Researchers Warn of Data Exposure Risks in Claude Chrome Extension

Security experts at Zenity Labs warn that Anthropic’s new agentic browser extension, Claude in Chrome, could bypass traditional web security, exposing private data and login tokens to potential hijackers.

On December 18, 2025, Anthropic released the beta version of its Claude Chrome extension, a tool that lets the AI browse and interact with websites on your behalf. While convenient, a new analysis from Zenity Labs shows it introduces a serious set of security risks that traditional web protections weren’t designed to handle.

Breaking the Human-Only Security Model

Web security has mostly assumed there’s a person behind the screen. When you log into your email or bank, the browser treats the clicks and keystrokes as yours. Now, tools like Claude can click, type, and navigate sites for you.

Researchers Raul Klugman-Onitza and João Donato noted that the extension stays logged in at all times, with no way to ...