The rise of generative AI solutions is giving rise to a new type of data, still largely underestimated in debates on the protection of privacy. Especially since these are now conversations, structured, sometimes intimate, formulated by users who speak without filter to assistants seen as neutral and secure. This particularly rich data represents a source of unprecedented value for data brokers, who did not fail to take an interest in it very quickly.
Richer data than clickstream
After having built an economy largely based on navigation signals (pages viewed, clicks, time spent, purchasing journey) the data industry has mainly focused on deducing behavior, rarely on capturing explicit intentions. Conversations with AI profoundly modify this logic and the very nature of the information collected.
A prompt reveals what the user seeks to understand, mediate or produce. It can reveal a professional project, a strategic reflection, a personal concern or an unfinished purchasing intention. An opportunity for players specializing in the analysis and resale of data, some of whom quickly saw the potential. It remains to be understood by what mechanisms these conversations can be captured.
The browser, an obligatory crossing point for AI uses
In the majority of cases, access to large AI chatbots is via the browser. ChatGPT, Gemini, Claude, Copilot or Perplexity are used alongside work tools, messaging or SaaS platforms, and this centrality of the browser makes it an ideal collection surface.
Browser extensions come into play, which then play a key role. Installed to block ads, secure browsing or offer a free VPN, they have extensive permissions, with access to page content, reading the DOM, and the ability to inject or intercept code. For the user, these mechanisms remain abstract, even invisible, even though they offer direct access to conversations, in plain text, even before they are processed or protected by the AI platforms themselves.
From free tool to industrial data pipeline
Free extensions have long been a privileged area for the massive collection of information. VPNs, ad blockers or security tools rely on very wide distribution, often without direct financial compensation for the user. In this model, a formula summarizes the economic logic at work: when it is free, it is the user who becomes the product.
In several cases which have been documented by cybersecurity researchers, the mechanisms implemented rely on the same technical backend which powers several extensions, sometimes distributed under different brands. Integrated SDKs make it possible to pool the collection, aggregate data from millions of browsers, then structure it.
What must be kept in mind is that this capture is neither based on sophisticated attacks nor on circumvention of the security systems of AI publishers. It is carried out upstream, directly in the user’s local environment, as soon as an extension with the appropriate permissions is installed.
Once collected, conversations are not used in their raw state. They are analyzed, segmented, then enriched by crossing with other behavioral signals. This data then feeds economic, marketing or competitive intelligence products. For the clients of these services, the issue is not access to individual exchanges, but the identification of trends, emerging intentions and weak signals with high strategic value. The same operating method could, however, be hijacked by malicious extensions aimed, this time, at the direct exploitation of sensitive individual information.
Why AI conversations are worth more than historical data
The value of this conversational data is due to several factors, starting with its declarative nature. Contrary to observed behavior, the user explicitly formulates their needs, often without filter, but also their freshness, the conversations reflecting immediate concerns, sometimes linked to current decisions.
They are also difficult to reconstruct by other means, very far from what cookies or advertising identifiers allow. A cookie can be deleted, an identifier reset, a conversation offers significantly greater depth of analysis.
In a context where regulations are focused on access to traditional data, this new raw material appears to be a particularly attractive alternative.
A persistent regulatory gray zone
Especially since the collection of AI conversations via extensions falls into a legal gray area. Consent is often implicit, diluted in conditions of use that are difficult to read, or even not read. Especially since software updates can introduce new features without explicit information from the user.
The question of the purpose of the processing arises acutely. Distribution platforms, such as the Chrome Web Store or Edge Add-ons, play the role of trusted third parties, without being able to ensure continuous monitoring of the actual behavior of extensions after their validation.
An underestimated risk for businesses
For companies, the risk is to date little identified, and it is the purpose of this article to raise awareness among general management of this critical subject. Conversations with AIs frequently mix personal data, company information, strategic thoughts or customer information. Everyone will understand that it is not the AI models that pose a problem here, but the environment in which they are used.
If it is today necessary to restrict the use of extensions, to tighten browser configurations to favor compartmentalized AI environments, raising awareness and training employees on this subject proves to be the best way to protect themselves.
