A shocking new cybersecurity report revealed that a malicious “free VPN” tool secretly collected full AI chat logs—including ChatGPT and Google Gemini conversations—from over eight million users worldwide(Malicious VPN). Security researchers identified the threat after investigating suspicious outbound network traffic linked to a popular, free-to-download VPN application distributed through browser extension marketplaces.
This alarming discovery exposes the dangerous reality that many free VPN apps offer users privacy on the surface while quietly harvesting sensitive personal data in the background. The exposed conversations reportedly include credentials, personal information, intellectual property, and internal business communications.
The keyword at the center of this incident—malicious VPN—reflects a growing cybersecurity threat as users seek privacy tools without evaluating security risks. The breach raises urgent questions about privacy, trust, AI adoption, and regulatory oversight.
Free VPNs may carry hidden risks
According to cybersecurity publications and independent investigative teams, the malicious VPN captured entire session content, storing conversation logs on remote servers controlled by unknown operators. This means text—including sensitive internal company prompts—was copied in real time.
While premium VPNs encrypt and anonymize traffic, malicious VPNs exploit the trust users place in tools claiming to protect privacy. The VPN threat demonstrates a real-world example of the trade-off between cost and cybersecurity assurance.
Industry experts emphasize the danger:
“If you’re not paying for a VPN, you might be the product. Data exploitation is often the real business model behind ‘free privacy tools.’” – anonymous security researcher, cited in CyberNews investigations.
Evidence points to targeted exfiltration
Researchers discovered code modules designed explicitly for:
intercepting browser requests
reading WebSocket AI chat traffic
logging full text payloads
uploading logs to remote storage
For many users, VPN browsing sessions ran simultaneously with AI assistants such as ChatGPT and Gemini, meaning the attacker gained a trove of valuable behavioral and conversational data.
Scale of the breach
Early estimates suggest:
8+ million affected users
potential leaks of proprietary business discussions
stolen chatbot communications across sectors, including:
tech companies
small businesses
educators
general consumers
AI conversation data offers attackers:
insights into personal identities
training prompts for social engineering
intellectual property extraction
credential harvesting
Comparison: trusted vs malicious VPN models
FeatureTrusted VPNMalicious VPNBusiness modelsubscription revenuedata harvestingPrivacy policytransparent, auditedhidden logging practicesEncryption layerAES-256+ verified protocolunknown or fabricated encryption claimsData retentionnone / minimalpersistent server-side logging
This malicious VPN case reinforces why cybersecurity communities warn users to avoid free VPNs lacking:
third-party audits
transparent business ownership
verified privacy policies
AI privacy: a new attack surface
As AI assistants continue integrating into workflows, data exfiltration risks spike. Conversations increasingly include sensitive queries, internal docs, and user credentials. Attackers exploit this shift because intercepted AI chats reveal:
intentions, decisions, sentiment
business planning
authentication patterns
The malicious VPN breach marks one of the first recorded cases where AI chat logs were explicitly targeted at scale.
learn more than Windows 11 Security Update Breaks VPN Access for Users
Conclusion
The discovery of a malicious VPN stealing millions of ChatGPT and Gemini conversations highlights a serious escalation in digital privacy threats. While VPNs are intended to protect user data, unverified “free VPNs” can become the exact opposite—a pipeline that exposes personal and corporate details to unknown actors.
To mitigate the rising AI-era security risks, experts recommend:
avoiding free VPNs without transparent audits
verifying vendors before installation
using reputable VPN providers with zero-log guarantees
isolating sensitive chat sessions from untrusted tools
As VPN adoption grows alongside AI usage, malicious actors are developing more sophisticated techniques to harvest data. This case underscores that privacy requires informed vigilance—and that the price of a VPN subscription is small compared to the cost of a catastrophic data leak.
