A browser extension carrying a “Featured” badge on Google Chrome has been discovered quietly collecting artificial intelligence chat conversations from millions of users. The extension, installed by more than six million people, was observed intercepting prompts and responses from popular AI platforms without clear user awareness.
Security researchers revealed that the extension, Urban VPN Proxy, gathered conversations from AI services such as ChatGPT, Claude, Microsoft Copilot, Google Gemini, Grok, Meta AI, and Perplexity.
Urban VPN Proxy, developed by Urban Cyber Security Inc., holds a high user rating on the Chrome Web Store and markets itself as a secure free VPN designed to protect online identity and hide IP addresses. However, an update released on July 9, 2025 introduced AI data collection functionality that was enabled by default.
Researchers found that the extension injects custom JavaScript files into AI chatbot websites. These scripts intercept browser network requests by overriding standard APIs such as fetch() and XMLHttpRequest(), allowing the extension to capture complete conversations. The collected data is then transmitted to remote servers operated by the company.
The information harvested includes user prompts, chatbot responses, session identifiers, timestamps, metadata, and details about the AI platform and model in use.
According to Idan Dardikman from Koi Security, the issue is particularly concerning because browser extensions update automatically. Users who installed the tool for VPN functionality unknowingly received new code capable of monitoring their AI interactions.
Urban VPN’s updated privacy policy states that AI prompt data is collected for safe browsing enhancements and marketing analytics. While the company claims that secondary usage relies on anonymized and de identified data, it also acknowledges that sensitive information may still be processed due to the nature of AI prompts.
The policy further discloses that browsing data is shared with third parties, including an affiliated ad intelligence firm called BIScience. Notably, BIScience also owns Urban Cyber Security Inc. and is reported to use raw, non anonymized data to generate commercial insights shared with business partners.
Earlier this year, BIScience was accused by an anonymous researcher of collecting detailed browsing histories through misleading disclosures. The company allegedly provides a software development kit to other extension developers, enabling clickstream data collection that is sent to servers under its control.
Urban VPN promotes an “AI protection” feature that warns users about sharing personal data with chatbots. However, researchers observed that AI conversation harvesting occurs regardless of whether this feature is enabled. While users may see warnings about sensitive data, the same data is still transmitted to Urban VPN’s infrastructure.
Koi Security also identified similar AI data harvesting behavior in other extensions from the same publisher, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. Together, these extensions account for more than eight million installations across Chrome and Microsoft Edge. Most of them also carry the “Featured” badge, which can create a false sense of trust among users.
The findings highlight how trusted extension marketplaces can be abused to collect highly sensitive data at scale. As more users rely on AI chatbots for advice, personal discussions, and emotional support, silent monitoring of these interactions raises serious privacy and security concerns.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
