AI Chat Heist: Chrome Extensions Harvest Private Conversations from Nearly a Million Users

When you chat with an AI, you expect the conversation to stay between you and the machine. But a recent investigation reveals a digital crime wave: two popular Chrome extensions, masquerading as helpful AI tools, have been secretly looting users’ ChatGPT and DeepSeek conversations - along with their browsing histories - and shipping them off to servers controlled by unknown attackers. The scope? Nearly 900,000 unsuspecting users, including employees at major organizations, may have just handed over their most sensitive data on a silver platter.

Fast Facts

• Two Chrome extensions with over 900,000 users were caught exfiltrating AI chatbot conversations and browser data.
• Malware disguised itself as legitimate AI tools, harvesting chats from ChatGPT and DeepSeek every 30 minutes.
• Stolen data included sensitive prompts, search queries, and potentially confidential company information.
• Even legitimate extensions, such as Similarweb and Stayfocusd, have begun collecting AI chat data for analytics.
• The tactic, dubbed "Prompt Poaching," is becoming a widespread threat vector via browser add-ons.

The Anatomy of a Chatbot Data Breach

Researchers at OX Security and Secure Annex sounded the alarm after discovering two extensions - “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “AI Sidebar with Deepseek, ChatGPT, Claude, and more” - actively siphoning off entire AI chat logs and browser tab URLs. Disguised as useful productivity tools, these extensions requested permission to collect “anonymous analytics data.” In reality, they were scraping the entire content of users’ conversations with leading chatbots, storing them locally, and quietly transmitting them to remote servers every half hour.

The extensions even mimicked a legitimate add-on, “Chat with all AI models,” to lull users into a false sense of security. The attackers went the extra mile, using AI-powered web development platforms to host privacy policies and technical infrastructure - making their activities harder to trace.

The stakes are high. While most users might exchange harmless banter with AI, many people - including employees at corporations - use chatbots to draft emails, analyze data, or share sensitive project details. Once this data is exfiltrated, it can be weaponized for identity theft, corporate espionage, or sold to the highest bidder on underground forums.

Legitimate Extensions Join the Game

Alarmingly, the line between criminal and commercial data collection is blurring. Secure Annex found that even reputable extensions like Similarweb and Stayfocusd have started collecting users’ AI chat inputs and outputs, using the data for analytics and market research. Although these companies disclose the practice in their terms of service, their methods - scraping web page elements or hijacking browser APIs - mirror those of outright malware.

As the profitability of “prompt poaching” becomes clear, experts warn that more developers will be tempted to build similar surveillance into their browser extensions. The Chrome Web Store’s safeguards are struggling to keep pace, and even “Featured” badges are no guarantee of safety.

The Takeaway

AI chat isn’t as private as you think. Whether through criminal malware or analytics-hungry corporations, your most sensitive conversations might already be in someone else’s hands. The message is clear: scrutinize every extension, read the fine print, and remember - when it comes to AI, the walls may have ears.

WIKICROOK

• Exfiltrate: Exfiltrate means to steal and transfer data from a victim’s network to an external location controlled by attackers, often as part of a cyberattack.
• DOM Scraping: DOM scraping extracts data from web pages by reading their underlying structure, posing risks of unauthorized data access and privacy breaches.
• Command and Control (C2) Server: A Command and Control (C2) server remotely manages malware-infected devices, sending instructions and receiving stolen data from compromised systems.
• Prompt Poaching: Prompt poaching is the unauthorized capture of user prompts and AI responses from chatbots, posing privacy and security risks for users and organizations.
• Browser Extension: A browser extension is a small add-on that enhances browser features but can also be misused by hackers to steal data or spy on users.