Security researcher Koi Dardikman found that a suite of free browser extensions operated by Urban Cyber Security (Urban VPN/1ClickVPN/Urban Browser Guard/Urban Ad Blocker) with more than 8 million combined installs have been intercepting and exfiltrating users' AI chat conversations since an auto‑updated July 2025 release by injecting JavaScript (chatgpt.js, claude.js, gemini.js, etc.) that overrides fetch()/XMLHttpRequest and sends prompts, AI responses, session metadata and model identifiers to analytics.urban-vpn.com and stats.urban-vpn.com. Urban — affiliated with analytics firm BiScience — discloses AI input/output collection in its privacy policy and markets these extensions as free privacy tools, yet store listings do not clearly disclose the practice, users cannot opt out and many installs predate the change, raising material privacy, reputational and regulatory risks for the vendor and potential exposure concerns for enterprise users and AI platform integrations; the extensions remain listed on Chrome and Edge while Urban has not yet commented.
Security researcher Idan Dardikman (Koi Security) reported that a suite of browser extensions operated by Urban Cyber Security—Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard and Urban Ad Blocker—with more than 8 million combined installs across Chrome and Edge have been intercepting AI chat conversations since an auto-updated July 2025 release (v5.5.0). Koi identified injected JavaScript files (chatgpt.js, claude.js, gemini.js, etc.) that override fetch() and XMLHttpRequest to capture user prompts, AI responses, conversation IDs, timestamps, model/platform identifiers and session data, then exfiltrate these payloads to analytics.urban-vpn.com and stats.urban-vpn.com. The largest distribution points cited are Urban VPN Proxy (6,000,000 Chrome installs; 1,323,622 Edge installs) and 1ClickVPN Proxy (600,000 Chrome installs; 36,459 Edge installs). Urban’s privacy policy discloses collection and sharing of “AI Inputs and Outputs” with affiliate BiScience and asserts de-identification, but storefront listings omit explicit AI-harvesting notices, there is no opt-out, and the capability was added silently to existing installs—raising consent, disclosure and enterprise-exposure concerns. Koi notes harvesting persists even when users disable protection features or disconnect the VPN, and Urban has not responded to requests for comment while the extensions remain published. These facts create tangible reputational, compliance and potential regulatory risk for Urban and for enterprise customers whose employees may have used these extensions. Sentiment signals are moderately negative (sentiment_score -0.55) with a modest market-impact score (0.35), implying likely short-term scrutiny, possible marketplace removals, and pressure on data-monetization business models; investors should watch takedown or enforcement actions, Urban’s public response, and any disclosures from affected platforms and enterprises. Given the exposure of conversational AI data and linked analytics affiliate BiScience, portfolio due diligence should prioritize vendor privacy practices and the potential for downstream legal or remediation costs.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
moderately negative
Sentiment Score
-0.55
