A recent investigation has revealed disturbing data collection practices involving various browser extensions that compromise user privacy by harvesting conversations from popular AI platforms such as ChatGPT, Claude, and Gemini. Koi, a security firm, has published a detailed report outlining the extent of this data gathering, which includes not only user prompts and responses but also conversation identifiers, timestamps, session metadata, and the specific AI models utilized.
The operational script for these extensions functions autonomously from primary services like VPN usage and ad blockers, meaning that even if users disable these features, the collection of their interactions persists. The sole methods to halt this data harvesting involve either disabling the extension within the browser settings or completely uninstalling it.
Koi’s examination first uncovered these issues within Urban VPN Proxy, a VPN extension that advertises “AI protection” as a prominent feature. The troubling data collection reportedly began in early July with the launch of version 5.5.0, raising serious concerns about the security of communications made through these AI platforms while using the extension.
The report advises individuals who utilized AI services while Urban VPN was active from July 9, 2025, onwards to consider that their discussions, which may encompass sensitive medical queries, financial disclosures, or proprietary information, have likely been stored on Urban VPN’s servers and potentially shared with external parties for marketing analytics.
Following this alarming discovery, Koi identified an additional seven extensions exhibiting the same problematic data collection capabilities. Among these, four are accessible through the Chrome Web Store while the remaining four can be found on the Edge add-ons page. Collectively, these extensions have surpassed 8 million installations.
In the Chrome ecosystem, Urban VPN Proxy leads with around 6 million users, followed by its counterpart, 1ClickVPN Proxy, with 600,000 users. Other extensions like Urban Browser Guard and Urban Ad Blocker have approximately 40,000 and 10,000 users, respectively. On the Edge platform, Urban VPN Proxy has roughly 1.32 million installations, with 1ClickVPN Proxy and its other variations attracting a notable number of users as well.
The implications of these findings are striking, particularly given the sensitive nature of the conversations being collected. The extensions often convey contradictory messaging about their handling of user data, raising concerns about the security of deeply personal information that can be leveraged by marketers and data brokers alike. The misleading features, such as the claim of “AI protection” by Urban VPN Proxy, further obscure the reality of how user data is managed.
In the context of cybersecurity, these practices could suggest potential adversary tactics articulated within the MITRE ATT&CK framework. Techniques such as initial access, persistence, and data collection appear relevant, highlighting the ease with which attackers can exploit seemingly innocuous tools to achieve their aims. This incident underscores the necessity for heightened awareness and vigilant scrutiny of browser extensions, especially those presenting dubious privacy claims.
As the cybersecurity landscape becomes ever more complex, business owners and tech-savvy professionals must remain vigilant about the tools they employ, balancing usability with the imperatives of data privacy and security. The revelations regarding these browser extensions serve as a wake-up call, prompting critical reflections on the safeguarding of user interactions in an increasingly interconnected digital space.
