ChatGPT users warned their private chats could be 'sold for profit'

ChatGPT users have been warned that their private chats could be at risk of being 'sold for profit' according to new research.

Just when you thought your AI conversations were secure, new evidence suggests otherwise. Despite many users treating the chatbots like personal therapists, discussing finances, intimate questions and sensitive issues, warnings continue that these conversations aren't actually private.

The newest warning comes from Koi, a security research firm that has discovered a family of Google Chrome extensions harvesting user chats and selling them to third parties.

“Medical questions, financial details, proprietary code, personal dilemmas,” Koi said. "All of it, sold for ‘marketing analytics purposes.’"

Several AI chatbots are at risk (Robert Way/Getty)

These extensions don't target just one AI assistant either. Using any AI assistant through your browser poses a risk, including ChatGPT, Gemini, Claude, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

Koi explained: "For each platform, the extension includes a dedicated ‘executor’ script designed to intercept and capture conversations. The harvesting is enabled by default through hardcoded flags in the extension’s configuration.

“There is no user-facing toggle to disable this. The only way to stop the data collection is to uninstall the extension entirely.” This is because, on the backend of things, 'the extension monitors your browser tabs' so that when you visit any of the targeted AI platforms, it 'injects an "executor" script directly into the page.'

Koi confirmed that 'each platform has its own dedicated script - chatgpt.js, claude.js, gemini.js, and so on.'

There are no limits on what's being collected, either.

Your conversations with AI aren't private (Thanasis Zovoilis/Getty)

“Every prompt you send to the AI. Every response you receive. Conversation identifiers and timestamps. Session metadata. The specific AI platform and model used,” Koi confirmed.

Disturbingly, the feature appeared in an extension update for Urban VPN Proxy, a service which has 6 million users.

“After documenting Urban VPN Proxy’s behaviour," Koi added. "We checked whether the same code existed elsewhere. It did. The identical AI harvesting functionality appears in seven other extensions from the same publisher, across both Chrome and Edge."

The extensions carry store approval from Google and Microsoft. All but one display 'Featured' badges to signal to users that 'the extensions have been reviewed and meet platform quality standards.'

While Urban VPN's privacy policies technically disclose this data collection, they're 'buried deep in the document,' which you can find 'if you know where to look.' The extension processes ‘ChatAI communication’ along with 'pages you visit’ and ‘security signals,’ claiming this is done ‘to provide these protections.’

According to Koi, UrbanVPN's privacy policy states: "As part of the Browsing Data, we will collect the prompts and outputs queried by the End-User or generated by the AI chat provider, as applicable.’ And: ‘We also disclose the AI prompts for marketing analytics purposes.’”

Bear in mind that these extensions 'remained live for months while harvesting some of the most personal data users generate online.' So if you've used them, Koi advises uninstalling them, adding: "Assume any AI conversations you've had since July 2025 have been captured and shared with third parties.”