8M VPN users just got their AI chats wiped and sold

Source: Cybernews

Widely used Chrome browser extensions have been quietly wiping users’ conversations with AI chatbots and selling the sensitive data to third parties.
However, after analyzing the extension’s code, researchers found that it contains scripts designed to intercept and exfiltrate conversations from at least ten major AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.
According to Koi, the data collection is enabled by default through hardcoded configuration flags. There is no user-facing option to disable it, meaning users cannot opt out without uninstalling the extension entirely.
“We checked whether the same code existed elsewhere. It did. The identical AI harvesting functionality appears in seven other extensions from the same publisher, across both Chrome and Edge,” wrote Koi. The extensions span multiple product categories such as VPNs, ad blockers, and browser security tools, but all share the same underlying surveillance backend. In total, they affect 8 million users.

To read the complete article see: https://cybernews.com/security/ai-chat-vpn-extension-spying/