Urban VPN Chrome Extension Secretly Harvests Millions of AI Chatbot Conversations

The event involves AI systems (ChatGPT, Gemini, Claude, etc.) whose user interactions are intercepted by malicious or deceptive browser extensions. These extensions collect and sell sensitive AI chat data without meaningful user consent, constituting a violation of privacy rights and data protection laws. This is a direct harm caused by the misuse of AI-related data and the extensions' design, fulfilling the criteria for an AI Incident under violations of human rights and legal obligations. The harm is realized, not just potential, as data has been harvested and sold for profit.

The event explicitly involves an AI system context—user interactions with AI chatbots like ChatGPT and Gemini—and the malicious Chrome extension intercepts these AI-generated conversations. The extension's development and use directly led to harm by violating user privacy and data protection rights, fulfilling the criteria for an AI Incident. The harm is realized (data exfiltration and sale), not just potential, and the AI system's outputs are central to the incident. Hence, it is not merely a hazard or complementary information but a clear AI Incident.

The event explicitly involves AI systems (ChatGPT, Anthropic Claude, Microsoft Copilot, etc.) whose prompts and responses are harvested by the extension. The extension's use and data collection practices directly lead to violations of user privacy and potentially other rights, fulfilling the criteria for harm under human rights violations. The AI system's involvement is clear and central to the harm, as the data collected relates to AI prompts and outputs. Hence, this is an AI Incident rather than a hazard or complementary information.

The event describes a malicious use of an AI-related system (AI chatbots) where an AI-adjacent tool (the browser extension) collects and sells users' AI chatbot conversation data without consent. This constitutes a violation of privacy rights and data protection laws, which falls under harm category (c) - violations of human rights or breach of obligations under applicable law. The AI system's role is pivotal because the data collected is specifically AI chatbot conversation data, and the extension's script injection targets AI chatbot pages. The harm is realized, not just potential, as users' private AI interactions are being stolen and sold. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves the use of an AI system (AI chat platforms) whose data was intercepted by a malicious AI-related tool (VPN extension injecting scripts to capture AI conversations). This interception directly led to harm in the form of privacy violations and unauthorized data collection and sale, which are breaches of fundamental rights and data protection laws. The harm is realized, not just potential, and the AI system's role is pivotal as the stolen data are AI conversations. Therefore, this qualifies as an AI Incident.

The event involves an AI system indirectly because the intercepted data are AI chatbot interactions (prompts and responses). The malicious use of an AI-related browser extension to siphon this data without user consent leads to a violation of fundamental rights, specifically privacy rights. This harm has already occurred, as data collection has been ongoing since July 2025 without user knowledge or consent. Therefore, this qualifies as an AI Incident due to the realized violation of rights caused by the AI system's misuse.

The event involves an AI system (chatbots) whose user interactions are being covertly collected by a malicious AI-related tool (the Chrome extension). The extension's development and use directly lead to harm by violating user privacy and data rights, which falls under violations of human rights and breaches of applicable law. The harm is realized, not just potential, as millions of users have been affected. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves an AI system (conversational AI platforms) whose data is intercepted by a malicious AI-related tool (the VPN extension). The extension's development and use have directly led to a breach of users' privacy and unauthorized data collection, which constitutes a violation of fundamental rights. The harm is materialized (8 million conversations stolen), and the AI system's role is pivotal as the intercepted data is generated by AI conversations. Hence, this is an AI Incident rather than a hazard or complementary information.

The event describes browser extensions that intercept and exfiltrate AI chatbot conversations from users without clear, informed consent, violating privacy rights and potentially legal obligations. The AI systems (chatbots) are explicitly involved, and the extensions' misuse of AI interaction data directly harms users' privacy and rights. The harm is realized and affects millions, meeting the criteria for an AI Incident due to violation of rights and privacy through the use of AI systems and their data.

