New \u201cPrompt Poaching\u201d Attack Steals Users\u2019 AI Conversations via Malicious Browser Extensions
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
For many users, engaging with an AI assistant requires opening a dedicated browser tab, which inherently isolates the AI from other browsing activities. While this separation improves privacy, it reduces usefulness and context.<\/p>\n
To bridge this gap, AI-powered browser extensions<\/a> have surged in popularity, allowing AI agents to seamlessly interact with emails, corporate portals, and personal documents across multiple tabs.<\/p>\n However, this convenience introduces a dangerous trade-off. Expel uncovered a new threat dubbed \u201cprompt poaching,\u201d in which malicious browser extensions silently monitor, copy, and exfiltrate sensitive AI conversations without user consent.<\/p>\n Security researchers have recently responded to dozens of incidents involving Chrome extensions<\/a> secretly harvesting user interactions with AI assistants.<\/p>\n The mechanics of prompt poaching are straightforward but highly effective. Once installed, these rogue extensions actively monitor open browser tabs.<\/p>\n When they detect a loaded AI client, they utilize API interception or DOM scraping techniques<\/a> to capture both the user\u2019s inputs and the AI\u2019s responses.<\/p>\n The extension then packages this collected data and quietly transmits it to external command-and-control servers operated by the developers.<\/p>\n Threat actors deploy these malicious capabilities through two primary vectors. The first method involves cloning popular, legitimate extensions and injecting them with data-stealing code<\/a>.<\/p>\n For example, attackers have successfully distributed several malicious clones of tools originally developed by AITOPIA.<\/p>\n We have seen this with \u201cChat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI<\/a>\u201d using the extension ID fnmihdojmnkclgjpcoonokmkhjpjechg.<\/p>\n \u201cAI Sidebar with Deepseek, ChatGPT, Claude, and more\u201d operating under the ID inhcgfpbfdjbjogdfjbclgolkmhnooop. And \u201cTalk to ChatGPT\u201d utilizing the ID hoinfgbmegalflaolhknkdaajeafpilo.<\/p>\n The second method involves compromising an established tool with a wide user base.<\/p>\n A notable example is Urban VPN Proxy,<\/a> tracked under the extension ID eppiocemhmnlbhjplcgkofciiegomcon, which operated as a legitimate service for some time.<\/p>\n According to Expel research<\/a>, once a large enough audience was established, the developers silently introduced prompt poaching capabilities in a subsequent update, immediately exposing all existing users to data exfiltration.<\/p>\n The exfiltration of AI prompts presents severe risks to corporate security and personal privacy.<\/p>\n Employees frequently rely on AI assistants to draft strategic emails<\/a>, summarize proprietary documents, or debug internal code, inadvertently feeding highly sensitive data directly into these tools.<\/p>\n When prompt poaching occurs, it exposes intellectual property, confidential customer data, and proprietary business logic.<\/p>\n This stolen information can easily fuel targeted\u00a0phishing<\/a><\/span> campaigns, facilitate identity theft<\/a>, or end up brokered on underground hacker forums.<\/p>\n To combat the threat of prompt poaching, organizations must adopt strict browser management policies<\/a> rather than relying on user discretion.<\/p>\n Security teams should proactively restrict unapproved plugins using Group Policy and centralized browser management consoles.<\/p>\n Furthermore, organizations should address internal productivity gaps by steering employees toward official desktop clients or first-party extensions developed directly by trusted AI vendors.<\/p>\n Finally, conducting periodic audits of installed extensions and monitoring network traffic for anomalous outbound connections can help identify and neutralize these stealthy threats before significant data loss occurs.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post New \u201cPrompt Poaching\u201d Attack Steals Users\u2019 AI Conversations via Malicious Browser Extensions<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n\nPrompt Poaching<\/strong> Attack<\/strong>
\n<\/h2>\nOrganizational Risks and Impact<\/strong><\/h2>\n