Secure Annex reports show Chrome extensions mimicking legitimate tools secretly collecting user prompts and AI responses via API interception or DOM scraping.

Dozens of incidents have been documented where Chrome extensions covertly gather AI usage data through methods like DOM scraping or API interception and send stolen conversations to attacker-controlled servers.

Security teams emphasize identifying workflow gaps that push users toward unsafe extensions and monitoring for suspicious activity to reduce reliance on risky tools.

Collected data can include corporate data and PII, creating regulatory, financial, and reputational risks for organizations and individuals.

Overall, prompt poaching highlights the need for vigilant security practices as AI tools become more integrated into daily workflows.

Extensions with broad permissions can read page content, monitor activity across tabs, and interact with other tabs, turning legitimate productivity tools into data exfiltration channels.

A new attack vector called 'prompt poaching' involves malicious browser extensions that covertly harvest AI chat data by monitoring AI-related browser sessions and exfiltrating prompts and responses in real time.

Risks are heightened in enterprise environments where stolen AI conversations could reveal IP, internal communications, or customer data, with attackers potentially reusing data for targeted phishing or underground sales.

Mitigations include restricting installation of unapproved extensions, enforcing policies via browser management tools, using official AI tools from trusted vendors, scrutinizing permissions, and auditing installed extensions for unusual outbound connections.

Threat actors often use supply-chain or clone-and-modify strategies, duplicating legitimate extensions or compromising popular ones to harvest conversations without user awareness.

In at least one case, a legitimate extension was retrofitted with AI conversation harvesting capabilities after deployment, affecting existing users.

As AI adoption grows, the attack surface expands, underscoring the need for stricter controls and awareness around browser-based AI integrations.