A few weeks ago, I was wrestling with a major life decision. Like I've grown used to doing, I opened Claude and started thinking out loud-laying out the options, weighing the tradeoffs, asking for perspective.
Midway through the conversation, I paused. I realized how much I'd shared: not just this decision, but months of conversations-personal dilemmas, health questions, financial details, work frustrations, things I hadn't told anyone else. I'd developed a level of candor with my AI assistant that I don't have with most people in my life.
And then an uncomfortable thought: what if someone was reading all of this?
The thought didn't let go. As a security researcher, I have the tools to answer that question.
The Discovery
We asked Wings, our agentic-AI risk engine, to scan for browser extensions with the capability to read and exfiltrate conversations from AI chat platforms. We expected to find a handful of obscure extensions-low install counts, sketchy publishers, the usual suspects.
The results came back with something else entirely.
Near the top of the list: Urban VPN Proxy. A Chrome extension with over 6 million users. A 4.7-star rating from 58,000 reviews. A "Featured" badge from Google, meaning it had passed manual review and met what Google describes as "a high standard of user experience and design."
A free VPN promising privacy and security. Exactly the kind of tool someone installs when they want to protect themselves online.
We decided to look closer.
... continue reading