Your AI Chats Are Being Sold – And You Might Be Unknowingly Contributing
Here’s a chilling thought: every conversation you’ve had with ChatGPT or other AI platforms might be up for grabs. But here’s where it gets controversial – a cybersecurity firm claims that certain browser extensions are secretly logging and selling these interactions, and millions of users are completely unaware. And this is the part most people miss: it’s not just about privacy; it’s about the potential misuse of your data in ways you never imagined.
Koi, a cybersecurity company specializing in protecting users from extension-based threats, has dropped a bombshell report. They allege that Urban VPN Proxy, a widely used VPN extension on Google Chrome and Microsoft Edge, has been quietly harvesting user conversations from AI platforms like ChatGPT, Claude, Gemini, and more. According to Koi, this capability was stealthily added in a July update. But how does it work? When you visit any of these platforms, the extension injects a script into the webpage, effectively intercepting every message you send or receive. This data is then funneled to external servers controlled by the extension’s creators.
Urban VPN Proxy isn’t alone in this scheme. Koi identified several other extensions from the same organization—Urban Cyber Security—that contain the same malicious code. These include 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, collectively boasting over 8 million users. What’s more, Urban Cyber Security is reportedly affiliated with BiScience, a data broker, raising questions about where this harvested data ultimately ends up.
Here’s the kicker: while Koi doesn’t have concrete evidence of how the logged conversations are being used, Urban VPN’s own privacy policy admits to collecting AI prompts and outputs for “marketing analytics purposes.” That’s right—your chats could be fueling targeted ads or worse. Koi’s advice? Uninstall these extensions immediately and assume any AI conversations since July 2025 have been compromised.
But Urban VPN isn’t taking these claims lying down. In a recent blog post, they dismissed the allegations as “simply not true,” insisting that conversation data is only processed if users opt into their ‘AI Protection’ feature. They also claim to filter out personal or sensitive information. However, they didn’t deny targeting AI platform content or selling it to customers. Moving forward, they promise to clarify their opt-in process to reduce confusion.
So, what’s the takeaway? While Urban VPN defends its practices, the fact remains that millions of users may have unknowingly exposed their AI interactions. This raises a critical question: How much control do we really have over our digital conversations? And should we trust extensions that operate in such gray areas? Let’s spark a conversation—do you think Urban VPN’s actions are justified, or is this a blatant invasion of privacy? Share your thoughts below!
