Claude users

Incidents Harmed By

Incident 13563 Report
Urban VPN Proxy Browser Extension Reportedly Harvested and Sold Private AI Chatbot Conversations via Silent Update

2025-07-09

Security researchers reported that the Urban VPN Proxy browser extension introduced AI conversation–harvesting functionality in version 5.5.0, released July 9, 2025. The extension allegedly intercepted and exfiltrated private conversations from AI platforms including ChatGPT, Claude, Gemini, Grok, and others without a user-facing opt-out. The data, including sensitive personal and financial information, was reportedly shared with affiliated data brokers for commercial analytics.

Incident 13951 Report
Anthropic Said DeepSeek, Moonshot, and MiniMax Used Fraudulent Accounts and Proxies to Illicitly Distill Claude Capabilities at Scale

2026-02-23

Anthropic said it identified large-scale campaigns that used fraudulent accounts and proxy services to generate high volumes of Claude interactions to extract model capabilities for competitor training ("distillation"). Anthropic attributed the activity to DeepSeek, Moonshot, and MiniMax and said it involved millions of exchanges across thousands of accounts, violating its terms and access restrictions. Anthropic described detection measures, account controls, and indicator-sharing in response.

Claude users

Incidents Harmed By

Incident 13563 ReportUrban VPN Proxy Browser Extension Reportedly Harvested and Sold Private AI Chatbot Conversations via Silent Update

Incident 13951 ReportAnthropic Said DeepSeek, Moonshot, and MiniMax Used Fraudulent Accounts and Proxies to Illicitly Distill Claude Capabilities at Scale

Related Entities Related EntitiesOther entities that are related to the same incident. For example, if the developer of an incident is this entity but the deployer is another entity, they are marked as related entities.

Related Entities

Urban Cyber Security Inc.

Incidents involved as both Developer and Deployer

BiScience

Incidents involved as Developer

Urban VPN Proxy users

Incidents Harmed By

General public

Incidents Harmed By

Gemini users

Incidents Harmed By

Copilot users

Incidents Harmed By

ChatGPT users

Incidents Harmed By

Chatbot users

Incidents Harmed By

Browser extension users

Incidents Harmed By

Grok users

Incidents Harmed By

Meta AI users

Incidents Harmed By

DeepSeek users

Incidents Harmed By

Perplexity users

Incidents Harmed By

Perplexity

Incidents implicated systems

Meta AI

Incidents implicated systems

Grok

Incidents implicated systems

Gemini

Incidents implicated systems

DeepSeek

Incidents involved as Deployer

Incidents implicated systems

Copilot

Incidents implicated systems

Claude

Incidents implicated systems

ChatGPT

Incidents implicated systems

Urban VPN Proxy

Incidents implicated systems

Moonshot AI

Incidents involved as Deployer

MiniMax

Incidents involved as Deployer

Proxy reseller services

Incidents involved as Deployer

Anthropic

Incidents Harmed By

Incidents involved as Developer

Anthropic customers

Incidents Harmed By

National security and intelligence stakeholders

Incidents Harmed By

Claude API

Incidents implicated systems

Distillation

Incidents implicated systems

Model extraction

Incidents implicated systems

Account farming

Incidents implicated systems

Proxy access infrastructure

Incidents implicated systems

Incident 13563 Report
Urban VPN Proxy Browser Extension Reportedly Harvested and Sold Private AI Chatbot Conversations via Silent Update

Incident 13951 Report
Anthropic Said DeepSeek, Moonshot, and MiniMax Used Fraudulent Accounts and Proxies to Illicitly Distill Claude Capabilities at Scale

Related Entities