Skip to content

Privacy Guardrail: Chrome Extension Protects Sensitive Data from Chatbots

(Image: DFKI). Anyone who inserts text into AI chatbot services [1] can now use a new extension for Chromium-based web browsers such as Google Chrome. It’s called Privacy Guardrail and comes from the German Research Center for Artificial Intelligence (DFKI) and RPTU Kaiserslautern-Landau. The extension is designed to detect and anonymize personal data locally in the browser. Privacy Guardrail is currently in public beta (version 0.2.0).

Placeholders instead of plain text

When inserting a text [2], the extension intercepts the clipboard paste event and analyzes the content locally. Information that the system recognizes as requiring protection is then replaced – before being sent to the AI service. In the settings, users can choose between two replacement modes: either sensitive information is replaced with typed placeholders like [EMAIL_1] or [PERSON_1], or the system uses synthetic, realistic but clearly fictional values – such as neutral made-up names or standardized test values for credit card numbers, IBANs, or IP addresses. The advantage of synthetic values: the AI service receives naturally readable text instead of conspicuous placeholder tokens.

„Privacy Guardrail” displays sensitive data identified via regex and local AI. Detection thresholds can be individually adjusted in the settings.

For particularly sensitive categories such as passwords, URLs, and dates, the synthetic mode deliberately resorts to placeholders according to the source code, as generating realistic fake passwords or URLs is considered too risky. The extension manages the mapping between original and replacement values in a local “Identity Vault” in the browser profile – without synchronization via Chrome Sync. This is intended to allow AI responses to be locally de-anonymized later, and replacements to remain consistent across sessions and platforms.

Two detection levels

Technically, Privacy Guardrail combines two methods. A rule-based engine – implemented in Rust and compiled to WebAssembly – detects structured data such as email addresses, credit card numbers, IBANs, or IP addresses. Optionally, a local AI model complements detection with context-dependent information such as names, organizations, or addresses. According to the repository, a multilingual NER model based on XLM-RoBERTa is used, which is intended to cover 24 European languages and 36 entity classes. The model runs via ONNX Runtime Web directly in the browser and uses WebGPU for acceleration if available. Without GPU support, execution takes place via CPU or WASM, which according to DFKI can be significantly slower.

High hardware requirements

The local AI component places comparatively high demands on hardware. The DFKI recommends at least 16 GB of RAM and a WebGPU-capable GPU. With less than 8 GB of RAM, the extension automatically disables AI recognition and works only with rule-based pattern matching.

The DFKI explicitly points out limitations. Detection could miss sensitive content or incorrectly flag harmless content. Short names, ambiguous terms, tables, code blocks, or unusual formatting reduce detection quality. Privacy Guardrail is therefore not a DLP or compliance solution, but rather an assistive protection layer.

Additionally, the extension is currently limited in beta to three platforms: ChatGPT, Claude, and Gemini. Other AI chatbot services, browser-based tools, or internal enterprise applications are not supported.

The development team plans to support smaller models, more efficient inference paths for resource-constrained devices, and additional browsers and mobile platforms. The source code of the Privacy Guardrail browser extension [3] is available on GitHub under the Apache-2.0 license; the finished extension can be installed directly from the Chrome Web Store [4].

See also:

Privacy Guardrail [5] at heise download.

(vza [7])

URL of this article:

https://www.heise.de/-11303231

Links in this article:

https://www.heise.de/thema/Kuenstliche-Intelligenz

https://www.dfki.de/web/news/privacy-guardrail-fuer-ki-prompts-direkt-im-browser

https://github.com/dfki-dsa/pii-guardrail-browser-extension

https://chromewebstore.google.com/detail/privacy-guardrail/mcfmihbghefbeeaapopamagaalkbanmp

https://www.heise.de/download/product/privacy-guardrail?wt_mc=intern.red.download.tickermeldung.ho.link.link

https://www.heise.de/newsletter/anmeldung.html?id=ki-update&wt_mc=intern.red.ho.ho_nl_ki.ho.markenbanner.markenbanner

mailto:vza@heise.de

Copyright © 2026 Heise Medien

heise security News

Share on: