Browser Extensions Harvest 8M Users' AI Chat Data

8 Million Users' AI Conversations Secretly Harvested

Security researchers at Koi Security have uncovered a sprawling data collection operation involving eight browser extensions that secretly intercepted and sold conversations from eight major AI chatbot platforms. The extensions, all tied to Urban Cyber Security Inc. and data broker BiScience, collectively had over 8 million installations across Chrome and Microsoft Edge.

The targeted AI platforms include ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI — covering virtually every major consumer AI chatbot on the market. The harvested conversations were sold to third-party marketing firms through BiScience's data brokerage network.

The Eight Compromised Extensions

The malicious extensions operated across both Chrome and Edge, with some commanding millions of users:

Chrome extensions: Urban VPN Proxy (6 million users), 1ClickVPN Proxy (600,000 users), Urban Browser Guard (40,000 users), and Urban Ad Blocker (10,000 users). Edge extensions: Urban VPN Proxy (1.3 million users), 1ClickVPN Proxy (36,000 users), Urban Browser Guard (12,000 users), and Urban Ad Blocker (6,000 users).

The flagship Urban VPN Proxy extension maintained a 4.7-star rating on the Chrome Web Store, lending it an appearance of legitimacy that helped it accumulate over 6 million Chrome users alone.

How the Data Harvesting Worked

The data collection functionality was added silently via an auto-update on July 9, 2025, in version 5.5.0. Users who had installed the extensions for legitimate VPN or ad-blocking purposes received no notification that their AI conversations were now being captured.

The extensions injected JavaScript code into targeted AI platforms that intercepted API traffic, overrode browser fetch and XMLHttpRequest functions, parsed conversation data in real time, and exfiltrated both user prompts and AI responses to servers at analytics.urban-vpn.com and stats.urban-vpn.com.

"We also disclose the AI prompts for marketing analytics purposes." — Urban VPN Privacy Policy

Beyond AI conversations, the extensions also collected the complete URLs of all open browser tabs, giving attackers visibility into users' browsing habits, internal corporate applications, and potentially sensitive resources.

Discovery and Industry Response

Koi Security's research team identified the threat using their Wings AI risk engine, which scans browser extensions for capabilities that could exfiltrate data from AI platforms. The discovery highlights a growing attack surface: as AI chatbots become repositories of sensitive personal and professional information, they represent high-value targets for data brokers.

All conversations captured since the July 2025 update — roughly eight months of AI interactions — were shared with third parties. For users who discussed business strategies, personal information, code, or confidential work matters with AI chatbots, the breach could have significant implications.

What This Means for AI Users

For professionals who rely on AI chatbots for coding assistance, research, or business communication, this incident is a critical reminder about browser extension security. Users should audit their installed extensions immediately, remove any from the Urban Cyber Security family, and review what permissions their extensions have been granted. The incident also strengthens the case for using dedicated AI apps rather than browser-based interfaces when handling sensitive conversations.