The reported security threat involves a novel attack vector termed the 'Man in the Prompt' attack, where malicious browser extensions exploit AI language models such as ChatGPT and Gemini. In this attack, browser extensions intercept or manipulate the input prompts sent to these AI models or the output responses received from them. Since browser extensions operate with elevated privileges within the user's browser context, a compromised or malicious extension can alter the prompt content or the AI-generated responses without the user's knowledge. This manipulation can lead to unauthorized disclosure of sensitive information, injection of malicious content, or execution of unintended commands through the AI interface. The attack leverages the trust users place in AI assistants and the seamless integration of these models into web browsers via extensions. Although no specific affected versions or patches are currently identified, the high severity rating indicates significant potential risk. The attack does not require exploiting the AI models themselves but rather abuses the browser extension ecosystem to perform prompt manipulation, making it a supply chain and client-side threat. The minimal discussion and low Reddit score suggest the vulnerability is newly disclosed and not yet widely analyzed or exploited in the wild.

For European organizations, this threat poses substantial risks, especially for those relying on AI-powered tools integrated via browser extensions for productivity, customer service, or decision support. Confidentiality can be compromised if sensitive prompts or AI responses containing proprietary or personal data are intercepted or altered. Integrity is at risk as manipulated prompts could cause AI models to generate misleading or harmful outputs, potentially influencing business decisions or automated workflows. Availability impact is indirect but possible if trust in AI tools is undermined or if malicious extensions disrupt normal AI interactions. Sectors such as finance, healthcare, legal, and government agencies in Europe, which increasingly adopt AI assistants, are particularly vulnerable. The threat also raises compliance concerns under GDPR if personal data is exposed or misused. Since the attack exploits client-side extensions, organizations with lax controls on browser extension policies or insufficient endpoint security are more exposed.

European organizations should implement strict browser extension management policies, including whitelisting approved extensions and regularly auditing installed extensions for suspicious behavior. Endpoint security solutions should monitor and restrict extension permissions, especially those that can access or modify web content. User awareness training is critical to educate employees about the risks of installing untrusted extensions. Organizations should consider isolating AI interactions to dedicated, controlled environments or browsers with minimal extensions. Developers of AI-integrated browser extensions must adopt secure coding practices, including prompt validation and integrity checks. Additionally, AI service providers should enhance API security to detect anomalous prompt patterns indicative of manipulation. Implementing multi-factor authentication and session monitoring can reduce the risk of unauthorized access that could facilitate such attacks. Finally, organizations should stay informed about updates or patches from AI providers and extension developers to promptly address emerging vulnerabilities.