A popular browser extension marketed as a free VPN has been secretly collecting and transmitting users’ conversations with major AI chat platforms, potentially affecting millions of people.
According to new research from security firm Koi, the Chrome extension Urban VPN Proxy, which has more than 6 million users and carries a Google “Featured” badge, contains functionality that intercepts AI chat traffic and sends it to company-controlled servers. The activity allegedly occurs regardless of whether the VPN is switched on.
Koi’s researchers found that the extension includes scripts designed to capture conversations across major platforms such as ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI. The scripts are reportedly enabled by default and cannot be disabled through user settings, this mean that a user has to uninstall the extension to stop collection of data.
According to research, the extension injects code into supported AI websites and overrides standard browser network functions, allowing it to capture prompts, responses, timestamps and session identifiers before content is displayed to users. The data is then compressed and sent to Urban VPN’s analytics servers.
Koi said similar data-harvesting capabilities were found in seven additional extensions from the same publisher, including VPNs, ad blockers and browser security tools, potentially affecting more than 8 million users across Chrome and Edge. The firm claims the AI conversation collection was introduced in version 5.5.0 of Urban VPN Proxy, released on July 9, 2025, with many users unaware due to automatic updates.
While Urban VPN promotes an “AI protection” feature meant to warn users about sharing sensitive information, Koi said this operates separately from the alleged harvesting, which continues even when protections are disabled.
Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with data broker BiScience, a company previously linked to large-scale browsing data collection.
“Anyone who used ChatGPT, Claude, Gemini, or the other targeted platforms while Urban VPN was installed after July 9, 2025 should assume those conversations are now on Urban VPN's servers and have been shared with third parties. Medical questions, financial details, proprietary code, personal dilemmas - all of it, sold for "marketing analytics purposes,” Koi has warned.