Asger Risom
A fast-growing AI shopping assistant backed by prominent investors is under pressure after independent analysts uncovered extensive data collection inside its desktop browser extension.
A fast-growing AI shopping assistant backed by prominent investors is under pressure after independent analysts uncovered extensive data collection inside its desktop browser extension.
Security researchers told Fortune the tool gathered far more information than users would expect from a price-comparison utility — including full copies of webpages containing private financial and email content.
Researchers sound alarm
Four cybersecurity specialists who examined Phia’s code said earlier versions of its browser extension quietly transmitted snapshots of every webpage users opened. According to Fortune, that included Gmail inboxes, online banking portals and other pages unrelated to retail browsing.
Maahir Sharma, a Dublin-based former Meta software engineer, was the first to document the behavior. “I discovered that the URL of every tab I visited was being logged, which was a red flag,” he told Fortune. “Technically, this meant my complete browsing history could be reconstructed from this data alone.”
As Sharma dug deeper, he found a function in the code — “logCompleteHTMLtoGCS” — that compressed and uploaded the full HTML of each page to Phia’s servers. “I tested it using a Revolut account while the extension was installed. And, unsurprisingly, that activity was logged as well,” he said.
His findings were later replicated by three additional researchers and reviewed by two further cybersecurity experts, Fortune reported.
A fast-rising startup under scrutiny
Phia, co-founded by Bill Gates’ daughter Phoebe Gates and Sophia Kianni, launched in April and quickly amassed hundreds of thousands of users across its app and extension. The New York–based company recently closed an $8 million seed round led by Kleiner Perkins, with backing from Hailey Bieber, Kris Jenner and Sheryl Sandberg. TIME also named Phia one of the “Best Inventions of 2025.”
After Sharma contacted the company last week, Phia removed the HTML-logging feature. But reports show the startup did not notify users or clarify what happened to the previously transmitted data.
Security researcher Charlie Eriksen of Aikido Security questioned why the “archive” function existed at all. “Not only do I not believe the ‘archive’ feature should ever have existed, and question why it was ever implemented, but they have no right to do any such thing under their own privacy policy,” he told Fortune. “This one must be among some of the crazier things.”
What Phia says happened
In a statement a company spokesperson said: “All versions of Phia, current and previous, performed logging in an aggregate and anonymous way for the purpose of identifying and discovering new retail websites.” The spokesperson added that webpage content had been logged only to determine whether a site was a shopping destination, and that Phia “has never in the past, or at present stored this data.”
The company said the extension now logs only URLs.
Researchers remain unconvinced. Eyal Arazi of LayerX Security said: “The original version collected full page contents, and it was running as a background service. It collected pretty much all web pages for all users, which is a huge security and privacy violation.”
Policy contradictions and legal risks
Analysts told Fortune the extension’s behavior appeared inconsistent with Phia’s public disclosures. Its privacy policy states the company “generally excludes personally identifiable information” and limits data collection to “retail sites.” Its Chrome Store listing also says collected data is not used beyond the extension’s core functions.
Alexandre Pauwels, a cybersecurity researcher at the University of Cambridge who examined the extension, said: “Its privacy policy fails to highlight this scraping… Although Phia seems to have addressed the issue, this does not tell us whether or not they have deleted the data itself.”
Legal experts said the practices could expose the company to regulatory scrutiny in Europe and the U.S. “The practices described would likely breach several core principles of the UK and EU GDPR,” said Chris Linnell of Bridewell. U.S. state privacy laws could also come into play, according to Steven Roosa of Norton Rose Fulbright.
Phia responded that its practices remain “in compliance with applicable privacy laws,” and that URL checks are momentary, anonymous and immediately discarded.
Updated extension still raises concerns
Despite the fix, researchers stated the extension’s reduced data collection still poses risks because URLs often contain sensitive information such as search terms, identifying strings or account numbers.
LayerX Security analysts found that Phia’s “whitelist”—meant to exclude certain sites from logging—is dynamic and incomplete. For example, the extension avoids capturing Google Search URLs but does log Microsoft Bing search pages.
Nick Nikiforakis of Stony Brook University noted that tying extension activity to login credentials sharply increases the stakes. “Since users have to log in [to Phia] with their Gmail/Apple email account, this means that Phia has the ability to perfectly reconstruct the users’ browsing history… and associate that history with real user identities,” he said. “From a software engineering point of view, this is unnecessary.”
A wider problem for AI startups
Sharma said the case reflects a broader pattern across rapidly scaling AI companies. “The vulnerabilities I’ve seen in startups over the past year have been alarming,” he told Fortune. “These companies are moving at a pace that’s easily ten times faster than what we once considered a standard software development lifecycle.”
Researchers interviewed by Fortune warned that agentic AI browsers and extensions — including those built by major firms — require deep system access, creating new openings for misuse or errors. “While browser extensions may appear harmless, they are, in fact, extremely potent tools that can have wide-ranging access to personal data—and there’s virtually no oversight of them,” said Or Eshed, CEO of LayerX Security. “It’s difficult to say for certain whether this data exposure is the result of malice or malpractice, but the end result is the same.”
Sources: Fortune
This article is made and published by Asger Risom, who may have used AI in the preparation
