Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers' control. The names of the extensions, which collectively have over 900,000 users, are below - Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID:
For the Cybersecurity sector, this illustrates the need for advanced threat detection mechanisms specifically targeting AI application data theft. For Frontier Models, it emphasizes the crucial role of securing training data and user interaction data to maintain model integrity and user trust.
Operational impact: Businesses need to implement stricter security protocols for employee use of AI tools, including vetting browser extensions and educating users on data security risks. AI platform providers must enhance their API security and implement monitoring systems to detect and prevent unauthorized data access, potentially increasing operational costs in the short term but improving data security posture and reducing long-term risk.