New Prompt Poaching Attack Steals AI Conversations via Browser Extensions
Key Takeaways A new attack, termed “prompt poaching,” targets AI conversations through malicious browser extensions. These extensions covertly steal user prompts and AI responses by...
Key Takeaways
- A new attack, termed “prompt poaching,” targets AI conversations through malicious browser extensions.
- These extensions covertly steal user prompts and AI responses by either cloning legitimate tools or compromising established ones.
- The attack poses significant risks to corporate intellectual property, sensitive customer data, and personal privacy.
- Organizations must implement strict browser management policies and monitor for suspicious network activity to mitigate the threat.
The increasing integration of artificial intelligence into daily workflows has led to a surge in AI-powered browser extensions. While these tools offer enhanced convenience by allowing AI agents to interact across various web environments, they also introduce significant security vulnerabilities. Cybersecurity firm Expel has uncovered a novel threat dubbed “prompt poaching,” where malicious browser extensions silently exfiltrate sensitive AI conversations without user consent, posing a substantial risk to both personal and organizational data.
Table Of Content
The Mechanics of Prompt Poaching
Prompt poaching involves rogue browser extensions designed to monitor and capture interactions with AI assistants. Once installed, these extensions actively observe open browser tabs. Upon detecting an AI client, they employ techniques such as API interception or Document Object Model (DOM) scraping to record both the user’s input and the AI’s generated responses. This collected data is then packaged and covertly transmitted to external command-and-control servers operated by the threat actors.
Threat actors primarily deploy these malicious capabilities through two methods:
- Cloning Legitimate Extensions: Attackers create malicious copies of popular, legitimate extensions, injecting them with data-stealing code. Expel researchers observed several instances of malicious clones mimicking tools from AITOPIA. Examples include “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (extension ID: fnmihdojmnkclgjpcoonokmkhjpjechg), “AI Sidebar with Deepseek, ChatGPT, Claude, and more” (extension ID: inhcgfpbfdjbjogdfjbclgolkmhnooop), and “Talk to ChatGPT” (extension ID: hoinfgbmegalflaolhknkdaajeafpilo).
- Compromising Established Tools: In this method, threat actors compromise an existing, widely used extension. A notable example is Urban VPN Proxy (extension ID: eppiocemhmnlbhjplcgkofciiegomcon). According to Expel’s research, after establishing a significant user base, developers silently introduced prompt poaching functionalities in a subsequent update, immediately exposing all existing users to data exfiltration.
Organizational Risks and Impact
The unauthorized exfiltration of AI prompts carries severe implications for corporate security and individual privacy. Employees often leverage AI assistants for tasks involving sensitive information, such as drafting strategic communications, summarizing proprietary documents, or debugging internal code. When prompt poaching occurs, this sensitive data—including intellectual property, confidential customer details, and proprietary business logic—becomes vulnerable. This stolen information can then be exploited for targeted phishing campaigns, identity theft, or sold on illicit hacker forums.
What You Should Do
- Implement Strict Browser Management Policies: Organizations should move beyond relying on individual user discretion. Security teams must proactively restrict unapproved plugins using Group Policy or centralized browser management consoles.
- Promote Official Clients: Guide employees towards official desktop clients or first-party extensions developed directly by trusted AI vendors to address internal productivity needs securely.
- Conduct Regular Audits: Periodically audit installed browser extensions across the organization’s network.
- Monitor Network Traffic: Implement robust network monitoring to detect and alert on anomalous outbound connections, which could indicate data exfiltration from malicious extensions.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.