Your Browser Betrayed You: AI Chats Spilled

Key Takeaways

• Malicious Chrome extensions intercepted ChatGPT and DeepSeek conversations
• Attackers exploited trusted browser add-ons rather than AI platform vulnerabilities
• Sensitive enterprise and personal data was silently exfiltrated
• AI usage through consumer tools introduces unseen security exposure
• Supply chain risks extend directly into AI workflows

Summary

When AI Turns Rogue: The Browser Extension Breach and What It Means for the Future of AI Trust

In late 2025, security researchers discovered a campaign involving malicious browser extensions designed to harvest conversations from popular AI chat platforms including ChatGPT and DeepSeek. As first reported by Security Boulevard, attackers abused browser permissions to capture sensitive prompts and responses without user awareness. This breach highlights how AI adoption through everyday tools can quietly expose proprietary and personal data, underscoring the urgent need for AI-specific visibility and controls. (Security Boulevard)

What Happened: Incident Overview

The incident surfaced after security firm OX Security published findings showing two malicious Chrome extensions were harvesting AI chat content and browsing data. These extensions, masquerading as legitimate tools, had been downloaded by hundreds of thousands of users before they were flagged.

Rather than exploiting vulnerabilities in the AI platforms themselves, the attackers leveraged the trust users place in browser extensions. Once installed, the extensions monitored web activity and extracted content from AI chatbot sessions including ChatGPT and DeepSeek, sending it to attacker-controlled servers every 30 minutes. (Security Boulevard)

Because data theft occurred at the browser layer, platform-level security controls offered no visibility into the exfiltration.

How the Breach Happened

This breach stemmed from a combination of supply chain abuse, overly broad extension permissions, and AI usage patterns. The malicious extensions requested permissions that allowed them to access desktop browser content in broad scope—a permission that enabled silent interception of AI conversation text rendered in the browser. (Security Boulevard)

From a traditional security standpoint, the failure stemmed from insufficient vetting of browser extensions and overreliance on marketplace trust signals.

From an AI security perspective, the incident exposed a critical blind spot. AI prompts and responses often contain sensitive intellectual property, internal context, and personal data, yet they are rarely treated as high-risk assets. Because AI interactions commonly bypass standard DLP controls, attackers were able to harvest valuable data without triggering alerts. (Security Boulevard)

Impact: Why It Matters

The most immediate impact was unauthorized exposure of AI-generated conversations, including confidential business discussions, source code, strategic plans, and personal information. For enterprises, this raises the risk of intellectual property leakage and potential regulatory exposure if personal or regulated data was involved. (Security Boulevard)

Reputational damage is also a concern. Organizations encouraging AI adoption may unknowingly expose sensitive data through unmanaged tools, eroding trust with customers and partners. This incident reinforces that AI security extends beyond models and APIs into the full ecosystem of tools, plugins, and user interfaces.

From a governance standpoint, the breach raises questions about compliance with leading frameworks such as the NIST AI Risk Management Framework. Unmanaged access points like browser extensions represent a growing and under appreciated attack surface.

PointGuard AI Perspective

This incident underscores a fundamental AI security challenge: organizations often lack visibility into how AI is used, where sensitive data is shared, and what unmanaged access paths introduce risk.

PointGuard AI helps address these gaps by providing continuous AI risk monitoring across models, tools, and usage patterns. With capabilities such as:

• AI Asset Discovery & SBOM visibility — Uncovers where AI technologies (including browser-based access) are deployed in the enterprise. (PointGuard AI)
• AI Security & Governance — Enforces policies to ensure sensitive data isn’t exposed via inputs or outputs, no matter how AI is accessed. (PointGuard AI)
• AI Data Protection — Prevents sensitive information from being leaked, with real-time scanning of prompts and responses. (PointGuard AI)

PointGuard AI also enables proactive detection of anomalous data flows that could indicate exfiltration or misuse before they escalate into widespread incidents.

As AI adoption grows, incidents like this demonstrate that trust cannot be assumed. Proactive, AI-native security controls are essential for safe innovation. PointGuard AI’s solutions give organizations confidence by securing AI usage wherever it occurs and ensuring that convenience does not come at the cost of control.

Incident Scorecard Details

Total AISSI Score: 7.6/10

Criticality = 7.5, Sensitive enterprise and personal AI conversations were exposed.

Propagation = 8.0, Widely installed browser extensions enabled rapid spread.

Exploitability = 7.0, Low technical complexity once permissions were granted.

Supply Chain = 8.5, Compromise occurred through trusted third-party browser extensions.

Business Impact = 7.0, Intellectual property leakage, privacy exposure, and governance risk for organizations using AI tools.

Sources

• Security Boulevard – Widely Used Malicious Extensions Steal ChatGPT, DeepSeek Conversations
  https://securityboulevard.com/2025/12/widely-used-malicious-extensions-steal-chatgpt-deepseek-conversations/ (Security Boulevard)
• Cybernews – “Featured” Chrome extensions stole ChatGPT chats
  https://cybernews.com/security/chrome-extensions-steal-chatgpt-data/ (cybernews.com)
• PointGuard AI Official Site – Company and AI security overview
  https://www.pointguardai.com/ (PointGuard AI)
• PointGuard AI AI Security & Governance – Solution details
  https://www.pointguardai.com/ai-security-governance (PointGuard AI)
• PointGuard AI AI Data Protection – Data loss prevention and sensitive data controls
  https://www.pointguardai.com/ai-data-protection (PointGuard AI)
• NIST AI Risk Management Framework – AI governance and compliance resource
  https://www.nist.gov/itl/ai-risk-management-framework