Malicious Browser Add-Ons Target Major AI Chatbot Users

**Executive Summary:** Malicious Chrome extensions have been actively intercepting and exfiltrating user conversations and metadata from major AI platforms (ChatGPT, Claude, Copilot, Gemini, DeepSeek, etc.) by injecting JavaScript, observing DOM mutations or overriding fetch/XHR, encoding payloads (commonly Base64) and sending them to attacker-controlled endpoints; the report cites specific examples (Urban VPN, Smart Sidebar), outlines recurring TTPs and persistence techniques, and provides mitigation guidance for users and defenders.