Data Brokers Sell Chatbot Conversations With Sensitive Details

Investigative reports by Lee S Dryburgh and Koi Security (December 2025) show data brokers sell access to chatbot conversations captured by browser extensions. Researchers queried a VC-backed platform—205 queries returned about 490 unique prompts from over 435 panelists across 20 sensitive categories—revealing verbatim health, immigration, and legal disclosures stored in searchable vector databases. The findings raise privacy and legal risks for users and vendors.
Key Points
- 1Capture: Browser extensions intercept AI chats, recording prompts and responses verbatim into searchable databases.
- 2Reveal sensitive PII and health details across ~490 prompts from ~435+ panelists, enabling re-identification.
- 3Require practitioners to avoid pasting sensitive data, vet extensions and vendor data handling practices.
Scoring Rationale
High novelty and industry-wide scope increase impact, tempered by reliance on investigative reports rather than official regulatory findings.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems


