This Google Chrome extension has been silently stealing every AI prompt its users enter

News
By published

Chrome extension has also been stealing AI responses

Half man, half AI.
(Image credit: Shutterstock)
  • Urban VPN Proxy began harvesting AI chatbot prompts and responses after a July 2025 update
  • Collected data, including metadata and conversation IDs, is shared with BIScience for ad analytics
  • Several related Urban extensions perform the same large‑scale data collection

A popular Google Chrome browser extension has been found to be harvesting anything its users prompted into most of the biggest AI tools around, as well as collecting the chatbot's responses, all apparently in order to earn an extra few dollars for its owners.

Urban VPN Proxy has more than six million installations, and a 4.7/5 rating on the Google Chrome Web Store - and on the Microsoft Edge Add-ons marketplace, it has an additional 1.3 million installations.

It used to work as your ordinary VPN - by hiding the user’s actual IP address and thus working around geoblocks and other various restrictions. However, as Koi security researchers discovered, on July 9 2025, the extension was updated with version 5.5.0, which introduced the AI harvesting by default.

Privacy policy updates

Anything users typed into ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, Grok, Meta AI, and Perplexity, would be picked up, as well as anything these tools returned. Furthermore, the extension also extracted conversation identifiers, timestamps, session metadata, and which AI platform and model was used.

The company behind the extension, called Urban Cyber Security, isn’t hiding its practices, noting in its privacy policy document how it’s harvesting “anonymized” data and sharing it with BIScience - another company it owns.

This company is an affiliated ad intelligence and brand monitoring organization. In other words, it analyzes large-scale, anonymized online behavior, helping businesses understand advertising performance, consumer journeys, and competitive activity.

While Urban says it removes personally identifiable data and does its best not to share sensitive information, the company stresses this cannot be guaranteed.

“However, the purpose of this processing is not to collect personal or identifiable data, we cannot fully guarantee the removal of all sensitive or personal information, we implement measures to filter out or eliminate any identifiers or personal data you may submit through the prompts and to de-identify and aggregate the data,” the privacy policy reads.

Koi researchers said the same company has multiple extensions, all of which are harvesting the same data - 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.