Malicious AI Assistant Extensions Harvest LLM Chat Histories
Summary
Malicious Chromium-based browser extensions impersonating legitimate AI assistant tools have been installed approximately 900,000 times and are actively collecting LLM chat histories (conversations with AI systems like ChatGPT), URLs, and sensitive browsing data across more than 20,000 enterprise organizations. These extensions were distributed through the Chrome Web Store using convincing AI-themed names and descriptions, exploiting users' trust in productivity tools and overly permissive browser extension permissions to harvest proprietary code, internal workflows, and confidential information at scale.
Classification
Affected Vendors
Related Issues
Original source: https://www.microsoft.com/en-us/security/blog/2026/03/05/malicious-ai-assistant-extensions-harvest-llm-chat-histories/
First tracked: March 5, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 92%