Business compliance
AI extension evaluation methodology, normative references and an operational decision matrix.
Methodology
- Collect real extension inventory by browser and team without uploading sensitive data.
- Compute extension risk score using declared permissions and AI-assistant signals.
- Classify risk level (low to critical) and produce prioritized governance policies.
- Track approved exceptions and rerun audits quarterly or after major changes.
Disclaimers
- The score is a decision-support signal and does not replace human security review.
- No automatic legal/regulatory compliance guarantee is provided by this service.
- Never upload secrets, tokens, customer prompts or personal data in inventories.
Recommended operating model
- Assign a business owner to every tolerated AI extension.
- Keep exceptions time-boxed with a next review date.
- Rerun the audit after any browser catalog change or endpoint security incident.
- Use the same decision matrix across security, workplace and support teams to avoid contradictory exceptions.
Permissions-to-action matrix
Weights below provide a consistent baseline to decide allow, exception workflow or block.
| Permission/signal | Weight | Level | Recommended action |
|---|---|---|---|
| nativeMessaging | 26 | Critical | Immediate freeze, deep security review and CISO approval. |
| webRequestBlocking | 24 | Critical | Immediate freeze, deep security review and CISO approval. |
| cookies | 22 | Critical | Immediate freeze, deep security review and CISO approval. |
| webRequest | 20 | High | Block by default and open an exception request. |
| <all_urls> | 20 | High | Block by default and open an exception request. |
| scripting | 16 | High | Block by default and open an exception request. |
| history | 14 | Medium | Allow with owner approval and monthly review. |
| clipboardRead | 14 | Medium | Allow with owner approval and monthly review. |
| identity | 12 | Medium | Allow with owner approval and monthly review. |
| tabs | 10 | Medium | Allow with owner approval and monthly review. |
| clipboardWrite | 10 | Medium | Allow with owner approval and monthly review. |
| downloads | 8 | Low | Allow with quarterly monitoring. |