Privacy Guardrail: Chrome extension aims to protect sensitive data from chatbots
Anyone who pastes text into AI chatbots often unintentionally shares sensitive data. A new Chrome extension from DFKI aims to prevent this.
(Image: DFKI)
Anyone who wants to protect personal data before pasting it into AI chat services can use a new extension for Chrome-based web browsers like Google Chrome. It is called Privacy Guardrail and comes from the German Research Center for Artificial Intelligence (DFKI) and RPTU Kaiserslautern-Landau. The extension is intended to detect and anonymize personal data locally in the browser. Privacy Guardrail is currently in public beta testing (version 0.2.0).
Placeholders instead of clear data
When pasting text, the extension intercepts the clipboard's paste event and analyzes the content locally. The system then replaces information identified as sensitive – before it is sent to the AI service. In the settings, users can choose between two replacement modes: either sensitive parts are replaced by typed placeholders such as [EMAIL_1] or [PERSON_1], or the system uses synthetic, realistic but clearly fictitious values – such as neutral fantasy names or standardized test values for credit card numbers, IBANs, or IP addresses. The advantage of synthetic values: The AI service receives naturally readable text instead of conspicuous placeholder tokens.
For particularly sensitive categories such as passwords, URLs, and dates, the synthetic mode deliberately uses placeholders according to the source code, as generating realistic fake passwords or URLs is classified as too risky. The extension manages the mapping between the original value and the replacement value in a local “Identity Vault” within the browser profile – without synchronization via Chrome Sync. This allows AI responses to be de-anonymized locally later and replacements to remain consistent across sessions and platforms.
Two detection levels
Technically, Privacy Guardrail combines two methods. A rule-based engine – implemented in Rust and compiled to WebAssembly – detects structured data such as email addresses, credit card numbers, IBANs, or IP addresses. Optionally, a local AI model supplements the detection with context-dependent information such as names, organizations, or addresses. According to the repository, a multilingual NER model based on XLM-RoBERTa is used, which is intended to cover 24 European languages and 36 entity classes. The model runs via ONNX Runtime Web directly in the browser and uses WebGPU for acceleration if available. Without GPU support, execution occurs via CPU or WASM, which can be significantly slower, according to DFKI.
Videos by heise
High hardware requirements
The local AI component places comparatively high demands on hardware. DFKI recommends at least 16 GByte RAM and a WebGPU-capable GPU. Below 8 GByte of RAM, the extension automatically deactivates AI detection and only works with rule-based pattern recognition.
DFKI explicitly points out limitations. Detection may overlook sensitive content or incorrectly flag harmless content. Short names, ambiguous terms, tables, code blocks, or unusual formatting reduce detection quality. Privacy Guardrail is therefore not a DLP or compliance solution but an assistive protection layer.
Furthermore, in its current beta, the extension is limited to three platforms: ChatGPT, Claude, and Gemini. Other AI chat services, browser-based tools, or internal company applications are not supported.
The development team plans to support smaller models, more efficient inference paths for resource-constrained devices, and additional browsers and mobile platforms. The source code of the browser extension “Privacy Guardrail” is available on GitHub under the Apache 2.0 license; the finished extension can be installed directly from the Chrome Web Store.
(vza)
