Urban VPN AI Chat Data Collection Raises Security Concerns
Published
- Hidden AI Data Collection: Injected scripts capture AI prompts and replies across platforms, even when VPN remains disabled.
- Trust Signals and Exposure: Google “Featured” badge increased credibility while extension silently exported sensitive AI conversations.
- Enterprise Security Impact: Collected chats may include internal data, bypassing corporate controls and expanding browser attack surfaces.
A popular free browser VPN extension, Urban VPN Proxy, has been found collecting and exporting users’ AI chat conversations without clear consent, according to new findings by security researchers at Koi Security.
The extension, which has millions of installs and is marked as “Featured” on the Chrome Web Store, reportedly captures full conversations from popular AI platforms, even when its VPN feature is turned off.
Urban VPN AI Chat Data Collected Even Without VPN Use
Koi Security researchers said Urban VPN injects hidden scripts into users’ browsers that activate whenever someone opens AI tools such as ChatGPT, Claude, Gemini, Perplexity, Grok, and others.
These scripts record everything users type into AI chats and also capture the responses they receive. The collected data is then sent to Urban VPN’s backend systems.
Importantly, this activity happens regardless of whether the VPN is enabled or disabled. This means the data collection is not limited to network traffic routed through the VPN.
For workplaces where employees often paste internal documents, source code, customer information, or investigation notes into AI tools, researchers warn this creates a serious data leakage risk that operates outside normal company security systems.
Hidden Scripts Inside a “Privacy” Tool
According to the researchers, Urban VPN uses separate scripts for different AI platforms, such as chatgpt.js, claude.js, and gemini.js. These scripts override key browser network functions to intercept AI conversations in real time.
The code continuously monitors chat content and related details, packages the data, and uploads it automatically.
Despite this behavior, Urban VPN holds high user ratings and carries a “Featured” badge from Google. Researchers pointed out that this badge suggests the extension passed manual review and met Google’s quality standards, which may have increased user trust.
Google did not immediately respond to requests for comment. As of now, both the Chrome and Microsoft Edge versions of the extension remain available in their respective extension stores.
Urban VPN’s store listing also promotes an “AI protection” feature that claims to scan prompts for sensitive data. However, Koi Security said this feature works separately from the data collection system and does not prevent AI chats from being exported.
Links to Data Brokers and Past Concerns
Koi Security revealed that Urban VPN is operated by Urban Cyber Security Inc., which is linked to BiScience (B.I Science Ltd), a company known for data brokering activities.
The researchers noted that BiScience has been investigated in the past by security experts Wladimir Palant and John Tuckner from Secure Annex. Earlier research found that BiScience collected re-identifiable browsing data on a large scale and monetized it through products like AdClarity and Clickstream OS.
According to Koi, hundreds of millions of AI conversations have been collected across multiple browser extensions published by the same group, affecting more than eight million user accounts.
The AI chat monitoring feature was reportedly added gradually through extension updates, evolving from basic browsing data collection into full tracking of generative AI interactions as these tools became more widely used.
Researchers say the findings highlight a growing security concern: browser-based AI tools and extensions are becoming a major blind spot for organizations and should be treated as part of the overall attack surface, not just convenience tools.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular