Wyloc: An AI Data Protection Tool to Block Sensitive Information Leaks in Browsers

Wyloc is an open-source AI data protection tool that runs locally in the browser. It focuses on detecting and blocking sensitive information such as API keys and passwords before users submit prompts to AI services like ChatGPT and Claude, enabling privacy protection with zero network requests. It fills the gap in prompt-time protection that traditional Data Loss Prevention (DLP) tools lack, and safeguards user privacy in a precise and lightweight manner.

With the popularity of generative AI tools, users often paste content containing sensitive information into conversation interfaces. Traditional DLP tools have shortcomings: code repository-level tools (e.g., GitGuardian) perform post-hoc detection; enterprise-level network DLP tools (e.g., Netskope) block websites in a one-size-fits-all way, which affects efficiency. Wyloc blocks precisely on the client side without affecting normal usage.

Wyloc is a prompt-time DLP tool whose core mission is to scan for sensitive information and prevent leaks before submission. It adopts a local-first design: zero network requests (all detection is done locally), no account required, instant data discard (no storage after scanning), and open-source transparency (unminified code).

1. Detection: Scans input text in milliseconds and identifies various credentials (AWS keys, GitHub tokens, JWT, etc.); 2. Warning/Block: Immediately blocks submission and prompts the type of sensitive information when detected; 3. Desensitization: Replaces sensitive information with placeholders while retaining the prompt context.

It uses a monorepo structure:

• @ai-dlp/detector: A zero-dependency TypeScript engine that supports multiple environments (browser/IDE/CLI) and has 85 test cases to ensure accuracy;
• @ai-dlp/browser-extension: A Chrome/Edge extension (Manifest V3) that blocks web interactions in general mode.

Implemented: Zero-dependency detection engine, Chrome/Edge extension, adapters for ChatGPT/Claude/Gemini sites; Planned: Virtual replacement engine, network-layer blocking, VS Code plugin, team dashboard (metadata statistics/SSO/audit).

Wyloc's privacy commitments are verifiable: users can confirm zero network requests via the browser's Network panel, read unminified source code, and build and install the extension locally, eliminating trust issues.

Applicable Groups: Developers (debugging sensitive code), DevOps engineers (handling cloud credentials), security organizations (lightweight DLP), individual users (privacy protection); Summary: Wyloc represents a new paradigm of client-side protection (shifting the protection layer to the client side). Compared to traditional trust boundary models, its open-source nature and verifiability set a benchmark for security tools, providing AI users with a simple and effective privacy protection solution.