Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptopolitan /
Shocking Report: AI Browser Assistants Caught Stealing Sensitive Data from Private Websites

Shocking Report: AI Browser Assistants Caught Stealing Sensitive Data from Private Websites

Author:
Cryptopolitan
Published:
2025-08-13 21:55:49
12
2

AI browser assistants have been found capturing sensitive user data from private websites

Your digital helper might be robbing you blind—while you browse.

New findings reveal AI-powered browser extensions are scraping passwords, financial details, and private messages from supposedly secure sites. No patch, no warning—just silent data harvesting.

How your 'productivity tool' became a spy

These assistants bypass encryption by operating at the browser level, capturing everything before it's secured. Free versions monetize your keystrokes; paid versions still reserve the right to 'analyze user behavior.'

The ultimate insider threat

Unlike malware, these tools pass security checks because they're 'legitimate' software. One Fortune 500 company discovered its approved AI assistant had exfiltrated 18 months of internal communications to third-party servers.

Of course, the VC-backed startups behind these tools promise they'll 'revolutionize enterprise security' in their next funding round—right after selling your browsing history to data brokers.

Private sites exposed information to ChatGPT and like-minded tools

Results from the study were shocking. These revealed that nine of the ten tools took and sent private data, including medical histories, banking details, academic transcripts, as well as even social security numbers.

Perplexity AI was the only tool that did not appear to collect such data.

“These assistants have a level of access to our online activity that’s unlike anything we’ve seen before,” said Anna Maria Mandalari, the study’s senior author and an assistant professor at University College London.

“They make things quicker and easier, but our evidence shows that sometimes this comes at the expense of privacy, and in some cases, may break the law.”

Mandalari.

To run the tests, the team mimicked everyday browsing, shopping online, checking medical results, logging into bank accounts, and then asked the assistants follow-up questions like: What was the reason for the most recent medical visit?

Through intercepting and decoding the data moving between the user’s browser, the AI company’s servers, and third-party trackers, the researchers found that some assistants still collected and transmitted full-page content from supposedly secure sites.

As for Merlin, the researchers discovered a mix of sensitive data to include health records, banking details, exam results, and taxpayers’ social security numbers.

Peers Sider’s AI assistant and TinaMind were seen sending user prompts to Google Analytics, as well as identifying essential information like IP addresses. This data could be used for targeted advertising and cross-site tracking.

According to the researchers, other assistants like Copilot and Monica quietly kept complete chat logs in the browser even after sessions ended.

When accessed via certain browser integrations, OpenAI-made ChatGPT profiled users based on their perceived age, income level, gender, and interests, then tailored its answers accordingly.

“There’s simply no clear way for users to know where this information ends up once it’s been collected,” Mandalari warned.

Recently, OpenAI CEO Sam Altman warned users of privacy concerns, saying they should be cautious when using chatbots like ChatGPT for certain purposes, as they don’t carry some privacy safeguards as those with a real doctor or lawyer, for instance.

Could AI tools be breaching the laws?

The research was carried out in the United States, but the team concluded that some AI assistants were likely in breach of both American and European privacy laws. In the US, certain cases appeared to violate rules protecting medical information, while in the EU, the findings suggested potential breaches of the General Data Protection Regulation (GDPR), which has strict limits on the storage and sharing of personal data.

Even where companies publish privacy notices, the fine print can be startling. Merlin’s EU and UK policy, for instance, lists names, contact details, login credentials, transaction records, payment information, and any typed input as data it may collect. It says this may be used for personalisation, customer support, or legal compliance.

Sider makes similar disclosures, adding that user data can be analysed for “insights” or to help develop new services. It names Google, Cloudflare, and Microsoft as possible data recipients, while assuring that partners are bound by contracts to safeguard personal information.

OpenAI’s own terms confirm that data from UK and EU users is stored outside those regions, though the company says user rights are unaffected.

“These products are pitched as making web use faster and smarter,” she said. “But what’s happening under the hood is often a detailed recording of your private life online.”

With regulators tightening data protection rules and tech firms rushing to embed AI into every corner of the internet, scrutiny of these tools is likely to grow.

For now, the researchers recommend caution. While Perplexity AI avoided the privacy pitfalls in their testing, most others did not. “If you let an AI see everything you do online,” Mandalari said, “you should assume that somewhere, somehow, that information is being stored, and maybe even shared.”

KEY Difference Wire helps crypto brands break through and dominate headlines fast

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved