A cybersecurity company claims that a number of web browser extensions are secretly logging and selling users’ conversations with AI chatbots. 

Koi, cybersecurity firm focused on developing protections against extension-based attacks, has released a report alleging that Urban VPN Proxy, a popular VPN extension on Google Chrome and Microsoft Edge, has a hidden function to harvest user conversations on AI platforms including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI. The extension was updated with this new capability in July, according to Koi. 

The report says that when users with the extension visit any of the above platforms, the extension injects an “executor” script directly into the webpage, so that “every network request and response on that page passes through the extension’s code first.” This means the extension sees every message sent by users and generated by the AI platforms. Once the info has been collected, it’s sent to the extension’s external servers. 

Urban VPN Proxy wasn’t the only extension that Ko identified as containing AI harvesting functionality. The firm identified the following extensions, all of which come from the same organisation, as containing the same malicious code: 

Google Chrome Extensions:

– Urban VPN Proxy – 6,000,000 users

– 1ClickVPN Proxy – 600,000 users

– Urban Browser Guard – 40,000 users

– Urban Ad Blocker – 10,000 users

Microsoft Edge Extensions:

– Urban VPN Proxy – 1,323,622 users

– 1ClickVPN Proxy – 36,459 users

– Urban Browser Guard – 12,624 users

– Urban Ad Blocker – 6,476 users

In total, according to Koi, over 8 million users have installed these extensions. The company behind these extensions is Urban Cyber Security, which Koi says is affiliated with BiScience, a data broker company. 

Notably, Koi does not have any data that definitively shows what these entities are doing with the logged conversations, but Urban VPN’s privacy policy includes a passage that says it will “collect the prompts and outputs queried by the End-User or generated by the AI chat provider, as applicable,” and that “we also disclose the AI prompts for marketing analytics purposes.”

“If you have any of these extensions installed,” the Koi team wrote, “uninstall them now. Assume any AI conversations you’ve had since July 2025 have been captured and shared with third parties.” 

On December 18, Urban VPN released a blog post titled “Setting the Record Straight: How Urban VPN’s AI Protection Feature Actually Works.” In the post, the organisation said that “several widely repeated claims are simply not true.” They claim that conversations between users and AI chatbots are only processed if a user explicitly opts in to the extension’s “AI Protection” feature. 

Urban VPN also claimed that it doesn’t collect “raw personal or sensitive information,” from chatbot conversations, as that data is “filtered multiple times” and “stripped of personal or sensitive elements.” Still, the organisation didn’t deny that it is targeting content from specific AI platforms, or that it is selling said content to customers. 

Going forward, Urban VPN says it will be reviewing its UX language to “reduce confusion,” and make opt-in explanations clearer. – Inc./Tribune News Service