Cybersecurity researchers identified two malicious Chrome extensions—"Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude, and more"—with a combined user base exceeding 900,000. These extensions stealthily exfiltrate user conversations from AI chatbots ChatGPT and DeepSeek, as well as browsing data including open tab URLs, to attacker-controlled command and control (C2) servers approximately every 30 minutes. The extensions request user consent under the guise of collecting anonymous analytics but instead scrape DOM elements to capture chat messages and store them locally before transmission to domains such as chatsaigpt[.]com and deepaichats[.]com. The attackers leverage AI-powered web development platforms to host infrastructure components and obfuscate malicious activity. This tactic, termed 'Prompt Poaching' by Secure Annex, enables attackers to harvest sensitive conversational data that may include intellectual property, customer information, and confidential business details. The malicious extensions impersonate a legitimate extension with a large user base to increase trust and downloads. Additionally, legitimate extensions like Similarweb and Stayfocusd have been found to collect AI prompt data explicitly, raising privacy concerns. The threat exploits the trust model of browser extensions and user consent mechanisms, with no authentication or user interaction beyond initial permission granting required. Although no active exploits beyond data exfiltration are reported, the potential for corporate espionage, identity theft, and targeted phishing is significant. The extensions remain available on the Chrome Web Store, highlighting ongoing risks. This threat underscores the emerging trend of malicious and privacy-invasive browser extensions targeting AI chatbot data, necessitating heightened scrutiny and mitigation efforts.

European organizations are at risk of sensitive data leakage through employee use of these malicious extensions. The exfiltrated data includes AI chatbot conversations that may contain proprietary business information, customer data, and internal communications, as well as browsing activity revealing corporate URLs and search queries. Such data theft can facilitate corporate espionage, enabling competitors or nation-state actors to gain strategic advantages. Identity theft and targeted phishing campaigns can also arise from harvested personal and organizational information. The widespread installation base increases the likelihood of exposure across various sectors, including finance, technology, healthcare, and government. The threat undermines trust in browser extensions and AI tools, potentially impacting digital transformation initiatives. Given the extensions' persistence on official stores, organizations may face challenges in fully eradicating the risk without proactive measures. The impact extends beyond confidentiality to potential reputational damage and regulatory compliance issues under GDPR if personal data is compromised. Overall, the threat poses a moderate to high risk to European entities relying on AI chatbots and browser extensions for business operations.

Organizations should implement strict browser extension policies, restricting installation to vetted and approved extensions only. Deploy enterprise browser management tools to monitor and control extension usage and permissions. Conduct regular audits of installed extensions on employee devices to identify and remove suspicious or unauthorized add-ons. Educate employees about the risks of installing extensions from unverified sources, emphasizing the dangers of granting broad permissions. Employ endpoint detection and response (EDR) solutions capable of detecting unusual network traffic patterns indicative of data exfiltration. Use network security controls to block or monitor traffic to known malicious domains such as chatsaigpt[.]com and deepaichats[.]com. Encourage the use of privacy-focused browsers or profiles that isolate work-related AI chatbot usage from personal browsing. Collaborate with legal and compliance teams to assess potential GDPR implications and prepare incident response plans for data breaches involving AI chatbot data. Stay informed about updates from browser vendors regarding extension policies and removals. Finally, consider deploying Data Loss Prevention (DLP) solutions tailored to detect sensitive data leaving endpoints via browser extensions.