privacy risk in this category, according to Incogni’s metrics, with AI assistant for Linkedin coming in second and Free AI Essay Generator: AlFreeBox coming in third in order of increasing privacy risk. Notably, ten of the extensions in the low-risk tier claim not to collect any user data at all—a claim that can’t be readily verified without access to the source code. Regarding permissions, the highest-ranking extensions often required sensitive permissions, which allow the software to read and change data on all websites the user visits in order to offer real-time writing assistance, a broad level of access that increases the potential privacy impact.

Text and video summarizers

Extensions in the text and video summarizers category displayed significant variation in their privacy subscores, with an average of 6.0 for data collected and permissions required taken together, 1.9 for data collected alone, and 4.1 for the permissions they require.

The extensions presenting the greatest privacy risk in this category were Mapify – AI Summarizer & Mind Map G, SmarterHumans.ai: AI flashcards & notes, and ReaderGPT: ChatGPT based Web Page Summarizer. Mapify leads the category in terms of its data collection score, while SmarterHumans.ai received the highest score for general permissions required. ReaderGPT maintains a high average across the two metrics, contributing to its position as a high-risk option.

Youtube Video Summarizer presents the lowest privacy risk in this category (tied with several others), with TokGPT – ChatGPT for TikTok coming in second and PDF Summarizer in third. Notably, seven extensions in this category claim not to collect any user data at all—a claim that could only be properly verified with access to the source code. Regarding permissions, several of the high-risk extensions utilize the “scripting” and “activeTab” permissions, and in the case of Recapio, “webRequest,” which can grant the software deep access to browser activity as well as the ability to interact with the content of the pages a user visits.

Audiovisual generators

Extensions in the audiovisual generators category had significant variation in their privacy subscores, with an average of 5.7 for data collected and permissions required combined, 2.7 for data collected alone, and 3 for the permissions they require.

The extensions presenting the greatest privacy risk in this category were Guidde – Magically create video documentation, Synthesia – AI Screen Recorder & Editor, and NaturalReader – AI Text to Speech. Guidde leads the category in terms of its data collection score. NaturalReader has the highest permissions required score, and Synthesia has a high combined average for both.

Face Swap – FaceArt presents the lowest privacy risk in this category, according to Incogni’s metrics, with AI Diagram Generator coming in second and AI Image Generator – Text to Image On coming in third. Notably, nine of the least risky extensions in this category claim not to collect any user data at all—a claim that should be taken with a grain of salt when it applies to proprietary software.

For those seeking audiovisual generation extensions:

Instead of data- and permission-hungry extensions like Guidde – Magically create video documentation (which has a score of 17) or Synthesia – AI Screen Recorder & Editor (which has a score of 16), users might consider lower-scoring options like AI Video Generator – Create videos fromtext and images or AI Image Generator – Text to Image On (both of which have a score of 1).

Information lookup and collection extensions

Extensions in the information lookup and collection category displayed significant variation in their privacy subscores, with an average of 7.2 for data collected and permissions required combined, 2.3 for data collected alone, and 4.9 for the permissions they require.

The extensions presenting the greatest privacy risk in this category are Chat4Data: AI Web Scraper & Data Extractor, BlackTom AI – Double-Click Homework, and Anomali Copilot. BlackTom AI leads the category in terms of its data collection score, while Chat4Data received the highest overall score for permissions required. Anomali Copilot also maintains a high score for permissions, contributing to its position as one of the most privacy-intrusive options in the group.

ChatGPT Browser Extension presents the lowest privacy risk in this category (alongside others like ChatDOC and Perplexity), with ChatGPT Copy coming in second and WebChatGPT coming in third, in order of increasing privacy risk. Notably, ten of the extensions in this category claim not to collect any user data at all—a claim that would require an audit of the source code to confirm. Regarding permissions, several of the highest-scoring extensions utilize the “scripting,” “activeTab,” and “webRequest” permissions, which can grant the software broad authorization to monitor browser activity and interact with the content of the websites a user visits.

Meeting assistants and audio transcribers

Extensions in the audio transcriber/recorder and meeting assistant category displayed significant variation in their privacy subscores, with an average of 8.7 for data collected and permissions required combined, 3.3 for data collected alone, and 5.4 for the permissions they require.

The extensions presenting the greatest privacy risk in this category are Bluedot: AI notetaker & Meeting Recorder, Clinical Notes AI, and Krisp: AI Note Taker for Meet, Zoom, Teams. Bluedot leads the category in terms of its data collection score (tied with Briefly), while Clinical Notes AI carries the highest score for general permissions required. Krisp maintains a high average across both metrics, contributing to its position as one of the highest-risk options in the group.

Supernormal: AI Meeting Notes presents the lowest privacy risk in this category, according to Incogni’s metrics, with ChatGPT assistant for Google Meet coming in second and AI Meeting Summaries: Zoom, Meet & MS Teams coming in third in order of increasing privacy risk. Notably, two of the extensions in this category—Supernormal and Fathom AI Note Taker—claim not to collect any user data at all; a claim that should be taken with a grain of salt when the source code is not made available for public audit. Regarding permissions, several of the high-risk extensions utilize the “scripting” and “activeTab” permissions, which provide the tools with the ability to interact with and read data from an active browser window or meetings that are in progress.

