Which AI browser extensions have been caught collecting sensitive data?

Monica AI, Sider, Harpa, Merlin, and MaxAI were flagged in a 2025 UCL study. Merlin was caught exfiltrating a researcher's SSN from an IRS form. Monica collects data it explicitly promises not to collect.

How do AI extensions access sensitive data?

AI extensions with 'read all site data' permission inject content scripts into every page the user visits, including banking sites, health portals, and email. They can read form fields, page content, and DOM state before sending it to their servers.

What did the UCL 2025 AI extension privacy study find?

Researchers from UCL, UC Davis, and Mediterranea University tested 9 popular AI extensions in August 2025. All collected more data than their privacy policies disclosed. Monica and Sider had the highest profiling level, including email content and patient health records.

← Back to dashboard

clawsmith.com/signal/ai-browser-extensions-secretly-exfiltrate-sensitive-data

⚠ IssueUnderservedbrowser_extensionLive

Popular AI browser extensions secretly collect email content, SSNs, and health records despite privacy promises

A UCL, UC Davis, and Mediterranea University study (August 2025) tested 9 popular AI browser extensions and found widespread privacy violations. Monica AI explicitly promises not to see browsing data yet transmits sensitive info from public and private sites. Merlin AI was caught exfiltrating a researcher's Social Security Number entered into an IRS form. Sider and Harpa collect full DOM content and send it to third-party analytics. Palo Alto Unit 42 found AI-powered summary extensions sending email data to external servers in plaintext. A Kolide article 'AI browser extensions are a security nightmare' drew 260 HN points and 122 comments. Incogni analyzed 238 AI Chrome extensions and found the most popular ones were also the most privacy-invasive.

Product Idea from this Signal

A browser extension that audits what AI extensions are transmitting from your browser and blocks unauthorized data collection in real time

902 ▲

AI-powered Chrome extensions are being caught silently collecting emails, SSNs, health records, and financial data from pages users visit, even while promising privacy. No tool currently intercepts this at the network level inside the browser and gives users per-extension, per-site control over what gets sent. This product runs alongside any browser session, monitors outbound requests from installed AI extensions, classifies what data categories are leaving, and lets users block or allow on a granular basis.

browser-privacyai-extension-securitydata-exfiltrationconsumer-securitychrome-extension

Competitive208 leadsView Opportunity →

Score Breakdown

902

Social Proof 2 sources

Chrome extensions spying on users browsing data

2/11/2026

520 HN

AI browser extensions are a security nightmare

6/1/2023

382

Existing Solutions 2 competitors

Incogni AI Extension Risk ReportPublished 2025, widely cited in security press. Not a product.

Incogni publishes annual rankings of AI Chrome extensions by privacy risk. Informational only, no actionable blocking.

Privacy Badger (EFF)Millions of users. Open source, EFF-maintained. Does not address AI extension server-side data collection.

Browser extension that blocks tracking scripts and pixels. Not designed for AI extension data exfiltration.

Gap Assessment

UnderservedExisting solutions leave gaps

Incogni publishes ranking reports but is informational only. No extension or tool actively blocks sensitive data leaving the browser to AI extension servers. Privacy Badger and uBlock focus on ad tracking, not AI extension data exfiltration. A privacy firewall specifically for AI extensions does not exist.

Frequently Asked Questions

Virality Score

902

across 0 platforms

Details

Signalissue

Ecosystembrowser_extension

Sources2

Platforms0

Updated4h ago

Trend→ stable

Top ideas

All ideas →

0A mobile app that saves articles fully offline with a one-time purchase and no cloud subscription 0A CLI tool that benchmarks AI coding agents against a team's own real production tasks and codebase 0An MCP server that gives AI agents a production-grade browser session with built-in anti-bot bypass, CAPTCHA resolution, and stateful session recovery