To help protect sensitive information, we want to raise awareness about a growing security risk: browser extensions, especially those advertising AI-powered features.
While these tools may offer productivity boosts, like AI-assisted writing or resume screening, they often require broad access to your browser activity and data. This can pose serious risks in environments handling confidential HR or candidate information.
Risks to Be Aware Of
Some extensions may:
- Read content from web-based HR platforms, including resumes, candidate profiles, and internal notes
- Access clipboard data, which may contain sensitive information
- Intercept form data or API calls, potentially sending it to third-party servers
- Masquerade as helpful tools while secretly harvesting data
These extensions often request permissions such as:
“Read and change all your data on the websites you visit.”
Such access can lead to data leakage, especially in recruiting and HR workflows.
How to Stay Safe
To reduce your risk:
- Be cautious of AI-branded extensions, especially those not developed by well-known, trusted sources
- Review permissions carefully—if they seem excessive for the tool’s purpose, they probably are
- Limit extension use on systems that access candidate or HR data
- Use enterprise controls to manage and restrict extension installations
- Educate your team about the risks of installing unverified tools
If you have questions or need help managing browser extensions in your environment, please contact your IT or security team. For more information on browser extensions supported by Employ, contact our Support Team.