The event involves an AI system (AI chatbots) whose data is being harvested by a browser extension without clear user consent, leading to privacy violations affecting millions of users. This constitutes a breach of fundamental rights related to privacy and data protection, fitting the definition of an AI Incident. The harm is realized and ongoing, not merely potential, and the AI system's role is pivotal as the data collected comes directly from AI chatbot interactions. The extension's behavior leads to direct harm to users' privacy and trust, fulfilling the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system explicitly (AI chatbots like ChatGPT) and describes a malicious use of a browser extension that intercepts and collects AI conversation data without consent, leading to a large-scale privacy violation. This is a direct harm to users' rights and privacy, fulfilling the criteria for an AI Incident. The AI system's role is pivotal as the intercepted data are generated by AI chatbots, and the harm arises from the misuse of these AI interactions. The scale and nature of the harm (privacy breach, data theft) are significant and clearly articulated.

The event describes the use of an AI-related browser extension that intercepts and collects AI chat conversations without user consent, leading to violations of privacy and data protection rights. The AI system's involvement is explicit as the extension targets AI chat platforms and captures their content. The harm is realized and direct, as sensitive personal data is harvested and shared with third parties, constituting a breach of fundamental rights and privacy. Therefore, this qualifies as an AI Incident under the framework, specifically under violations of human rights and breach of obligations intended to protect fundamental rights (privacy).

The event involves an AI system (AI chatbots like ChatGPT and Claude) whose data is being intercepted and collected by an AI-related tool (Urban VPN extension) without user consent. This misuse directly leads to harm in the form of violations of privacy and potentially breaches of legal rights, fulfilling the criteria for an AI Incident. The harm is realized, not just potential, as millions of users' private AI conversations have been harvested and monetized. The involvement of AI systems is explicit, and the harm is significant and clearly articulated, including breaches of fundamental rights to privacy and data protection. Hence, the classification as AI Incident is appropriate.

The event involves an AI system indirectly because the malicious extension targets AI chatbots and intercepts their conversations. The harm caused is a violation of human rights, specifically privacy rights, through unauthorized data collection and sale. This harm has already occurred, as users' sensitive AI conversations have been harvested and sold. Therefore, this qualifies as an AI Incident due to the realized harm linked to the AI system's use and exploitation.

The event involves the use of AI systems (AI chatbots) and the interception of their data by a browser extension that manipulates browser APIs to capture sensitive AI interaction data. This unauthorized data exfiltration constitutes a violation of user privacy and likely breaches data protection and fundamental rights related to informational privacy. The harm is realized as users' private AI chatbot conversations are intercepted and shared without consent, which is a violation of human rights and applicable laws protecting privacy. Therefore, this qualifies as an AI Incident due to the direct harm caused by the misuse of AI system data.

The Urban VPN Proxy extension involves AI systems as it interacts with AI platforms and captures AI prompts entered by users. The malicious data harvesting and transmission constitute a misuse of the AI system's use, directly causing harm to users' privacy and rights. The scale of the breach and the nature of the data collected indicate a clear violation of user rights and privacy, fulfilling the criteria for an AI Incident under violations of human rights and harm to communities. Therefore, this event is classified as an AI Incident.

The event involves the use of automated scripts within a browser extension to intercept and collect data from AI platforms, which qualifies as an AI system's misuse leading to harm. The harm includes violations of privacy rights and unauthorized data collection and sharing, which fall under violations of human rights and legal obligations protecting personal data. The involvement of AI platforms and the automated data interception scripts meets the criteria for an AI Incident because the development and use of these AI systems have directly led to harm through data breaches and privacy violations. Therefore, this event is classified as an AI Incident.

The event involves AI systems explicitly (AI chat platforms) and describes the misuse of their conversation data by browser extensions that intercept and sell this data without proper user consent. This misuse directly leads to harm in the form of privacy violations and breaches of user rights, fulfilling the criteria for an AI Incident. The extensions' actions have already caused harm to millions of users, and the data includes highly sensitive personal information. Therefore, this is not merely a potential hazard or complementary information but a clear AI Incident involving violations of rights and harm to users.

The event involves an AI system (AI chatbots like ChatGPT and Gemini) whose user interactions were intercepted by an AI-related tool (the Chrome extension) that used AI platform-specific scripts to harvest data. The unauthorized collection and sale of this data directly violates user privacy rights, constituting harm under the framework's category of violations of human rights or breach of obligations protecting fundamental rights. The harm is realized, not just potential, as millions of users were affected without consent. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.

