Daily Insight: Identity | Browser Extension AI Data Exfiltration

Welcome reader, here’s today’s Daily Cyber Insight.

Brought to you by:

Smallstep – Secures Wi-Fi, VPNs, ZTNA, SaaS and APIs with hardware-bound credentials powered by ACME Device Attestation

 LockThreat – AI-powered GRC that replaces legacy tools and unifies compliance, risk, audit and vendor management in one platform

CybersecurityHQ provides analyst-grade cyber intelligence used by CISOs and security leaders inside the Fortune 100. Each briefing identifies structural security failures and decision breakdowns across identity, machine trust, third-party access, and enterprise attack surfaces. This work exists to inform executive judgment, not to react to headlines.

—

Subscriber access includes weekly CISO briefings, deep-dive intelligence reports, premium research, and supporting tools. Corporate plans available.

Assumption Retired Marketplace curation indicates security vetting.

Insight Urban VPN Proxy, a Chrome extension with over 6 million installs, harvested prompts and responses from AI chatbot sessions across ChatGPT, Claude, Gemini, Copilot, and four other platforms. The interception was enabled by default in a July 9, 2025 update. The extension warns users about sharing sensitive data with AI companies while exfiltrating that data to a data broker. Seven additional extensions from the same publisher contained identical harvesting code. Affected user count across all extensions: approximately 8 million.

Unresolved Edge What fraction of internal code, credentials, or deal terms traversed a consumer browser profile where extensions were unmanaged between July 9, 2025 and discovery?