What Happens to Your AI Prompts After You Hit Enter?

‘Spilling the Beans’: What Really Happens to Your AI Prompts After You Hit Enter

What begins as a simple search for privacy can quietly turn into something else entirely. A free VPN extension promoted as a security tool on Google’s Chrome Web Store is now under scrutiny after researchers alleged it was harvesting user interactions with popular artificial intelligence platforms, blurring the line between convenience software and large-scale data surveillance.

The extension, Urban VPN Proxy, has been installed by an estimated six million users. Its prominence was reinforced by a “featured” label on the Chrome Web Store, a marker many users associate with trust and basic vetting. That trust, cybersecurity researchers argue, may have been misplaced.

Security researchers at Tel Aviv–based firm Koi Security have alleged that Urban VPN Proxy operates beyond the expected scope of a virtual private network. According to their findings, the extension embeds background scripts that actively monitor user activity across web-based AI tools, including OpenAI’s ChatGPT, Anthropic’s Claude, Google’s Gemini, DeepSeek, and xAI’s Grok.

The data collected is not limited to technical usage patterns. Researchers say it can include personal concerns, financial questions, medical queries, and even proprietary code entered into AI chat interfaces. In a public warning, a Koi researcher advised users to assume that any AI conversations conducted since mid-2025 may have been captured and shared onward.

Unlike conventional VPN services that focus on encrypting internet traffic, the extension’s data collection reportedly continues regardless of whether the VPN function is switched on or off. Investigators found no in-app option that allows users to disable this behaviour. The only way to stop the data extraction, they said, is to uninstall the extension entirely.

Privacy advocates say this design removes meaningful user choice. Many users install browser extensions expecting narrow functionality, not continuous monitoring of conversations — particularly when those conversations involve AI tools increasingly used for sensitive personal and professional decision-making.

Urban VPN Proxy is operated by Urban Cyber Security Inc. Its privacy policy states that browsing data may be shared with an affiliated company, BiScience, described as a data brokerage firm that converts raw data into commercially valuable insights shared with business partners. Researchers argue that this structure effectively turns user activity into a monetisable data stream.

The practice does not appear to be isolated. Reports indicate that several other browser extensions published by the same company use similar AI data collection mechanisms, collectively reaching millions more users. Most of these extensions also carry a “featured” designation on the Chrome Web Store, raising questions about how effectively platforms assess privacy risks before promoting tools to a mass audience.

The controversy has renewed debate over platform oversight. While extension listings disclose data practices in formal documentation, critics say dense language and broad permissions often fail to convey the real-world implications to users. Statements that data is not sold outside “approved use cases,” they argue, can mask extensive internal data sharing arrangements.

As AI systems become embedded in daily work, health research, financial planning, and business decisions, conversational data has emerged as a high-value asset. Experts note that cases like this highlight the need for stronger governance around digital tools, whether users are managing sensitive information locally or structuring regulated operations such as business setup in Dubai, where data compliance frameworks are clearly defined.

The issue also underscores the role of independent oversight and record transparency. Robust auditing services in India and disciplined data documentation practices, similar to professional bookkeeping services in India, are increasingly viewed as essential safeguards in an ecosystem where digital convenience often comes at hidden cost.

For users, the episode reinforces an old internet lesson, reframed for the AI era: when a privacy tool is free, the most valuable thing being exchanged may not be bandwidth or speed, but the conversation itself.