According to Koi Security’s findings, urban VPN injects scripts that activate whenever users interact with popular AI platforms, capturing both prompts and responses, even when VPN features are disabled.
Hidden scripts in “privacy” armor
Apart from offering a VPN service, Urban VPN Proxy deployed “executor” scripts that activate when a user opens AI chat platforms like ChatGPT, Claude, Gemini, Perplexity, Grok, and others. “Each platform has its own dedicated script-chatgpt.js, claude.js, gemini.js, and so on,” Koi researchers said in a blog post.
These scripts override key browser network APIs to intercept everything a user types and receives, package it, and send it off to Urban VPN’s backend systems. The underlying code continuously monitors AI conversation content and related metadata, and uploads it regardless of VPN use.
The Chrome extension carries high ratings and a “Featured” badge by Google, giving users an implicit trust signal, the researchers noted. “The badge from Google means it had passed manual review and met what Google describes as a high standard of user experience and design,” they said.
