SECURITY experts warn of malicious Chrome extensions that secretly monitor and exfiltrate users’ AI conversations, according to Expel. Expel explained in a blog post published on 24 March that it had observed “several dozen” incidents in the past month of so‑called “prompt poaching” by legitimate‑looking extensions.
The extension activity is described as monitoring open tabs and, upon detecting an AI client, collecting questions and answers using API interception or DOM scraping, before packaging them and sending them to an external server run by the extension’s developers.
There appear to be two main tactics: impersonating legitimate extensions such as “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “Talk to ChatGPT” from developer AITOPIA, with a December last year report claiming two of these malicious extensions had accrued as many as 900,000 unwitting users, and developing a legitimate extension and then inserting malicious functionality once the user base has grown, as with the “Urban VPN Proxy” tool spotted by Expel.
To minimise risk, the security vendor urges organisations to prohibit downloading AI‑related extensions, centrally manage extension use, review permissions, and run periodic audits to monitor browser processes for unknown connections.