How did browser extensions steal 8 million AI conversations?

Urban VPN and 7 related extensions intercepted all ChatGPT, Claude, and Gemini conversations via a silent update in July 2025, transmitting prompts and responses to BiScience data brokers.

Which Chrome extensions were caught selling AI chat data?

Urban VPN Proxy (6M users), 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker — all had Google's Featured badge.

Can browser extensions see your ChatGPT conversations?

Yes. Extensions with broad permissions can inject scripts on any webpage, including ChatGPT, and intercept all text before it's sent or after it's received.

How to protect AI conversations from browser extension spying?

Use minimal extensions, audit permissions, prefer browser profiles with no extensions for AI work, or use a dedicated private browser window.

Does Google's Featured badge guarantee a Chrome extension is safe?

No. Both the Urban VPN extension and fake AI sidebar extensions had Google's Featured badge while harvesting sensitive user data.

← Back to dashboard

clawsmith.com/signal/privacy-extensions-selling-8m-ai-conversations

⚠ IssueWide OpenLive

8M Users' AI Conversations Secretly Harvested and Sold by 'Privacy' Browser Extensions

Urban VPN and 7 related Chrome/Edge extensions, marketed as privacy and security tools with Google's Featured badge, were secretly intercepting all ChatGPT, Claude, Gemini, Grok, and DeepSeek conversations and selling them to data broker BiScience. Harvesting began July 2025 via silent update. Exposed by Koi Security in December 2025. HN hit 832 points. Extensions had 8M+ combined users.

Product Idea from this Signal

A browser extension that runs an AI browsing agent entirely on the user's own API key with zero data sent to external servers

1.3k ▲

Cloud AI sidebar extensions were caught harvesting 8M users' ChatGPT, Claude, and Gemini conversations and selling them to a data broker. The breach triggered a measurable demand spike for a local-first alternative. BrowserBee showed the demand is real (153 HN points for a side-panel browser agent with local LLM support), but BrowserBee is indie/early and not built for non-technical users. No polished, privacy-native AI browser agent exists that combines BYO-API-key routing, a clean side-panel UX, and a verifiable zero-telemetry architecture. The gap is underserved on the mainstream user end and wide-open on the verifiably private end.

browser-extensionai-agentprivacylocal-firstbyokchromellm-routing

Competitive143 leadsView Opportunity →

Product Idea from this Signal

A browser extension that monitors installed extensions for ownership transfers, permission scope changes, and suspicious outbound data requests in real time

5.8k ▲

Chrome extensions are a weaponized attack surface with no end-user runtime defense. Three documented incidents expose the gap: Honey hijacked affiliate cookies for millions of users (MegaLag expose: 9.4M YouTube views, 4M Chrome users lost); Urban VPN and 7 related extensions silently intercepted 8M users ChatGPT, Claude, and Gemini conversations and sold them to a data broker via a silent update; QuickLens and ShotBird were purchased by threat actors in Feb 2026 and turned malicious within weeks, stripping CSP headers and injecting remote JS on every page load. The Chrome Web Store review system does not alert existing users when an extension changes ownership or gains new permissions post-install. No consumer-facing tool watches for these events at runtime. This extension sits inside Chrome, monitors every other installed extension for developer/publisher changes, permission manifest diffs, and anomalous outbound network requests (especially to AI conversation endpoints), and surfaces alerts before damage is done.

browser-extensionsecurityprivacychromesupply-chainai-conversationsextension-monitoring

Competitive964 leadsView Opportunity →