The extensions explicitly collect AI conversation data from multiple AI platforms and share it commercially without clear informed consent, constituting a violation of privacy rights and legal protections. The AI system's role is pivotal as the data collected relates directly to AI interactions, and the extensions use AI-specific scripts to capture this data. The harm is realized, as sensitive user data has been collected and sold, impacting user privacy and potentially violating laws. This meets the criteria for an AI Incident involving violations of human rights or legal obligations.

The event involves an AI system (the Chrome extension intercepting AI chat conversations) whose use has directly led to harm in the form of privacy violations and unauthorized data sharing, which are breaches of fundamental rights and legal obligations. The scale (millions of users) and sensitivity of the data (full AI conversations) confirm significant harm. The extension's malicious update enabling data harvesting after initial legitimate use further supports classification as an AI Incident rather than a hazard or complementary information.

The Urban VPN extension uses AI-related scripts to capture AI chat conversations across multiple platforms without user consent, even when the VPN is disabled. This unauthorized data collection directly leads to harm by exposing sensitive personal and corporate information, violating privacy rights and potentially breaching legal protections. The involvement of AI systems in intercepting and exporting data is explicit and central to the harm. The scale of data collected and the bypassing of corporate security controls further underline the severity of the incident. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (AI chat platforms) and an AI-related tool (the Chrome extension) that intercepts and collects user inputs and outputs from these AI systems without consent. This unauthorized data collection harms users' privacy rights, a recognized human rights violation. The extension's use and its malicious behavior directly caused this harm. Hence, it meets the criteria for an AI Incident due to the realized harm (privacy violation) linked to the AI system's use and malfunction (the extension's covert data collection).

The event involves AI systems explicitly, as the extensions intercept conversations with AI chatbots from multiple platforms. The extensions' development and use directly led to harm by violating users' privacy and potentially breaching data protection laws, which are legal obligations protecting fundamental rights. The harm is realized, not just potential, as data was collected and sold without consent. This fits the definition of an AI Incident because the AI system's use led to violations of human rights and legal obligations. The involvement of AI is central, and the harm is significant and clearly articulated.

The event involves AI systems explicitly, as it concerns AI chatbots and the interception of their conversation logs by browser extensions. The extensions' development and use directly lead to violations of user privacy and rights, which is a breach of fundamental rights and legal obligations. The harm is realized, affecting millions of users, and the AI system's role is pivotal since the data harvested are AI chat logs. Therefore, this qualifies as an AI Incident due to the direct harm caused by misuse of AI-related data.

The event involves the use of AI systems (ChatGPT and other AI chatbots) whose user interactions are intercepted and sold without consent, constituting a violation of privacy rights and data protection laws. The harm is realized as users' sensitive information is harvested and sold, impacting their rights and privacy. The AI system's involvement is indirect but pivotal, as the data collected comes from AI conversations. This fits the definition of an AI Incident due to violations of human rights and legal obligations related to data privacy.

The event involves the use of AI systems (ChatGPT, Gemini, Claude, Microsoft Copilot, etc.) whose conversations are intercepted and stolen by a malicious AI-enabled browser extension. The harm is realized as a violation of privacy and intellectual property rights through unauthorized data collection and sale. The AI system's outputs and user inputs are compromised, leading to direct harm to users. Therefore, this qualifies as an AI Incident due to the direct harm caused by the malicious use of AI system interactions.

The event involves AI systems explicitly: AI chat platforms (ChatGPT, Gemini, etc.) and an AI-based risk engine used to detect the breach. The malicious browser extensions collect and analyze AI-generated chat data without consent, constituting a violation of fundamental rights (privacy and data protection). This is a direct harm caused by the use and misuse of AI systems and their data, affecting millions of users globally. Therefore, this qualifies as an AI Incident due to violations of human rights and privacy breaches directly linked to AI system use and misuse.

The AI systems involved are the AI chatbots (ChatGPT and Gemini) whose conversations are being intercepted by malicious AI-related browser extensions. The harm arises from violations of user privacy and potentially breaches of data protection laws, which constitute violations of human rights and legal obligations. Although the AI chatbots themselves are not malfunctioning, the malicious use of AI-related tools (browser extensions) directly leads to harm. Therefore, this qualifies as an AI Incident due to realized harm from the use of AI systems and associated malicious tools.

