Microsoft Exposes Malicious AI Browser Extensions Harvesting ChatGPT and DeepSeek Conversations — 900K Installs

Summary

Microsoft has identified a wave of malicious Chromium browser extensions masquerading as AI assistants, distributed through official browser extension stores. The extensions accumulated approximately 900,000 installs across more than 20,000 enterprise environments before detection.

The malicious extensions harvested browsing data and, critically, large language model (LLM) chat content from services including ChatGPT and DeepSeek. Exfiltrated data included internal prompts, proprietary code snippets, and confidential documents shared during AI chat sessions. The extensions operated as fully functional AI tools while silently siphoning sensitive data in the background.

Source

Reported by ACI Learning and The Hacker News.

Commentary

This is the attack vector security teams have been warning about since ChatGPT went mainstream. Employees paste proprietary code, internal documents, and strategic plans into AI chat interfaces every day — and now attackers have found a way to intercept all of it at scale through the browser extension supply chain.

The 900,000 installs across 20,000 enterprise environments means this wasn’t a fringe attack — it was industrial-scale espionage disguised as productivity tools. The real damage isn’t just the data stolen; it’s the impossible audit trail. How do you determine what proprietary information was leaked through casual AI conversations over weeks or months? For enterprises, this should be the final push to implement browser extension allowlists and deploy managed AI interfaces rather than letting employees install whatever AI tools catch their eye in the Chrome Web Store.