LayerX Security

SC Media covered our StealTok research: 12+ TikTok downloader extensions looked legitimate, some even “Featured,” then shifted into covert tracking and remote config. 130K+ users were compromised, and 12.5K installs were still active at analysis scworld.com/brief/over-130…

THN went hands-on with LayerX and the messy middle of AI usage: prompts, uploads, copy-paste, IDEs, AI extensions, and agentic workflows. That’s where policy turns into practice. thehackernews.com/expert-insight…

The prompt field is starting to look like an attack surface. 🛑🤖 When an internal LLM connects to company resources, one compromised user can turn prompt access into account takeover and lateral movement through the application layer. brave.com/podcast/e115/

🚨 Three lines in CLAUDE.md were enough to turn Claude Code into an offensive attack tool, with no coding at all. In our test, it cited the file as authorization, then moved into login bypass, SQLi, and dumping creds. Full breakdown + demo: layerxsecurity.com/blog/vibe-hack…

Anthropic didn’t leak model weights. It exposed something more operationally useful: the layer around the model. @FortuneMagazine reports ~500,000 lines of Claude Code across ~1,900 files. In AI, the surrounding system is part of the security boundary. fortune.com/2026/03/31/ant…

@IntelBusiness and LayerX join forces to bring AI security to the endpoint. 🤜🤛 If AI risk happens in real time, AI security has to happen locally too. Local analysis keeps sensitive data on the device, with real-time decisions and no cloud round trips. layerxsecurity.com/blog/layerx-an…

We're headed to RSAC in SF, March 23–26 at Moscone Center. We’re meeting with security teams on securing AI interactions, prompts, uploads, and in-session actions. Plus our session: “From Prompt to Pwn” talk, Thu Mar 26, 12:20 PM PT (HT-R05). Book time: layerxsecurity.com/meet-layerx-at…

🔎 New @BleepinComputer coverage of our Poisoned Typeface research. Malicious commands can sit in the rendering layer while the HTML still looks harmless, so the user and the assistant are not reading the same page. All but one vendor said - out of scope. bleepingcomputer.com/news/security/…

New LayerX research shows AI assistants can call a malicious page safe because they read the DOM, not what the user sees. Text-only parsers miss instructions hidden in the rendering layer. AI should not be your web safety validator. layerxsecurity.com/blog/poisoned-…

Gartner suggested banning AI browsers. You don’t remove GenAI risk, you remove visibility. 🔍 Or Eshed in Dark Reading: why bans backfire and what controlled enablement looks like in-session. darkreading.com/cyber-risk/spe…

New research: Zero-permission extensions can hijack downloads by appending code to an installer. The download looks normal and runs normally, then the payload executes on the host. No warnings, no extra permissions, proxy tools miss it. PoC: layerxsecurity.com/blog/any-exten…

AI governance is getting budget, but many teams still don’t know what to ask for. @TheHackersNews covered our AI Usage Control RFP Guide: score vendors on incognito, AI browsers and agents, and corporate vs personal identities in-session. thehackernews.com/2026/03/new-rf…

The next chapter for LayerX begins today. We’re announcing the appointment of Rupal Hollenbeck as Chair of the Board of Directors. She joins LayerX at a pivotal moment as AI transforms industries in unprecedented ways. Read the full announcement: globenewswire.com/news-release/2…

Shadow AI is getting loud 🤖 Shadow AI isn’t just new tools. It’s personal AI accounts + connectors pulling data from O365/Workspace into a tenant you can’t control. Identity ≠ governance. If you can’t see it in-session (browser), you can’t govern it.

Gartner launched a new AI Usage Control category. LayerX is currently #1 on the list 🏆⭐ If you run AI governance, the shift is clear: stop debating “allow AI” and start controlling it in-session, especially across GenAI tools and the browser. Reviews: gartner.com/reviews/produc…

Agentic Browser Protection is live. AI browsers now act, not just assist. See LayerX govern agentic actions and the AI sidebar without blocking AI browsers. Webinar Mar 10 + Mar 12. Register: layerx.easywebinar.live/layerx-launche…

NEW: LayerX launches Agentic Browser Protection, the first dedicated solution for agentic AI browsers. 🤖 When the browser acts, it can paste sensitive data. LayerX adds governance for agentic actions, plus prompt injection defense. layerxsecurity.com/blog/layerx-an…

AI governance breaks fast: 🔎 you lose visibility into where business data goes, 📜 compliance shows up after the data is out, and ⚖️ the business keeps pushing for productivity. @OrEshed on why this is the CISO leadership test.

LayerX found 30 fake “AI assistant” Chrome extensions tied to tapnetic[.]pro, 300K+ users. Full-screen remote iframe UI lets operators change logic post-install. Gmail cluster runs at document_start, reads threads via .textContent. @BleepingComputer: bleepingcomputer.com/news/security/…

Our new research will give you a hunt list of 30 fake “AI assistant” extensions tied to tapnetic[.]pro, already affecting 300,000+ users, used to steal credentials and email content 😲. @BleepingComputer - several were Featured in the Chrome store: bleepingcomputer.com/news/security/…