A Tel Aviv-based security firm, Koi, investigated Urban VPN Proxy, a Google Chrome extension with six million users and a featured badge from Google. The probe revealed executor scripts harvesting user conversations from AI platforms for sale to data brokers.
Koi researcher Idan Dardikman detailed the extension’s operations beyond standard VPN functions. Urban VPN Proxy, published by Urban Cyber Security Inc., includes executor scripts that intercept and capture conversations from major AI platforms. These platforms consist of OpenAI’s ChatGPT, Anthropic’s Claude, Google’s Gemini, DeepSeek, and xAI’s Grok. The scripts activate upon installation, targeting interactions users have with these services directly within the browser environment.
The harvested data covers a wide range of user inputs to AI chatbots. Dardikman specified that it includes medical questions, financial details, proprietary code, personal dilemmas, and all other queries posed to the AI systems. This information gets sold for marketing-analytics purposes, turning private exchanges into commercial assets processed by affiliated entities.
Data collection persists regardless of the VPN’s active status. The executor scripts run continuously from the moment of installation. They operate by default without any user intervention required to start them. No user-facing toggle exists to disable the scraping functionality. Users must uninstall the extension completely to halt the data capture process.
Urban Cyber Security Inc. discloses certain practices in its privacy policy. Dardikman pointed out that the policy states explicitly: “we share the Web Browsing Data with our affiliated company,” identified as the data broker BiScience, “that uses this raw data and creates insights which are commercially used and shared with business partners.” This sharing transforms raw browsing and conversation data into marketable insights distributed to external partners.
In contrast, the Urban VPN Proxy listing on the Chrome Web Store presents different assurances. The page declares that “your data is not being sold to third parties, outside of the approved use cases,” and adds that data is “not being used or transferred for purposes that are unrelated to the item’s core functionality.” These statements appear alongside the featured badge, signaling Google’s review and promotion.
The same publisher operates seven additional Chrome extensions with identical AI-harvesting functionality. These apps collectively serve over two million customers. All but one carry a featured badge on the Chrome Web Store. Each extension embeds the same executor scripts, enabling interception of AI conversations across the listed platforms.
Dardikman issued a direct warning to users. He wrote, “if you have any of these extensions installed, uninstall them now. Assume any AI conversations you’ve had since July 2025 have been captured and shared with third parties.” This recommendation targets users of Urban VPN Proxy and the affiliated extensions to prevent further data exposure.
Users of extensions from this publisher face documented permissions for data sharing. Broader scrutiny applies to privacy policies of other apps. Dardikman’s findings highlight permissions that allow web-browsing data, including AI interactions, to flow to brokers like BiScience for commercial processing and partner distribution.
