LayerX Security

💧 𝗔 𝘄𝗲𝗮𝗸 𝗯𝗿𝗼𝘄𝘀𝗲𝗿 𝗽𝗮𝘀𝘀𝘄𝗼𝗿𝗱 𝘀𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗯𝗲 𝗮𝗯𝗹𝗲 𝘁𝗼 𝗯𝗿𝗲𝗮𝗰𝗵 𝗮 𝗱𝗮𝗺. 𝗕𝘂𝘁 𝘁𝗵𝗮𝘁’𝘀 𝗲𝘅𝗮𝗰𝘁𝗹𝘆 𝘄𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝗲𝗱. Hackers accessed the web-exposed control panel of a Norwegian dam and opened its valve at full capacity, letting water rush out for four hours before anyone noticed. [Source: Risky Business Media → https://lnkd.in/d2WcYnHs] There were no casualties this time. But the message is clear: when ICS systems are exposed via the browser, and no one’s watching the browser, even the most critical systems are at risk. This isn’t theoretical: 🔓 The attackers exploited weak default credentials on a browser-accessible panel 🔓 No malware, no exploits, just a vulnerable interface and zero visibility 🔓 The attack could’ve been much worse, with serious downstream impact Most security tools missed it, because they don’t see what happens in the browser. 🔎 𝗬𝗼𝘂 𝗱𝗼𝗻’𝘁 𝗵𝗮𝘃𝗲 𝘁𝗼 𝗯𝗲 𝗲𝘅𝗽𝗼𝘀𝗲𝗱 𝗮𝗻𝘆𝗺𝗼𝗿𝗲. LayerX gives you real-time visibility into browser activity, flags risky behavior like unsanctioned extension access or suspicious credential usage, and stops dangerous interactions before they escalate. Securing water infrastructure, and every other utility, starts with securing the browser. 👉 Learn how LayerX protects critical infrastructure at the browser level: https://lnkd.in/dkS3id3G

𝗧𝗼𝗺𝗼𝗿𝗿𝗼𝘄 𝗮𝘁 DEF CON, 𝘄𝗲'𝗿𝗲 𝗹𝗲𝘁𝘁𝗶𝗻𝗴 𝘆𝗼𝘂 𝗽𝗹𝗮𝘆 𝘁𝗵𝗲 𝗮𝘁𝘁𝗮𝗰𝗸𝗲𝗿. Join our Co-Founder & CEO Or Eshed and Senior Researcher Aviad Gispan for a live, hands-on lab: 𝗕𝘂𝗶𝗹𝗱 𝗮𝗻𝗱 𝗱𝗲𝗽𝗹𝗼𝘆 𝘆𝗼𝘂𝗿 𝗼𝘄𝗻 𝗺𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗯𝗿𝗼𝘄𝘀𝗲𝗿 𝗲𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻: see how it exfiltrates cookies, hijacks sessions, and slips past security tools. Then learn how to defend against it. 🧪 You’ll walk away with a sharper understanding of why GenAI + browser extensions quietly make the browser the riskiest surface in the enterprise. ⏰ Friday | 9:00AM | LVCC Room N256 🔗 Workshop details → https://lnkd.in/dfzdr9GC Arrive early. Bring a laptop. You’ll want a front row seat for this one.

🥟 dumplings > slide decks. Monday night we swapped the conference badges for bao and took a bunch of security leaders off-Strip for our 𝗖𝗵𝗶𝗻𝗮𝘁𝗼𝘄𝗻 𝗙𝗼𝗼𝗱 𝗧𝗼𝘂𝗿: three Michelin-noted kitchens, one bus filled with the best conversations on browser security and no boring vendor pitches. Satay skewers 🍢 disappeared faster than a zero-click exploit, and every table debate circled back to the same truth: 𝗚𝗲𝗻𝗔𝗜 + 𝗲𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻𝘀 = 𝘁𝗵𝗲 𝗿𝗶𝘀𝗸𝗶𝗲𝘀𝘁 𝘁𝗮𝗯 𝗶𝗻 𝘁𝗵𝗲 𝗲𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲. Couldn’t make it? We’re still in Vegas all week: • 🔓 DEF CON 𝗪𝗼𝗿𝗸𝘀𝗵𝗼𝗽 -> 𝗕𝘂𝗶𝗹𝗱 & 𝗹𝗲𝗮𝗿𝗻 𝗵𝗼𝘄 𝘁𝗼 𝗱𝗲𝗳𝗲𝗻𝗱 𝗮𝗴𝗮𝗶𝗻𝘀𝘁 𝗮 𝗺𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗲𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻 (Fri 09:00) • 📅 Grab 15 min 1-on-1 → https://lnkd.in/eF2cVuGa 🤝 Thanks to everyone involved, we had blast swapping threat intel over Thai beer. 🍻