The event involves AI systems explicitly (AI chat platforms) and AI-based tools (risk engine) used to analyze and exfiltrate user conversations. The unauthorized data collection and sale directly harm users' privacy and violate legal protections, fulfilling the criteria for an AI Incident under violations of human rights and legal obligations. The harm is realized, affecting millions of users, not merely a potential risk. Hence, the classification as AI Incident is appropriate.

The event involves the use and misuse of AI systems (ChatGPT, Claude, Gemini) where user conversations are collected without consent via a browser extension that injects scripts to capture data. This unauthorized data collection and sale constitute a violation of users' rights, including privacy and data protection, which falls under violations of human rights and legal obligations. The harm is realized as millions of users' private AI interactions have been exposed and sold, making this an AI Incident. The AI system's role is pivotal as the data collected are AI-generated conversations, and the breach directly harms users' privacy and rights.

The event involves AI systems explicitly (AI chat platforms) and the misuse of data generated by these systems through browser extensions that collect and sell user conversations without consent. This constitutes a violation of users' rights and privacy, which falls under harm category (c) - violations of human rights or breach of obligations under applicable law protecting fundamental rights. The harm is realized and affects millions of users, making this an AI Incident rather than a hazard or complementary information. The AI system's role is pivotal as the data collected are AI-generated conversations, and the extensions exploit this data for unauthorized purposes.

The event involves AI systems (ChatGPT, Google Gemini) as the context in which private data is generated, but the harm (privacy breach and unauthorized data sale) is caused by malicious browser extensions that intercept AI conversations. The AI systems themselves are not malfunctioning or misused by their developers; the harm stems from third-party malicious software exploiting AI interactions. This constitutes an AI Incident because the AI systems' use is directly linked to realized harm (privacy violations), even if indirectly, through the malicious extensions. The harm is a violation of privacy rights, fitting the definition of an AI Incident under violations of human rights or breach of obligations protecting fundamental rights.

The event involves the use of AI systems (AI chat platforms) and browser extensions that intercept and collect AI conversation data without user consent, leading to a large-scale privacy violation affecting millions. This is a direct harm to users' rights and privacy, fulfilling the criteria for an AI Incident under violations of human rights or legal obligations. The extensions' deceptive practices and unauthorized data collection constitute a clear breach of obligations intended to protect fundamental rights. Hence, the classification as AI Incident is appropriate.

The event involves AI systems explicitly: the extensions intercept and collect AI chat conversations, and an AI-based risk engine was used to detect these malicious behaviors. The misuse of AI in this context directly leads to a violation of users' privacy rights, which is a breach of fundamental rights under applicable law. The harm is realized, affecting over 8 million users, and involves unauthorized data collection and sale. Therefore, this qualifies as an AI Incident due to direct harm caused by the development and use of AI systems in a way that breaches rights and harms users.

The event explicitly involves an AI system component (scripts interacting with large language model chatbots) that collects and exfiltrates sensitive user data without proper consent, directly leading to a violation of privacy rights and data protection obligations. The harm is realized, affecting millions of users, and the AI system's role is pivotal in enabling this mass data breach. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves AI systems (ChatGPT, Gemini, Claude, Grok, DeepSeek) whose user interactions were intercepted by an AI-related tool (a Chrome extension) that collected and sold private conversations without proper user consent. This misuse of AI-generated data directly led to a violation of users' privacy and potentially other rights, fulfilling the criteria for an AI Incident under violations of human rights or breach of legal obligations. The harm is realized, not just potential, as private data was stolen and sold. The AI system's role is pivotal because the intercepted data originates from AI interactions, and the harm stems from the misuse of these AI-generated outputs. Hence, the classification is AI Incident.

The event involves AI systems explicitly (ChatGPT, Gemini, Claude, and others) whose user interactions were collected without consent via browser extensions. This unauthorized data collection and sharing constitutes a violation of privacy rights, a breach of legal protections for personal data, and thus a violation of human rights under the framework. The harm is realized and direct, as users' sensitive conversations were exposed and exploited for marketing. Therefore, this qualifies as an AI Incident.

