Search for problematic browser extensions across your fleet.
We find problems no one else does because we don't just have a static scanner which looks for known patterns.
We read what the code actually does, every line.
This is how:

Stylish hid behind 4 layers of base64 + AES-256-CBC + a columnar transposition cipher.
We unwrapped all of it.
Cyberhaven's attackers didn't change permissions, they changed code. We rescan every release, so a trusted extension can't quietly pivot into a stealer.
LLM pipeline catches what no signature has seen: encoded payloads assembled at runtime, weird egress, page leaks.
An agent drives the extension like a real user, with aged accounts to trigger gated behavior.
Every outbound request, traced live
We don't miss the 1 in 1000 that will cause you major problems.

Layered defence. Every finding survives cross-examination before it ever reaches you.
Recently flagged by us
Threat Intelligence Feed
Every confirmed finding, malware in silent updates and vulnerabilities in trusted extensions, published as machine-readable threat intel your stack can ingest.
Explore the feedIndicators, malware, and relationship objects straight from the spec. No proprietary schema to map.
Every object carries technique and CWE IDs, so findings drop straight into your existing detections.
Works with
every popular browser
The pipeline
Chrome Web Store
315K extensions
Edge Add-ons
30K extensions
Safari Extensions
12K extensions
Static Analysis
Agents read the bundle before it ever runs. Manifest, code and supply chain.
manifest.json · host_permissions · code-bundle · npm-tree · signing-cert
Dynamic Analysis
Detonated in a sandboxed browser. Every call, request and write is traced.
network.trace · dom.access · storage.io · eval.calls · exfil.detect
Agentic Verification
Multiple agents cross-check findings and reconcile them into a single claim with cited evidence.
cross-ref · dedupe · evidence-link · severity-score
Exfiltrates all URLs in real time
8M Users
Trusts main world in cryptographic operations
2M Users
Scoped to single host, no telemetry
700k Users
Deep-dives on the extensions, vendors, and attack patterns our pipeline surfaced.

Signer.Digital's browser extension and its native helper turned a path-traversal bug into drive-by remote code execution on Windows. Any web page you visited could load an attacker DLL into a process on your machine, then escalate to administrator with a single UAC click.




Researchers, security teams, banks, government agencies we've quietly saved from a very bad week.

Nang
CTO, Streamable
At Streamable, we can't afford security incidents and Am I Being Pwned found problematic extensions we had installed.
Centre for Cybersecurity Belgium
Wall of Fame 2026
Recognised for the responsible disclosure of critical vulnerabilities affecting users in Belgium and across the EU.

@phia
Phoebe Gates & Sophia Kianni
Am I Being Pwned made Phia more secure.
Integrations
Three ways to wire up Am I Being Pwned. Use one or all of them.