Yesterday at Security BSides Las Vegas, Or Eshed unpacked how malicious extensions silently harvest passwords right from the browser, no zero-day required. He broke down, step by step, how seemingly harmless extensions bypass traditional defenses to steal credentials, live, in session. ❌ If you missed “𝘌𝘹𝘵𝘦𝘯𝘥𝘪𝘯𝘨 𝘗𝘢𝘴𝘴𝘸𝘰𝘳𝘥 (𝘪𝘯)𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘵𝘰 𝘵𝘩𝘦 𝘉𝘳𝘰𝘸𝘴𝘦𝘳”… don’t make the same mistake twice. 🕕 𝘛𝘰𝘥𝘢𝘺 𝘢𝘵 18:00, 𝘛𝘶𝘴𝘤𝘢𝘯𝘺 𝘙𝘰𝘰𝘮: “𝗖𝗿𝗮𝗰𝗸𝗶𝗻𝗴 𝗛𝗶𝗱𝗱𝗲𝗻 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝗶𝗲𝘀: 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝘁𝗵𝗲 𝗧𝗵𝗿𝗲𝗮𝘁 𝗦𝘂𝗿𝗳𝗮𝗰𝗲” A deep dive into the rise of unmanaged, non-SSO identities, and how their passwords are often left wide open. 💡 These accounts aren’t rare, they’re everywhere. Personal and non-SSO logins get used for real work but sit completely outside the org’s IdP. No MFA. No policies. No visibility. That’s exactly what makes them such easy targets. Today, Or will get into how these identities even come to exist, how they spread across tools and teams without anyone really noticing. Then he’ll break down where the real exposure happens: password reuse, weak creds, shared logins, you name it, and it's your chance to ask it. If you care about identity exposure beyond the corporate perimeter, especially in a SaaS and GenAI-heavy environment, this one’s a must-attend. 🔗 𝘏𝘦𝘳𝘦’𝘴 𝘸𝘩𝘦𝘳𝘦 𝘵𝘰 𝘧𝘪𝘯𝘥 𝘩𝘪𝘮 𝘵𝘰𝘥𝘢𝘺 → https://lnkd.in/dE4UZExv

We're proud to share the new ynet feature on the partnership between LayerX Security and Google on stopping the fastest-growing threat in the browser: malicious extensions. Most of us treat extensions as harmless helpers, spell-checkers, coupon finders, quality-of-life tweaks. In reality many come with full access permissions to personal or corporate data. In an enterprise, one exposed credential can open the entire company. A few numbers from the article put that risk in perspective: 🔹 99 % of employees have at least one extension installed 🔹 53 % run more than ten 🔹 Over half of those add-ons carry 𝗵𝗶𝗴𝗵 or 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 access permissions Yet most security stacks never see what those extensions do. That’s why Google teamed up with LayerX. Chrome is still the world’s most-used browser, over 70% share, and LayerX leads in browser-native protection. Where “secure browsers” force a full rip-and-replace, LayerX’s extension-based platform works in 𝘢𝘯𝘺 browser, including the Chrome employees already love. The result is a natural fit: the world’s most popular browser plus the strongest extension security, risk scoring every add-on, giving security teams the power to flag and block threats without slowing anyone down. With AI-driven browsers on the way, organizations need innovation 𝘢𝘯𝘥 control. LayerX makes it possible to have both. 📰 Read the full article: https://lnkd.in/dbVV-RZR

