After the 900K-User Malicious Extension Incident: How to Choose a Safe AI Privacy Extension
"After the 900K-User Malicious Extension Incident: How to Choose a Safe AI Privacy Extension" — buyer's guide with security criteria.
Feature: Chrome Extension (JIT Anonymization) · Region: GLOBAL · Source: anonym.community research
The Problem
In January 2026, two malicious Chrome extensions — "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" (600,000+ users) and "AI Sidebar with Deepseek, ChatGPT, Claude and more" (300,000+ users) — were discovered exfiltrating complete ChatGPT and DeepSeek conversations every 30 minutes to a remote C2 server. The extensions posed as privacy/AI enhancement tools. They requested permission to "collect anonymous, non-identifiable analytics data" but instead captured source code, PII, legal matters, business strategies, and financial data. This incident highlighted that the tool users install for privacy may itself be the attack.
Key Data Points
- EU AI Act biometric AI provisions effective August 2026
- 600,000+ workers in EU subject to real-time workplace monitoring by AI systems (Eurofound 2025)
- 300,000+ GDPR complaints filed involving biometric data processing 2020-2025 (EDPB)
Real-World Use Case
A privacy-conscious enterprise IT team wants to deploy AI PII protection for their workforce but is concerned about the malicious extension risk after the 900K-user incident. anonym.legal's verified publisher identity, local processing architecture, and ISO 27001 certification provide the assurance needed to add the extension to the corporate approved list.
How anonym.company Addresses This
anonym.legal Chrome Extension processes everything locally — no data is sent to a C2 server or any third party during PII detection. Extension is published by the verified anonym.legal publisher. Zero-knowledge architecture means even anonym.legal cannot access the PII that passes through the extension. ISO 27001 certification provides independent security verification.