The event involves AI systems explicitly (various AI chatbots) and describes a direct harm: the unauthorized collection and sharing of sensitive user data from AI conversations, violating privacy rights. The misuse of browser extensions to capture and transmit these conversations constitutes a breach of obligations intended to protect fundamental rights. Since the harm has already occurred and is significant, this qualifies as an AI Incident rather than a hazard or complementary information.

The event involves AI systems explicitly (conversational AI chatbots) and describes how browser extensions intercept and collect users' AI conversations without proper consent, leading to violations of privacy rights and data protection laws. The misuse of AI data here causes direct harm to users' fundamental rights, fitting the definition of an AI Incident under violations of human rights or breach of obligations intended to protect fundamental rights. The harm is realized (millions of conversations already collected), not just potential, so this is not merely a hazard or complementary information. Therefore, the classification is AI Incident.

The event involves AI systems explicitly (popular AI chatbots) and describes malicious use of an AI-related system (browser extensions intercepting AI chatbot conversations). The unauthorized interception and exfiltration of conversations and personal data directly harm users' privacy and violate legal protections. This fits the definition of an AI Incident because the development and use of these extensions have directly led to violations of human rights and breaches of applicable law protecting privacy and fundamental rights. The harm is ongoing and realized, not just potential.

The event involves the development and planned deployment of AI-powered humanoid robots for military and industrial use, with human oversight but significant AI autonomy in operation. The article highlights plausible future harms, including increased risk of armed conflict and associated physical harm, due to the lowered threshold for use of force enabled by these robots. Since no actual harm has yet occurred but the potential for significant harm is credible and directly linked to the AI system's development and use, this qualifies as an AI Hazard under the OECD framework.

The event involves an AI system (the AI chatbots) whose interactions are intercepted by an AI-enabled browser extension that collects and sells sensitive user data without consent. This constitutes a violation of privacy rights and legal obligations, a form of harm to individuals. The misuse of AI systems for unauthorized data harvesting and sale is a direct cause of harm. Therefore, this qualifies as an AI Incident due to realized harm linked to AI system misuse and privacy violations.

The event involves AI systems explicitly (chatbots like ChatGPT and others) whose user interactions were intercepted and sold without consent, leading to violations of privacy and data protection rights. The misuse of AI-generated conversation data has directly led to harm by compromising users' private information and violating legal and fundamental rights. The presence of AI systems is clear, the misuse of data is confirmed, and the harm is realized, fulfilling the criteria for an AI Incident rather than a hazard or complementary information.

The event involves AI systems explicitly (generative AI chatbots) and describes how malicious browser extensions intercept and record user interactions with these AI systems, leading to unauthorized data collection and privacy violations. The harm is direct and significant, affecting millions of users' sensitive information, which constitutes a violation of fundamental rights and privacy. The AI system's role is pivotal as the intercepted data are AI-generated conversations. Hence, this is an AI Incident rather than a hazard or complementary information.

The event explicitly involves AI systems (chatbots) and the misuse of data generated through their use. The extension's automatic collection and sharing of user inputs and metadata without informed consent directly leads to violations of privacy and potentially other rights. This harm is realized, not merely potential, as the data collection is ongoing and affects millions of users. The involvement of AI systems is clear, and the harm fits within the scope of violations of human rights and privacy protections. Hence, this is classified as an AI Incident.

The event involves an AI system (chatbots like ChatGPT) whose user interactions are intercepted and sold without consent by a malicious AI-related tool (the VPN extension with hidden scripts). This leads to violations of privacy and data rights, which fall under violations of human rights and legal protections. The harm is realized, not just potential, as millions of users' sensitive AI conversations have been compromised and sold. The AI system's involvement is indirect but pivotal, as the harm arises from the misuse of AI-generated conversations. Hence, this is classified as an AI Incident.

