![]() |
| Symbolic image: Two browser extensions masquerading as ad blockers secretly record AI chats. |
Security researchers uncover "PromptSnatcher" campaign quietly harvesting conversations from ChatGPT, Gemini, and other AI platforms
In a startling discovery that has sent shockwaves through the cybersecurity community, two widely-used browser extensions posing as legitimate ad blockers have been covertly logging the AI conversations of approximately 90,000 unsuspecting users. Security researchers at MalExt Sentry uncovered the campaign on June 13, 2026, dubbing it PromptSnatcher – and the implications are nothing short of alarming.
While the extensions do indeed block advertisements as promised, they simultaneously operate a hidden data collection engine that captures users' entire conversations with eight major AI platforms, including industry giants ChatGPT and Gemini. The breach represents one of the most significant privacy violations involving AI interactions to date.
The two extensions behind the breach
The malicious extensions identified by researchers are "Smart Adblocker" (extension ID iojpcjjdfhlcbgjnpngcmaojmlokmeii), which has approximately 80,000 users, and "Adblock for Browser" (ID jcbjcocinigpbgfpnhlpagidbmlngnnn), with roughly 10,000 users. Both extensions leverage the same infrastructure and a hidden data engine that researchers internally refer to as "Panel 231."
What makes these extensions particularly deceptive is their sophisticated approach to evasion. They block real advertisements using public filter lists, maintaining the appearance of legitimate functionality. To further conceal their true purpose, they present users with a seemingly innocuous consent option labeled "Enhanced Protection" – without ever mentioning that AI conversations would be collected.
How the extensions capture your private AI conversations
The built-in data engine specifically targets eight AI platforms: ChatGPT, Gemini, Claude, Copilot, Perplexity, DeepSeek, Grok, and Meta AI. By tapping directly into these websites' data traffic, the extensions capture entire conversations, storing up to 10,000 characters for prompts and up to 30,000 characters for responses.
The level of detail being harvested is staggering. The extensions also track which specific AI model you're using and whether you have a paid subscription – valuable intelligence that could be used for targeted attacks or sold on data markets. All collected data is transmitted to the developers' servers, creating a comprehensive database of users' most private digital interactions.
For detailed technical analysis and complete indicators of compromise, you can access MalExt Sentry's full report on PromptSnatcher here.
Why this poses such a significant threat
AI conversations often contain highly sensitive personal and professional information. Users frequently turn to platforms like ChatGPT and Gemini for assistance with:
- Health-related questions and medical concerns
- Financial planning and investment strategies
- Job applications and resume writing
- Company-internal information and trade secrets
- Passwords and authentication details
The assumption that these conversations would remain private is the very vulnerability these extensions exploit. One particularly insidious detail uncovered by researchers is that the Firefox versions of these extensions explicitly claim no data is being collected – while simultaneously doing the exact opposite.
What you should do immediately
If you have either "Smart Adblocker" or "Adblock for Browser" installed, remove them immediately. Here are four essential steps to protect yourself:
1. Audit your browser extensions
Check your installed extensions and remove any you don't recognize or need. Pay special attention to extensions that request permission to "read and change all your data on websites you visit."
2. Choose reputable ad blockers
When it comes to ad blocking, stick to well-known, open-source solutions with transparent development practices. Popular choices include uBlock Origin and AdGuard, both of which have undergone extensive security scrutiny.
3. Review extension permissions
Regularly review which extensions have access to all websites versus those with limited permissions. The principle of least privilege applies to browser extensions as much as it does to any other software.
4. Treat AI chats as semi-private services
Never enter passwords, identification details, or sensitive company information into AI platforms that you wouldn't reveal to a stranger. While the platforms themselves implement security measures, the ecosystem of extensions and third-party tools can expose your data in unexpected ways.
Source : MalExt Sentry: PromptSnatcher Report,Cyber Security News
