What Happened
A new browser extension called Prompt Armour launched on March 7, 2026, offering real-time PII and secret detection for AI chatbots. The tool runs entirely in the browser with zero server calls, intercepting sensitive data before it leaves your machine.
The extension works with ChatGPT, Claude, and Gemini. It catches a broad range of sensitive data types: emails, phone numbers, SSNs, physical addresses, credit card numbers, internal IPs, IPv6 addresses, MAC addresses, and database connection URIs. On the developer side, it detects AWS, OpenAI, Stripe, and GitHub keys along with 50+ other API key formats using high-entropy scanning.
The workflow is simple. Paste your data into any supported chatbot. Prompt Armour highlights detected sensitive items. You approve the redaction with one click, and the extension replaces values with tags like [EMAIL-1] or [PHONE-1] before submission.
Technically, it uses the browser's native CSS Highlight API instead of DOM manipulation, which means zero typing latency. It runs a twin-write architecture across localStorage and chrome.storage, and its detection logic is open-source. The developer, known as @TheAlexRider on X, is shipping Firefox and Edge support next.
Pricing: free forever for core PII and API key redaction. A planned Pro tier at $5/month will add custom regex patterns and team features.
Why It Matters
If you work with customer data, financial records, or code that contains API keys, you have likely pasted something sensitive into an AI chatbot at least once. We all have. The difference between a careful practitioner and a careless one is often just a missed AWS key in a stack trace or a customer email buried in a support ticket.
Most enterprise solutions to this problem involve proxies, DLP gateways, or corporate policies that say "don't do that." Prompt Armour takes a different approach: catch the data at the last possible moment, right in the browser, with no network dependency. That means it works on personal machines, not just managed corporate devices.
The 50+ API key format detection is particularly useful for developers who regularly paste error logs and config files into AI assistants for debugging help. One leaked Stripe key in a ChatGPT prompt is all it takes.
Our Take
This fills a real gap. The enterprise PII protection market is full of expensive, complex solutions that require IT deployment. Prompt Armour is a browser extension you install in 30 seconds.
The free tier being permanent and the open-source detection logic are smart moves for trust-building. If you are routing sensitive data through a privacy tool, you want to verify what it is actually doing. Open-source detection rules let you do that.
The $5/month Pro tier with custom regex is where this gets interesting for teams. Every company has internal identifier formats, project codes, and proprietary data patterns that generic PII detection will never catch.
Two concerns worth watching: browser extension permissions are broad by nature, and this tool needs to read everything you type into AI chatbots. The local-only architecture mitigates this, but you are still trusting the extension code. Second, the CSS Highlight API approach is clever but relatively new, so cross-browser consistency may be uneven as Firefox and Edge support rolls out.
For anyone who regularly pastes real data into AI tools, this is worth installing today. The free tier covers the most common leak vectors, and the zero-latency claim held up in our quick test.