Microsoft security researchers say malicious browser extensions impersonating AI assistant tools have spread to roughly 900,000 installs, quietly harvesting chat data and browsing activity from users.
Microsoft Defender investigators say the extensions specifically target the rapidly growing ecosystem of AI productivity tools embedded inside Chromium-based browsers such as Google Chrome and Microsoft Edge.
The campaign is designed to exploit the surge in AI-assisted workflows, where employees regularly interact with platforms like ChatGPT and DeepSeek directly inside their browser.
Microsoft says the malicious tools are distributed through the Chrome Web Store and present themselves as legitimate AI productivity extensions, using familiar branding and interface patterns modeled after real tools. According to Microsoft Defender telemetry, the activity has been observed across more than 20,000 enterprise tenants, where employees frequently use AI assistants while working with sensitive corporate information.
“The extensions collected full URLs and AI chat content from platforms such as ChatGPT and DeepSeek, exposing organizations to potential leakage of proprietary code, internal workflows, strategic discussions and other confidential data.”
The campaign also relied heavily on social engineering and user trust.
Researchers found that the criminals studied legitimate AI extensions, such as AITOPIA, and copied their branding, permissions prompts, and interaction patterns to make the tools appear authentic.
In some cases, Microsoft says automated agentic browsers even installed the extensions automatically because the descriptions appeared legitimate.
“User familiarity with installing AI sidebar tools, combined with permissive enterprise extension policies, allowed the extension to reach a broad audience.”
Once installed, the extension could continue collecting data indefinitely. The malicious tools collected information locally before transmitting it periodically to an external infrastructure, creating a persistent data pipeline from infected browsers.
“The extension was designed to passively observe user activity, collecting visited URLs and segments of AI-assisted chat content generated during normal browser use.”
By quietly gathering prompts, responses, and browsing activity tied to AI platforms, the attackers could gain long-term visibility into corporate workflows and internal systems.
Microsoft warns that the campaign demonstrates how browser extensions tied to AI tools are emerging as a new attack surface for enterprise data theft.
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.