Security experts have warned users to beware of malicious Chrome extensions designed to secretly monitor and exfiltrate users’ AI conversations.

Expel explained in a blog post, published on March 24, that it had observed “several dozen” incidents in the past month of so-called “prompt poaching” by legitimate-looking extensions.

“The functionality is fairly straightforward – the browser extension monitors open tabs, and upon seeing an AI client loaded, will monitor for and collect questions and answers using API interception or DOM scraping,” it said.

“The extension will then package them up and send them to an external server run by the browser extension’s developers.”

Read more on malicious browser extensions: Malicious Google Chrome Extensions Hijack Workday and Netsuite.

There appear to be two main ways that scammers trick their victims.

The first is to impersonate legitimate extensions, such as “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “Talk to ChatGPT” from developer AITOPIA. A report from December last year claimed that two of these malicious extensions had accrued as many as 900,000 unwitting users.

A second tactic is to develop and market a legitimate extension, and then insert malicious functionality once the user base has grown large enough. This is the case with the “Urban VPN Proxy” tool spotted by Expel.

How to Minimize Prompt Poaching Risks

The security vendor urged businesses to prohibit the downloading of AI-related browser extensions and ensure employee use of extensions in general is centrally managed.

“It almost goes without saying that these plugins open the doors to several risks, including identity theft, targeted phishing campaigns, and sensitive data being put up for sale on underground forums,” Expel warned.

“In the case of organizations where employees may have unwittingly installed these extensions, they may have exposed intellectual property, customer data, or other confidential information.”

Expel recommended the following:

• Suggest approved alternatives to reduce the likelihood of users installing potentially dangerous extensions
• Review extension permissions before installation and beware of any that request permissions beyond advertised functionality
• Manage extensions using group policy or browser management consoles, limiting use to those which have been reviewed and approved
• Run periodic audits to understand usage and monitor browser processes for any tools that connect to unknown domains