Urban VPN caught logging private ChatGPT and Claude chats
Summary
Security researchers have discovered that Urban VPN, a Chrome extension with millions of installs and even a "Featured" badge from Google, has been quietly intercepting users’ conversations with AI chatbots like ChatGPT, Claude and Gemini. Analysis by cybersecurity firm Koi shows the extension injecting JavaScript into AI sites to capture prompts, responses and metadata, then sending that data to remote servers regardless of whether the VPN is actually in use. A separate, more detailed write‑up notes that Urban VPN’s business model appears to revolve around monetizing this data, effectively turning highly sensitive AI queries into an analytics product sold to third parties. The case highlights just how fragile privacy can be around generative‑AI tools, where people routinely paste medical, financial and work information into chats they assume are confidential. It also raises hard questions for platform operators like Google, whose endorsement signals clearly weren’t enough to protect users from a rogue extension.
Related Deals
Google and Google DeepMind committed roughly $13.05 million in grants to India’s AI centers of excellence, Wadhwani AI and several Indic‑language AI startups to accelerate AI deployment in health, agriculture, education and smart cities.
Disney granted OpenAI’s Sora a one‑year exclusive license to use over 200 Disney, Marvel, Pixar and Star Wars characters for user‑generated AI video content as part of a broader three‑year partnership.
BBVA and OpenAI formed a strategic partnership to co‑develop AI‑powered banking experiences and deploy ChatGPT Enterprise to BBVA’s global workforce.
BBVA and OpenAI entered a strategic partnership to expand ChatGPT Enterprise to BBVA’s global workforce and co-develop AI solutions for banking operations and customer experiences.
Disney makes a $1B equity investment in OpenAI alongside a multi-year character-licensing partnership for Sora-generated short videos.
