Malicious Ad Blocker Extensions Secretly Recorded AI Chats From 90,000 Users
Two browser extensions promoted as ad blockers have been accused of secretly collecting private AI chatbot conversations from roughly 90,000 users. The campaign, uncovered by security researchers at MalExt Sentry on June 13, 2026, has been named PromptSnatcher.
At first glance, the extensions appeared to do what they promised: block online advertisements. But behind the scenes, they allegedly captured full conversations from popular AI platforms, including ChatGPT, Gemini, Claude, Copilot, Perplexity, DeepSeek, Grok, and Meta AI.
The two extensions identified in the report are Smart Adblocker, with around 80,000 users, and Adblock for Browser, with around 10,000 users. Researchers found that both extensions relied on the same hidden infrastructure and data collection system, internally referred to as Panel 231.
What made the campaign especially deceptive is that the extensions did not behave like obvious malware. They used public ad-blocking filter lists to genuinely remove ads, helping them appear legitimate to users. At the same time, they hid their data collection behind a vague “Enhanced Protection” option, without clearly telling users that their AI chats could be monitored.
According to the findings, the extensions were designed to intercept data directly from AI chatbot websites. They could capture entire prompts and responses, storing up to 10,000 characters from user prompts and up to 30,000 characters from AI-generated replies.
The extensions also collected details about which AI model a person used and whether the user appeared to have a paid subscription. All of this information was then sent to servers controlled by the extension developers.
Although Meta AI was not initially included in the extension’s code, researchers warned that it could be activated later through remote configuration. That means the extensions had the ability to expand their tracking behavior without requiring users to install a visible update or grant new permissions.
The privacy risks are serious. Many people use AI chatbots for deeply personal or confidential topics. Conversations can include medical questions, financial concerns, legal issues, job applications, business strategies, passwords, internal company information, or private personal details.
Users often assume that typing into an AI chatbot is similar to having a private conversation with a digital assistant. This case shows how dangerous that assumption can be when a browser extension has broad access to websites and web traffic.
The situation is even more concerning because the Firefox versions of the extensions reportedly claimed that no data was being collected, while researchers say the opposite was happening. That kind of misleading privacy statement can give users a false sense of security and make the extension appear safer than it really is.
Anyone who has installed Smart Adblocker or Adblock for Browser should remove the extension immediately. It is also a good time to review every browser extension installed on Chrome, Firefox, Edge, or any other browser you use.
Pay close attention to extensions that request permission to read or change data on all websites. That level of access can be extremely powerful. If you do not recognize an extension, no longer use it, or cannot verify that it comes from a trustworthy developer, it is safer to remove it.
For ad blocking, users should choose reputable, transparent, and widely trusted tools, especially open-source options with a long track record. Avoid installing extensions with generic names, vague privacy policies, suspicious permissions, or little information about the developer.
This incident is also a reminder to be careful with what you share in AI chats. Even when using well-known AI platforms, browser extensions, workplace monitoring tools, compromised devices, or third-party scripts can create unexpected privacy risks.
As a rule, do not enter passwords, government identification numbers, private financial data, confidential company documents, or sensitive personal details into AI chatbots unless you are certain the environment is secure and approved for that purpose.
The PromptSnatcher case shows that even ordinary-looking browser tools can become a gateway for large-scale data collection. Ad blockers, coupon finders, grammar tools, screenshot utilities, and other extensions may seem harmless, but if they can access every website you visit, they may also be able to see far more than you expect.
Keeping your browser clean, limiting extension permissions, and treating AI conversations as only semi-private can help reduce the risk of your sensitive information ending up in the wrong hands.