The event explicitly involves AI systems (chatbots) whose conversations are intercepted and stolen by malicious browser extensions. The misuse of these AI systems' outputs leads to direct harm to users' privacy and potentially breaches legal protections, constituting violations of human rights and legal obligations. The involvement of AI systems is clear, and the harm is realized, not just potential. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves an AI system (chatbots like ChatGPT) whose conversations are intercepted and sold by a malicious Chrome extension. The extension's scripts capture user inputs to AI chatbots, including sensitive information, and sell this data, violating user privacy and potentially breaching legal protections. The AI systems are indirectly involved as the source of the intercepted data, and the harm (privacy violation) is realized. This fits the definition of an AI Incident because the AI system's use has directly led to harm through the extension's data harvesting. The event is not merely a potential risk (hazard) nor a complementary information update, but a concrete incident of harm involving AI systems.

The event involves an AI system indirectly because it concerns user interactions with AI chat assistants (AI systems) whose data is being collected by the extension. The harm relates to violations of user privacy and potentially breaches of data protection rights, which fall under violations of human rights or legal obligations protecting fundamental rights. Since the AI system's outputs and inputs are being harvested and shared without adequate safeguards, this constitutes an AI Incident due to realized harm to user privacy and rights. The event is not merely a potential risk but an ongoing harm affecting millions of users.

The event involves AI systems (chatbots) whose interactions are being intercepted by a malicious AI-related tool (the browser extension). The unauthorized data capture directly harms users' privacy and violates rights, fulfilling the criteria for an AI Incident. The extension's behavior is not just a potential risk but an ongoing harm since data collection has been happening since July 2025 without user consent. Therefore, this is an AI Incident due to realized harm involving AI systems and violation of rights.

The event involves AI systems explicitly (chatbots) and describes a direct harm resulting from the unauthorized interception and sale of private conversations, which are sensitive and personal. This is a clear violation of privacy rights and data protection laws, fitting the definition of harm under violations of human rights and breach of legal obligations. The AI system's role is pivotal as the data collected comes from AI chatbot interactions. The harm is realized, not just potential, making this an AI Incident rather than a hazard or complementary information.

The event involves an AI system (chatbots like ChatGPT) whose conversations are intercepted by an AI-related tool (the browser extension) and the data is sold without user consent. This leads to violations of privacy rights and breaches of legal protections, which are harms under the AI Incident definition (violations of human rights or breach of legal obligations). The misuse of AI conversation data directly causes harm to users' privacy and trust, fulfilling the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (AI chatbots like ChatGPT) whose conversations are intercepted by an AI-enabled browser extension that collects and sells sensitive user data without consent. This constitutes a violation of human rights, specifically privacy rights, and breaches legal obligations regarding data protection. The harm is direct and realized, affecting millions of users. The AI system's involvement is clear as the extension targets AI chatbot conversations. Hence, this is an AI Incident rather than a hazard or complementary information.

The event explicitly involves AI systems (chatbots such as ChatGPT) whose conversations are intercepted by an AI-related tool (the browser extension) without user consent. The misuse of these AI interactions results in violations of privacy and data protection rights, which are human rights under applicable law. The harm is realized as data has been collected and sold, impacting millions of users. This meets the criteria for an AI Incident because the AI system's use (chatbots) is directly linked to the harm caused by the extension's interception and sale of data, violating users' rights.

The Urban VPN Proxy extension uses scripts to intercept conversations with AI chatbots, collecting sensitive personal data without user consent and selling it to third parties. This directly leads to violations of users' privacy and data protection rights, which are fundamental human rights. The AI system's role is pivotal as it enables the interception and collection of AI chatbot conversations. The harm is realized, not just potential, as data has been collected and sold. Hence, this is an AI Incident involving violations of human rights and privacy breaches caused by AI system misuse.

The event involves AI systems explicitly (multiple AI chatbots) whose conversations are intercepted by a malicious AI-related tool (the Chrome extension). The interception and sale of private conversations cause violations of privacy rights and legal obligations, which fall under harm category (c) violations of human rights or breach of applicable law. The harm is realized, not just potential, as millions of users' conversations have been collected and sold. Therefore, this qualifies as an AI Incident due to the direct link between AI system use and the resulting harm.

