A Chrome VPN extension with a “Featured” badge and millions of users quietly logged every prompt and response on major AI chat platforms, including popular consumer and enterprise chatbots. Marketed as a free, secure VPN that protects online identity and hides IP addresses, the extension was updated in mid‑2025 with hidden AI data collection enabled by default.
The extension used custom JavaScript executors for different AI platforms to hook into each chatbot page when a user visited it. Once active, it overrode core browser network APIs such as fetch and XMLHttpRequest, forcing traffic through the extension’s code so it could capture full conversations before sending them to remote analytics servers.
What data was collected and where it went
The data harvested went far beyond simple usage metrics and included:
- Prompts entered by users into AI chatbots
- Full chatbot responses
- Conversation IDs and timestamps
- Session metadata
- Details of the AI platform and model in use
All of this information was forwarded to specific telemetry servers controlled by the extension’s operator, enabling large‑scale profiling of user interactions with AI tools. An affiliated advertising and brand intelligence firm used the raw browsing data to build commercial insights that were then shared with business partners.
Privacy policy, “AI protection,” and trust abuse
A revised privacy policy openly stated that AI prompts and outputs were collected as part of “browsing data,” ostensibly for safe browsing and analytics, while claiming efforts to de‑identify and aggregate information. At the same time, the policy acknowledged that sensitive personal information might be processed and that complete removal of personal data could not be guaranteed.
The extension promoted an “AI protection” feature that warned users about sharing sensitive data and scanning responses for unsafe links, framing the monitoring as a safety benefit. In reality, data collection occurred regardless of whether this feature was enabled, meaning users’ conversations were harvested even when they believed they were protected.
Other affected extensions and marketplace response
Security researchers identified identical AI harvesting behavior in several other browser extensions from the same publisher across Chrome and Edge, raising the combined install base to more than eight million users. Most of these extensions also carried “Featured” badges, suggesting platform approval and best‑practice compliance to typical users.
Following the disclosure, all four related extensions were removed from the Chrome Web Store, although Edge variants remained available for a time with their Featured badges stripped. The incident underscores how extension marketplaces and trust labels can be exploited to quietly collect highly personal AI chat data, especially as more people use chatbots to discuss private topics and seek sensitive advice.
Read more such articles from our Newsletter here.
