Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server.
Cybersecurity: The incident exposes a new vector of attack on AI applications which makes securing AI-based products a higher priority. It directly increases the scope of cybersecurity to include protecting LLM user data from malicious extensions. Frontier Models: The attractiveness of LLMs as targets for data theft increases as their user base grows. Model providers need to work with browser vendors to improve security within browser environments.
Businesses using AI-powered extensions need to immediately assess their risk exposure by identifying vulnerable extensions and implementing stricter security protocols, including multi-factor authentication and endpoint protection. Robust employee training is also needed to educate users on identifying and avoiding malicious extensions, along with continuous monitoring of network traffic for suspicious activity related to data exfiltration.