Security firm says browser extensions with 8 million+ installs harvested AI chats

Security firm Koi said several browser extensions available in the Chrome Web Store and Edge add-ons page collected extended conversations with multiple AI services, and that the behavior continued even when users toggled off related features. Koi said the extensions harvested conversations from ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, and Meta AI.

The firm provided a full description of the data captured that includes: every prompt a user sends to the AI, every response received, conversation identifiers and timestamps, session metadata, and the specific AI platform and model used. Koi said the executor script runs independently from the VPN networking, ad blocking, or other core functionality, so collection continues even when those functions are toggled off; the only way to stop the harvesting is to disable the extension in the browser settings or to uninstall it.

Key Topics

Tech, Koi, Urban Vpn Proxy, Chatgpt, Chrome Web Store, Edge Add-ons