MICROSOFT Defender Security Research Team has found malicious Chromium-based browser extensions that impersonate legitimate AI assistant tools to harvest LLM chat histories and browsing data, with reporting noting approximately 900,000 installs and activity across more than 20,000 enterprise tenants. The extensions collect full URLs and AI chat content from platforms such as ChatGPT and DeepSeek, exposing confidential data and potentially leaking sensitive information.
They operate through Chrome and Edge, and were distributed via the Chrome Web Store using AI-themed branding to resemble legitimate productivity tools. Technical analysis shows data such as visited URLs, chat excerpts, model names, and a persistent UUID is stored locally and periodically uploaded to threat actor–controlled infrastructure, including the domains deepaichats[.]com and chatsaigpt[.]com, with telemetry enabled by default after updates.
Mitigation guidance includes monitoring outbound POST traffic to those endpoints, auditing browser extensions, enabling Defender SmartScreen and Network Protection, and educating users to avoid side-loaded or unverified extensions. The researchers emphasise that the extensions’ normal browser behaviour and consent prompts can mask ongoing exfiltration of browsing telemetry and AI chat content. 5 March 2026