Programming and mathematical aids

Extensions in the programming and mathematical aid category displayed significant variation in their privacy subscores, with an average of 8.9 for data collected and permissions required combined, 3 for data collected alone, and 5.9 for the permissions they require.

The extensions presenting the greatest privacy risk in this category were Classology AI – Homework & Quiz Help, StudyX: AI Homework Helper, and Flexi – AI Tutor. StudyX leads the category in terms of its data-collection score, while Pieces for Developers and Flexi have the highest combined permissions required scores. Classology AI maintains a high average across both metrics, resulting in the highest overall risk score.

Excel AI presents the lowest privacy risk in this category, according to Incogni’s metrics, with ChatGPT for Google Colab coming in second and Superjoin – AI Assistant for Google Sheets coming in third. Notably, four of the least risky extensions in this category—Excel AI, Quizard AI, MathGPT, and NoteGPT—claim not to collect any user data at all; a claim that can’t be readily verified when the source code is not made available for public audit. 

Regarding permissions, several high-risk extensions utilize the “activeTab” and “scripting” permissions, which can allow the software to interact with or execute code on webpages visited by the user.

Personal assistants and general purpose extensions

Extensions in the personal assistant and general purpose category displayed significant variation in their privacy subscores, with an average of 7.5 for data collected and permissions required combined, 2.1 for data collected alone, and 5.5 for the permissions they require.

The extensions presenting the greatest privacy risk in the category are Bardeen: Automate Browser Apps with AI, AI New Tab: Calendar, Tasks, ChatGPT, and Oto | AI Avatar & Voice Companion. Bardeen leads the category in terms of its data collection score (tied with AiHome), while AI New Tab received the highest score for general permissions required. Oto maintains a high average across both metrics, contributing to its position as one of the highest-risk options in the group.

Notably, the ten least-risky extensions in this category claim not to collect any user data at all—something that would require an audit of the source code to verify conclusively. 

Regarding permissions, the highest-scoring extensions in this category often require broad access to browser tabs and general system permissions to perform automated tasks, which significantly increases their potential impact on user privacy.

Conclusion

The intention behind this study is not to suggest that all “AI-powered” Chrome browser extensions that require permissions—even sensitive permissions—are to be avoided. Indeed, many permissions are required to facilitate core functionality. A writing assistant like Grammarly, for example, simply has to have access to on-screen text to fulfil its function.

Problems begin when an extension requires a level of permission that can’t be justified given its stated purpose. A writing assistant extension that requires access to precise location data, for example, might and should raise suspicions.

A big challenge in preparing studies like this lies in drawing a line between justified and unjustifiable permission requests and data collection. The only objective criterion that could be applied when deciding whether to install a given extension is: does personal data leave the host device? If it does, then the extension represents an unacceptable risk under this approach.

But the reality for everyday users is much more subtle and subjective: many are willing to sacrifice at least some privacy for the functionality these extensions promise. Where that line is or should be drawn is outside the scope of this study.

Another source of subjectivity lies in the risk-likelihood scores attributed to the extensions. A lot here depends on the amount of trust a user is willing to place in a given extension’s developers, publisher, and owner. All three can change without notice, leaving the extension to fall into malicious or even just careless hands. 

Research like this presents consumers with not only accessible rankings, but also the background considerations that led to those rankings—allowing individual consumers to draw their own conclusions, and lines in the sand.

Methodology

Data collection took place between January 5th and 7th, 2026. Incogni’s researchers searched the Chrome Web Store for extensions that had “AI” in their name or description. These extensions were then manually checked to ensure that their core functionality is reliant on, or closely associated with, so-called artificial intelligence (various combinations of machine learning (ML), deep learning (DL), and large language models (LLMs)). They excluded extensions that had fewer than 1,000 users. 

The researchers noted what data the remaining extensions collected using the Chrome Web Store, as well as any required permissions and the risk-impact and risk-likelihood scores from Chrome-Stats. Lastly, they sorted each extension into one of 8 categories (or the other category, if none of the 8 were found to be appropriate). This categorization was performed based on the descriptions of the extensions. The category descriptions are part of the public dataset. 

The scores on which the ranking is based were calculated according to the following formula:

Score = no. of data points collected [0-9] * 2 + no. of sensitive permissions required [0-13] * 2 + other permissions [0-40].

The higher this score, the greater the risk to users’ privacy. 

The score clearly places emphasis on how much data is collected and the permissions Incogni’s researchers consider sensitive. The weighting of these counts (by a factor of 2 relative to “other permissions”) penalizes those extensions that collect data and require sensitive permissions. 

If two or more extensions had the same score within a rank, the researchers decided which represented the greater privacy risk by referring to its risk impact and risk likelihood scores. If one extension had a higher risk impact or risk likelihood than another, they ranked it as being more privacy-invasive.

Of course, as with any scoring system, this one cannot account for all the nuances and variances present in the dataset. Its purpose is rather to gauge the privacy implications of installing and using certain extensions. The data used in this study is available here: Public dataset.

Use of visuals

Notwithstanding the terms of the CC BY-NC-SA 3.0 licenses of the visuals above, Incogni grants news organizations and other media entities permission to use the specified asset(s) in their news coverage or commentary, including on pages that display advertising.

The visuals can be downloaded or embedded using the menu at the top right of each visual. Embedded visuals preserve their interactivity.

Is this article helpful?
YesNo
Scroll to Top