Urban VPN Proxy Surreptitiously Intercepts AI Chats

Source: Schneier on Security

Overview

A new threat has emerged: the Urban VPN Proxy extension is capable of silently intercepting conversations on a wide range of AI chat services. The extension installs a dedicated “executor” script for each platform, allowing it to capture user inputs and AI responses without the user’s knowledge.

Targeted AI Platforms

• ChatGPT
• Claude
• Gemini
• Microsoft Copilot
• Perplexity
• DeepSeek
• Grok (xAI)
• Meta AI

How It Works

For each of the platforms listed above, the extension includes a platform‑specific executor script. These scripts:

1. Hook into the web page’s JavaScript environment.
2. Listen for outgoing API calls that contain the user’s prompt.
3. Capture the AI’s response before it is rendered on the screen.
4. Store the intercepted data locally or forward it to a remote server controlled by the attacker.

The approach is “surreptitious” because it operates entirely within the browser extension’s sandbox, making detection difficult for the average user.

Potential Risks

• Privacy breach: Sensitive or confidential information shared with AI assistants could be exfiltrated.
• Intellectual property theft: Proprietary prompts or generated content may be harvested.
• Credential leakage: If users paste passwords or API keys into a chat, those could be captured.

Mitigation Strategies

• Audit extensions: Regularly review installed browser extensions and remove any that are unnecessary or untrusted.
• Use isolated browsers: Run AI chat sessions in a dedicated, minimal‑extension browser profile.
• Network monitoring: Employ tools that alert on unexpected outbound traffic from your browser.
• Stay informed: Follow security advisories from reputable sources (e.g., Schneier on Security) for updates on emerging threats.

The information above reflects the findings reported by Schneier on Security on December 24 2025.