A popular browser-based VPN extension marketed as a free privacy and security tool has been exposed for harvesting AI chat data from millions of users—even when its VPN feature is turned off(Browser VPN). Security researchers from Koi Security uncovered that the Urban VPN Proxy extension silently injected code into webpages of major AI platforms to intercept and exfiltrate users’ private conversations with AI services. This covert activity has raised major privacy and data-security concerns worldwide.
Urban VPN Proxy, which boasted millions of installs and held a “Featured” badge on the Chrome Web Store, was trusted by users seeking enhanced privacy. Instead, it acted as a data collection pipeline, capturing full AI prompts, responses, and session metadata across multiple platforms—potentially affecting more than eight million users across Chrome and Edge.
How the AI Chat Harvesting Worked
Researchers found that the data harvesting behavior was introduced quietly through version 5.5.0 of Urban VPN Proxy, released on July 9, 2025. Unlike traditional VPN functionality—which routes network traffic through secure servers—the extension added hidden scripts that activate whenever the browser visits supported AI platforms like ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI.
Key Technical Mechanism
Script Injection: Dedicated executor scripts specific to each AI platform are injected into the page before it fully loads.
API Override: These scripts override core browser network functions (like fetch() and XMLHttpRequest) to intercept data before encryption or rendering.
Data Capture: The extension captures every user prompt, AI response, conversation ID, timestamp, and other session metadata.
Exfiltration: This data is then compressed and sent to remote analytics servers controlled by Urban VPN’s operator and shared with third parties. (The Outpost)
The fact that this process occurred regardless of whether the VPN was active is particularly concerning: disabling the extension’s privacy or “AI protection” toggles did not stop data collection. The hidden harvesting was enabled via hard-coded configuration flags that users could not override, meaning the only way to stop it was to uninstall the extension entirely.
Scope of Data Collected
According to the investigation, the extension captured a wide range of data:
Every user prompt sent to the AI service
Responses generated by the AI
Conversation IDs and timestamps
Session metadata identifying which AI model and platform were used (GIGAZINE)
This level of detail means that private or sensitive information—such as internal business queries, personal health questions, intellectual property, and even login patterns—could be exposed and aggregated without user awareness or consent.
Why This Is a Major Privacy Concern
1. Misleading Trust Signals
Users trusted Urban VPN Proxy not only because it marketed privacy features, but also because it carried a “Featured” badge on the Chrome Web Store—a designation intended to show quality and safety.
2. Automatic Updates
Chrome and Edge extensions update automatically. Users who installed Urban VPN earlier received the surveillance-capable version silently—without requiring new permissions or explicit consent.
3. Persistent Collection
Unlike many browser trackers that activate only under certain conditions, this extension’s AI chat harvesting persisted across visits to all targeted AI sites. Users could not disable it without fully removing the extension.
4. Monetization through Data Brokers
Captured data was reportedly shared with BiScience (B.I. Science Ltd.), a data broker affiliated with Urban VPN’s publisher. This data was potentially packaged into analytics products used by advertising platforms—contradicting privacy expectations. (LinkedIn)
Comparison: Trusted VPNs vs. Browser VPN Extensions
FeatureTrusted VPN AppsBrowser VPN Extensions like Urban VPNCore FunctionSecure tunneling + encryptionBrowser add-on with limited networkingData Privacy GuaranteeOften audited, no-log policiesSilent data collection with opaque policiesPlatform ScopeSystem-wide protectionBrowser only (but deeper page access)Vulnerability to spyware behaviorLow when auditedHigh due to excessive permissions
This incident highlights why trusted, audited VPN clients are generally safer than free browser extensions that request deep access to web pages.
learn more than Credential Attack Targets Enterprise VPN Gateways: What You Need to Know
Conclusion
The exposure of Urban VPN Proxy’s covert AI data harvesting serves as a stark reminder that not all “privacy” tools are truly protective. Users seeking online anonymity must exercise caution—especially with free browser extensions that request broad permissions and auto-update without clear consent.
Security professionals recommend:
Uninstalling suspicious extensions immediately
Validating VPN and privacy tools through independent audits
Using trusted VPN services over browser add-ons for sensitive work
As AI adoption grows, so does the incentive for malicious actors to exploit user trust. This AI chat harvesting scandal underscores the need for stronger ecosystem oversight and user awareness.
