Browser add-ons secretly harvest ChatGPT and DeepSeek chats along with user browsing data
Severity
HIGH — Mass Data Exfiltration via Trusted Browser Extensions
Technical Overview
Cybersecurity researchers have uncovered two malicious browser extensions hosted on the Chrome Web Store that secretly exfiltrate AI chatbot conversations and user browsing data to attacker-controlled servers. The extensions specifically target conversations from popular platforms such as ChatGPT and DeepSeek.
Together, the extensions have accumulated over 900,000 users, highlighting the scale of potential exposure. The malicious behavior occurs silently in the background, without visible impact to extension functionality.
Affected Extensions
The identified extensions include:
- Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI
Approximately 600,000 users - AI Sidebar with Deepseek, ChatGPT, Claude, and more
Approximately 300,000 users
Both extensions present themselves as productivity tools that enhance AI interactions. However, behind the scenes, they intercept and transmit sensitive user data.
Data Collection and Exfiltration
Once installed, the extensions monitor browser activity and capture:
- AI chatbot conversations
- Prompts and responses from ChatGPT and DeepSeek
- Browsing activity and metadata
- Potentially sensitive user-generated content
The stolen data is then transmitted to remote servers operated by the attackers, enabling large-scale data harvesting without user awareness.
Campaign Context
Researchers note that this activity follows earlier discoveries involving other popular browser extensions abusing access to spy on AI interactions. The technique of covertly harvesting AI prompts and responses through browser extensions has been referred to as “Prompt Poaching.”
This approach allows attackers to collect sensitive discussions, business queries, proprietary research, and personal information entered into AI tools.
Impact
Compromised users face several risks:
- Exposure of private or confidential AI conversations
- Leakage of business, research, or personal data
- Profiling of user behavior and interests
- Potential follow-on phishing or fraud campaigns
Because many users rely on AI tools for work-related tasks, the stolen data may carry significant value.
Key Risk
Browser extensions operate with broad permissions and high trust. When attackers abuse this trust, they bypass traditional security controls and gain persistent access to user activity.
Recommended Defensive Actions
- Immediately remove suspicious or unnecessary browser extensions
- Review permissions requested by AI-related extensions
- Restrict extension installation through enterprise browser policies
- Avoid entering sensitive data into unverified AI tools
- Monitor outbound browser traffic for unusual data transmission
Organizations should treat browser extensions as part of their attack surface, not as low-risk add-ons.