Security Teams Misjudge Workflow Data Risks
Security teams remain focused on protecting AI models, but recent incidents show greater danger lies in workflows and tooling. Two malicious Chrome extensions recently exfiltrated ChatGPT and DeepSeek chat data from over 900,000 users, underscoring the need for extension vetting, data-handling controls, and runtime monitoring to secure AI-assisted workflows.
Key Points
- 1Reports show two Chrome extensions exfiltrated ChatGPT and DeepSeek chats from over 900,000 users.
- 2Demonstrates attackers target surrounding workflows, increasing supply-chain and user-tooling attack surfaces beyond model code.
- 3Urges security teams to implement workflow controls: extension vetting, data encryption, access auditing, and runtime monitoring.
Scoring Rationale
Practical incident with actionable mitigation advice, limited by single-source reporting and shallow technical detail.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