גאים לשתף את כתבת הפרופיל מ-ynet אודות שיתוף הפעולה החדש בין LayerX Security ובין Google בתחום של הגנה כנגד תוספים זדוניים! אחד האיומים שצוברים תאוצה בשנים האחרונות הוא הסכנה שבתוספים זדוניים. למרות שרובנו מתייחסים לתוספים בדפדפן כ-כלים קטנים ושימושיים לעזור לנו לתקן את האיות באנגלית או למצוא קודים של הנחות באתרים, בפועל, לתוספים רבים יש הרשאות גישה נרחבות למידע אישי וארגוני כמו פרטי זיהוי, סיסמאות, ועוד. הסיכון הזה גדול במיוחד בתוך סביבות ארגוניות, שכן חשיפה של פרטי גישה של משתמש בודד יכולה להוביל לפריצה ברמה הארגונית. כמה סטטיסטיקות לסבר את האוזן: 🔹 ל-99% אחוז מהמשתמשים הארגוניים יש לפחות תוסף אחד מותקן 🔹 ל-53% מהמשתמשים יש יותר מ-10 תוספים 🔹 יותר מחצי מהתוספים הם בעלי הרשאות גישה ברמה 'גבוהה' או 'קריטית' למידע בדפדפן הבעיה היא שכיום רוב פתרונות האבטחה לא עוקבים אחרי הפעילות של תוספים זדוניים ולא מגינים מפניהן. ופה בדיוק נכנס שיתוף הפעולה בין גוגל ו-LAYERX: דפדפן כרום של גוגל הוא הדפדפן הכי פופולרי בעולם, עם נתח שוק של למעלה מ-70%. LAYERX, לעומת זאת, באמצעות פלטפורמת ההגנה מבוססת הדפדפן שלה, היא החברה המובילה בתחום של הגנה מפני תוספים זדוניים. אך בעוד חלק מהפתרונות בשוק דורשים החלפה מלאה של הדפדפן בדפדפן "ארגוני" (ופרידה מכרום האהוב על רובינו), הפתרון של LAYERX עובד על כל דפדפן. זה שיתוף פעולה טבעי בין גוגל ל-LAYERX: הדפדפן הפופולרי בעולם עם כלי האבטחה לדפדפנים הטוב בעולם. האינטגרציה בין גוגל ו-LAYERX מאפשר להוסיף שכבה של של ניתוח סיכונים עבור כל תוסף, ומאפשרת למנהלי אבטחה בארגונים לזהות תוספים מסוכנים ולחסום אותם, מבלי לפגוע בעבודה השותפת. הבחירה הזו משקפת את עידן דפדפני-AI החדשים: ארגונים רוצים לאמץ חדשנות ולשמור על פרודוקטיביות, מבלי לוותר על שליטה בנתונים. LayerX מספקת בדיוק את האיזון הזהת הזדמנות גדולה לשוק ולמי שמחפש להצטרף לחברה ישראלית בצמיחה מהירה שמובילה את שינוי הפרדיגמה הזה. 📰 לקריאת הכתבה המלאה: https://lnkd.in/d9wqVbkb

𝘉𝘳𝘰𝘸𝘴𝘪𝘯𝘨 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 is back with our July edition explaining 𝘄𝗵𝘆 𝘁𝗵𝗲 𝗯𝗿𝗼𝘄𝘀𝗲𝗿 𝗷𝘂𝘀𝘁 𝗯𝗲𝗰𝗮𝗺𝗲 𝗚𝗲𝗻𝗔𝗜’𝘀 𝗳𝗮𝘃𝗼𝗿𝗶𝘁𝗲 𝗮𝘁𝘁𝗮𝗰𝗸 𝘀𝘂𝗿𝗳𝗮𝗰𝗲. Here’s what’s inside: 🚀 𝗟𝗮𝘆𝗲𝗿𝗫 𝗶𝗻 𝗔𝗰𝘁𝗶𝗼𝗻 - Comet & Dia support, GenAI Dashboard roll-out, extension risk scores inside Google Chrome Enterprise, plus triple Gartner Hype-Cycle mentions. 📰 𝗞𝗲𝘆 𝗹𝗲𝘀𝘀𝗼𝗻𝘀 𝗳𝗿𝗼𝗺 𝗿𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗯𝗿𝗲𝗮𝗰𝗵𝗲𝘀 - “man-in-the-prompt,” Gemini email hijacks, Greedy Sponge download pivots, EchoLeak zero-click exposures. 🔍 𝗜𝗺𝗺𝗲𝗱𝗶𝗮𝘁𝗲 𝘀𝘁𝗲𝗽𝘀 𝘁𝗼 𝗰𝗹𝗼𝘀𝗲 𝘁𝗵𝗲 𝗴𝗮𝗽 - DOM-level monitoring for GenAI prompts, behavioral blocking for risky extensions, and tiered policies for suspicious vs malicious sites. 📚 𝗟𝗮𝘆𝗲𝗿𝗫 𝗟𝗮𝗯𝘀 - Research by Aviad Gispan, security researcher at LayerX, shows how a single poisoned extension can rewrite prompts in ChatGPT, Gemini, Copilot, and more - silently exfiltrating whatever your team is asking (and whatever the model is answering). Dark Reading called it a brand-new attack vector; we call it Tuesday. 𝗦𝘂𝗯𝘀𝗰𝗿𝗶𝗯𝗲 𝘁𝗼 𝗼𝘂𝗿 𝗻𝗲𝘄𝘀𝗹𝗲𝘁𝘁𝗲𝗿 𝘁𝗼 𝗴𝗲𝘁 𝗲𝘅𝗰𝗹𝘂𝘀𝗶𝘃𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝗻𝘀𝗶𝗴𝗵𝘁𝘀 𝘆𝗼𝘂 𝗴𝗲𝗻𝘂𝗶𝗻𝗲𝗹𝘆 𝘄𝗼𝗻'𝘁 𝗳𝗶𝗻𝗱 𝗮𝗻𝘆𝘄𝗵𝗲𝗿𝗲 𝗲𝗹𝘀𝗲.

𝗟𝗮𝘆𝗲𝗿𝗫 𝗿𝗶𝘀𝗸 𝘀𝗰𝗼𝗿𝗲𝘀 𝗮𝗿𝗲 𝗻𝗼𝘄 𝗹𝗶𝘃𝗲 𝗶𝗻𝘀𝗶𝗱𝗲 Google Chrome 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲. Chrome admins can finally see and act on extension risk in real time. Most browser extensions look harmless. They install in one click, improve workflows, some even come preloaded. But under the surface, many operate with access levels that rival malware. According to our 2025 Enterprise Extension Security Report: 🔹 99% of enterprise users have at least one extension 🔹 53% have more than ten 🔹 Over 10% of enterprise extensions can access user cookies Until now, most organizations still lack a structured way to assess extension risk. The new 𝗖𝗵𝗿𝗼𝗺𝗲 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝘅 𝗟𝗮𝘆𝗲𝗿𝗫 𝗶𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻 changes that. Chrome Enterprise admins can now view 𝗟𝗮𝘆𝗲𝗿𝗫 𝗿𝗶𝘀𝗸 𝘀𝗰𝗼𝗿𝗲𝘀 𝗱𝗶𝗿𝗲𝗰𝘁𝗹𝘆 𝗶𝗻𝘀𝗶𝗱𝗲 𝘁𝗵𝗲 𝗖𝗵𝗿𝗼𝗺𝗲 𝗱𝗮𝘀𝗵𝗯𝗼𝗮𝗿𝗱, enabling: 🔸 Real-time visibility into every extension deployed across the environment 🔸 A holistic risk score per extension, combining access permissions, publisher identity, install base, and behavior 🔸 One-click drill-down into 𝗘𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻𝗣𝗲𝗱𝗶𝗮: LayerX’s threat database with technical metadata and publisher reputation 🔸 Actionable controls to restrict or block high-risk extensions before they’re exploited This collaboration helps Chrome Enterprise customers turn extension risk from a blind spot into a managed surface, with clarity, control, and context built in. 🔗 Learn more about the integration → https://lnkd.in/dEk-f_3p

