Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Google's discovery of two malicious Chrome extensions stealing ChatGPT and DeepSeek conversations from 900,000 users highlights a significant threat to user data and website security. The fact that these extensions were able to exfiltrate sensitive information, including browsing data and AI chat logs, raises concerns about the potential for AI-powered bots to exploit similar vulnerabilities. This news has significant implications for website owners, as it underscores the importance of monitoring and managing AI bot traffic on their sites. With the rise of AI-powered tools like ChatGPT, website owners must be vigilant about potential security risks, including malicious extensions that can compromise user data. Website owners who use ChatGPT or similar AI tools on their sites must ensure that they are taking adequate measures to protect user conversations and browsing data from being intercepted by malicious actors. To mitigate these risks, website owners can take several steps: (1) regularly review and update their llms.txt files to ensure that only authorized AI bots have access to their sites, (2) implement robust security protocols to detect and prevent malicious extensions from exfiltrating sensitive data, and (3) educate their users about the potential risks of using AI-powered tools and the importance of using reputable and secure browser extensions.