An AI system is involved indirectly as the extension intercepts conversations with AI chatbots, which are AI systems. The misuse of the extension's scripts to collect sensitive AI interaction data without consent leads to violations of user rights and privacy, which falls under violations of human rights and legal obligations protecting fundamental rights. The harm is realized as users' sensitive data is collected and shared without proper consent, constituting an AI Incident under the framework.

The event involves an AI system (chatbots like ChatGPT) whose conversations are intercepted by an AI-enabled browser extension. The extension's use leads directly to harm by violating users' privacy and potentially breaching legal protections. The harm is realized, not just potential, as data is actively collected and sold. This fits the definition of an AI Incident because the AI system's use (chatbots) is central, and the extension's operation causes violations of rights and harms users. The presence of multiple affected users and the scale of data collection further support this classification.

The event explicitly involves AI systems (AI chat platforms) and browser extensions that intercept and collect user interactions with these AI systems without proper disclosure or consent. This unauthorized data harvesting directly harms users by violating their privacy and potentially breaching legal protections related to personal data and user rights. The extensions' actions constitute misuse of AI system outputs and user data, fulfilling the criteria for an AI Incident due to realized harm (privacy violations) caused by the AI system's use and the extensions' malicious interception.

The Urban VPN Proxy extension uses AI-related executor scripts to intercept and capture conversations with AI chat platforms, which is an AI system involvement. The extension's malicious use of AI to harvest sensitive user data without consent has directly led to harms including privacy violations, exposure of medical and financial data, and risks of identity theft and fraud. The harm is realized and affects millions of users, meeting the criteria for an AI Incident. The event is not merely a potential risk or complementary information but a concrete case of AI misuse causing harm.

The event involves browser extensions that intercept and steal AI chatbot conversations, which are generated by AI systems. The extensions' actions directly lead to violations of user privacy and rights by collecting and selling sensitive AI chat data without explicit user consent. This misuse of AI system outputs causes realized harm to users' rights and privacy. The presence of AI systems (chatbots) is explicit, and the extensions' malicious use of these AI interactions causes the harm. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.

The event involves an AI-related system (the Chrome extension interacting with AI platforms like ChatGPT and others) that collects data from AI conversations in real time without proper user consent or control. This data collection and sharing with third parties constitutes a violation of user rights, specifically privacy rights, which falls under violations of human rights or breach of obligations under applicable law. The harm is realized as users' sensitive information has been collected and shared without adequate consent, affecting millions of users. Therefore, this qualifies as an AI Incident due to the direct harm caused by the AI system's use and data handling practices.

The event explicitly involves AI systems (ChatGPT, Claude, Gemini) whose conversations are harvested by malicious browser extensions. The harvesting and selling of personal chat data without consent directly violates privacy rights and applicable data protection laws, constituting harm to individuals. The AI system's outputs (user conversations) are exploited by the extensions, leading to realized harm. This fits the definition of an AI Incident as the development and use of AI systems have directly led to violations of human rights and privacy breaches.

The event involves AI systems explicitly (AI chatbots like ChatGPT) and describes the malicious use of browser extensions to intercept and sell AI conversation data, leading to violations of privacy and data protection rights. The harm is direct and realized, affecting millions of users, which fits the definition of an AI Incident. The extensions' development and use have directly led to breaches of fundamental rights and harm to communities through loss of privacy and trust. The event is not merely a potential risk or a complementary update but a concrete incident of harm caused by AI system misuse.

The event describes the use of AI chatbot platforms whose conversation data is intercepted by a browser extension and sold without user consent, constituting a violation of privacy rights and legal protections. The AI systems are explicitly involved as the source of the captured data. The harm is realized and direct, involving breaches of fundamental rights and data protection laws. This fits the definition of an AI Incident because the development and use of the AI systems (chatbots) and the malicious use of their data by the extension have directly led to violations of human rights and legal obligations.

The event describes an AI-related harm where an AI system (AI chat assistants) is involved, and a browser extension intercepts and collects users' AI chat data without proper informed consent, leading to a violation of privacy rights. This constitutes a breach of obligations under applicable law protecting fundamental rights, specifically privacy rights. The harm has already occurred as users' sensitive AI chat data was captured and shared without adequate consent. Therefore, this qualifies as an AI Incident due to realized harm linked to the misuse of AI system outputs and violation of user rights.