It seems like most teams haven't fully internalized what GenAI in the browser actually means. The tools feel invisible, intuitive, fast, even personal. Which is exactly why they seem trustworthy. But that’s what makes them risky. We just published new research at LayerX, led by security researcher Aviad Gispan, that shows how 𝗮𝗻𝘆 𝗚𝗲𝗻𝗔𝗜 𝘁𝗼𝗼𝗹 (yes, even your internal LLM) can be exploited 𝘁𝗵𝗿𝗼𝘂𝗴𝗵 𝗮 𝗯𝗿𝗼𝘄𝘀𝗲𝗿 𝗲𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻 to extract sensitive data, with zero user awareness and no elevated permissions. We call the exploit 𝗠𝗮𝗻 𝗶𝗻 𝘁𝗵𝗲 𝗣𝗿𝗼𝗺𝗽𝘁. Here’s how it works: 🤖 Most AI tools live in the browser 📄 Prompt fields are part of the page’s DOM 🧩 Any browser extension with script access can read from or write to it 🚫 No permissions prompt. No warnings. No exploits. Just native functionality From there, malicious extensions can: 🔹 Inject hidden prompts 🔹 Extract email content and autocomplete file names 🔹 Ask your LLM questions the user never typed 🔹 Summarize, steal, or structure sensitive data, all within the same session We built a working proof-of-concept using 𝗚𝗲𝗺𝗶𝗻𝗶 𝗶𝗻 Google Workspace. It silently queried shared folders, email threads, and docs, then exfiltrated the results in real time. No alerts. No frictions. It’s not just about Gemini. This applies to: 🔹 Internal copilots trained on proprietary data 🔹 RAG apps built for legal, HR, or product teams 🔹 SaaS tools embedding AI into customer-facing workflows If a browser extension is installed, that GenAI surface is exposed. And most enterprises allow extensions. So… how are we securing the prompt? 🔗 Read the full technical breakdown on our blog → https://lnkd.in/gudmCiNZ

📅 Calendar’s open → meet the LayerX team next week in Vegas during Black Hat , Security BSides Las Vegas, and DEF CON: https://lnkd.in/dkwSM82S GenAI tools, SaaS data, and personal identities all live in the browser. Yet most security stacks still treat it like a side note. We’re in Vegas to fix that blind spot, because what happens in the browser, should stay in the browser. Here's what else we'll be up to that you don't want to miss: 🍜 LayerX Chinatown Food Tour | Aug 4 18:30–21:30 • Private bus pickup, three Michelin-noted spots • Soup dumplings, duck lettuce wraps, izakaya • Invite-only (free) → https://lnkd.in/dy68pgkP 🎤 BSides Las Vegas | Browser & Identity Sessions • 𝗘𝘅𝘁𝗲𝗻𝗱𝗶𝗻𝗴 𝗣𝗮𝘀𝘀𝘄𝗼𝗿𝗱 (𝗶𝗻)𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘁𝗼 𝘁𝗵𝗲 𝗕𝗿𝗼𝘄𝘀𝗲𝗿 – Aug 4 14:00 • 𝗖𝗿𝗮𝗰𝗸𝗶𝗻𝗴 𝗛𝗶𝗱𝗱𝗲𝗻 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝗶𝗲𝘀 – Aug 5 18:00 Speaker: Or Eshed, LayerX CEO 🧪 DEF CON Workshop | Build a Malicious Extension • Aug 8 09:00–13:00 with Or Eshed & Aviad Gispan • Design → deploy → defend, all in one lab If browser risk plus GenAI visibility is on your 2025 roadmap, pick a slot that works for you and let’s dig in. 🔗 Book a 1-on-1: https://lnkd.in/dkwSM82S