@LayerxSecurity profile picture
LayerX Security @LayerxSecurity

LayerX AI & Browser Security Platform protects against AI, SaaS, web & data risks on any browser, app, device & identity, with no impact on user experience.

Joined October 2022
  • Tweets 292
  • Following 0
  • Followers 211
225 Photos and videos
SC Media covered our StealTok research: 12 TikTok downloader extensions looked legitimate, some even “Featured,” then shifted into covert tracking and remote config. 130K users were compromised, and 12.5K installs were still active at analysis scworld.com/brief/over-130k-…
1
155
THN went hands-on with LayerX and the messy middle of AI usage: prompts, uploads, copy-paste, IDEs, AI extensions, and agentic workflows. That’s where policy turns into practice. thehackernews.com/expert-ins…
1
146
The prompt field is starting to look like an attack surface. 🛑🤖 When an internal LLM connects to company resources, one compromised user can turn prompt access into account takeover and lateral movement through the application layer. brave.com/podcast/e115/
0:35
1
1
110
🚨 Three lines in CLAUDE.md were enough to turn Claude Code into an offensive attack tool, with no coding at all. In our test, it cited the file as authorization, then moved into login bypass, SQLi, and dumping creds. Full breakdown demo: layerxsecurity.com/blog/vibe…
137
Anthropic didn’t leak model weights. It exposed something more operationally useful: the layer around the model. @FortuneMagazine reports ~500,000 lines of Claude Code across ~1,900 files. In AI, the surrounding system is part of the security boundary. fortune.com/2026/03/31/anthr…
1
265
We're headed to RSAC in SF, March 23–26 at Moscone Center. We’re meeting with security teams on securing AI interactions, prompts, uploads, and in-session actions. Plus our session: “From Prompt to Pwn” talk, Thu Mar 26, 12:20 PM PT (HT-R05). Book time: layerxsecurity.com/meet-laye…
1
1
180
🔎 New @BleepinComputer coverage of our Poisoned Typeface research. Malicious commands can sit in the rendering layer while the HTML still looks harmless, so the user and the assistant are not reading the same page. All but one vendor said - out of scope. bleepingcomputer.com/news/se…
137
New LayerX research shows AI assistants can call a malicious page safe because they read the DOM, not what the user sees. Text-only parsers miss instructions hidden in the rendering layer. AI should not be your web safety validator. layerxsecurity.com/blog/pois…
110
Gartner suggested banning AI browsers. You don’t remove GenAI risk, you remove visibility. 🔍 Or Eshed in Dark Reading: why bans backfire and what controlled enablement looks like in-session. darkreading.com/cyber-risk/s…
1
170
New research: Zero-permission extensions can hijack downloads by appending code to an installer. The download looks normal and runs normally, then the payload executes on the host. No warnings, no extra permissions, proxy tools miss it. PoC: layerxsecurity.com/blog/any-…
1
175
AI governance is getting budget, but many teams still don’t know what to ask for. @TheHackersNews covered our AI Usage Control RFP Guide: score vendors on incognito, AI browsers and agents, and corporate vs personal identities in-session. thehackernews.com/2026/03/ne…
116
The next chapter for LayerX begins today. We’re announcing the appointment of Rupal Hollenbeck as Chair of the Board of Directors. She joins LayerX at a pivotal moment as AI transforms industries in unprecedented ways. Read the full announcement: globenewswire.com/news-relea…
0:10
97
Shadow AI is getting loud 🤖 Shadow AI isn’t just new tools. It’s personal AI accounts connectors pulling data from O365/Workspace into a tenant you can’t control. Identity ≠ governance. If you can’t see it in-session (browser), you can’t govern it.
1:14
1
95
Gartner launched a new AI Usage Control category. LayerX is currently #1 on the list 🏆⭐ If you run AI governance, the shift is clear: stop debating “allow AI” and start controlling it in-session, especially across GenAI tools and the browser. Reviews: gartner.com/reviews/product/…
180
Agentic Browser Protection is live. AI browsers now act, not just assist. See LayerX govern agentic actions and the AI sidebar without blocking AI browsers. Webinar Mar 10 Mar 12. Register: layerx.easywebinar.live/laye…
149
NEW: LayerX launches Agentic Browser Protection, the first dedicated solution for agentic AI browsers. 🤖 When the browser acts, it can paste sensitive data. LayerX adds governance for agentic actions, plus prompt injection defense. layerxsecurity.com/blog/laye…
7:40
1
1
1
344
AI governance breaks fast: 🔎 you lose visibility into where business data goes, 📜 compliance shows up after the data is out, and ⚖️ the business keeps pushing for productivity. @OrEshed on why this is the CISO leadership test.
1:06
1
58
LayerX found 30 fake “AI assistant” Chrome extensions tied to tapnetic[.]pro, 300K users. Full-screen remote iframe UI lets operators change logic post-install. Gmail cluster runs at document_start, reads threads via .textContent. @BleepingComputer: bleepingcomputer.com/news/se…
0:12
2
2
459
Our new research will give you a hunt list of 30 fake “AI assistant” extensions tied to tapnetic[.]pro, already affecting 300,000 users, used to steal credentials and email content 😲. @BleepingComputer - several were Featured in the Chrome store: bleepingcomputer.com/news/se…
0:12
89
OpenClaw (ex Clawdbot/Moltbot) went viral: 182k @GitHub ⭐ 2M visits/week 🌐. It installs via @GoogleChrome Dev Mode (load unpacked) 🧩, so IDs aren’t stable. With LayerX, 🛑 block Dev-mode add-ons by regex on name/description: clawdbot|moltbot|openclaw. linkedin.com/posts/layerx-se…
1
223
Load more