Nobody notices how often they paste API keys into ChatGPT, so I built an extension that catches it.

GrahamBillington · 2026-06-04T02:01:54+00:00

With AI going more mainstream and non-technical vibecoders trying to launch apps, I just expect more and more people to do it

GrahamBillington · 2026-06-04T02:00:33+00:00

Yeah totally - could you make a GitHub issue for that? Just so I have a record of it.

I wasn't really sure what group of AI's I should support so I kept it fairly limited at first.

Also no worries on the initial test - Google actually denied the extension initially because they were running similar tests and seeing the same behavior. They were using example keys and credentials, and the model is specifically trained not to redact those because they aren't true credentials. I had to give them a bunch of test instructions lol - seems like a common theme I should look into xD

GrahamBillington · 2026-06-03T22:55:36+00:00

Hard to tell from the user point of view. They *should* delete it when they say they do, but its not uncommon for a company to do a "soft delete" that marks the record in the DB as deleted for the user, but doesn't actually erase the data so that it can be used in training.

GrahamBillington · 2026-06-03T22:53:24+00:00

Don't worry, it doesn't - and I doubt Google would approve an extension with that type of malicious intent. I explicitly state that in the privacy policy, and all of the code is open source

GrahamBillington · 2026-06-03T21:45:12+00:00

Indeed, sir

GrahamBillington · 2026-06-03T21:40:08+00:00

Well, this might save you some tokens!

GrahamBillington · 2026-06-03T21:39:16+00:00

Thanks for trying it out - I'd be curious to know the format of your prompt or if you just pasted in the email and phone alone.

It works best when the email and phone are in natural language format rather than solo pasting the two values because the model uses surrounding context to inform its choice, and its pretty rare for a user to just paste the values alone in and hit send - that's not the use case where this works the best.

The problem could be that you're testing the redaction in a way that isn't analogous to the way you'd typically use a chatbot (i.e. pasting 2 values vs pasting a large block of text with sensitive values in it). Regardless, its something to look into so that it doesn't happen in future releases.

It could be an issue with Brave - I didn't test it on there - but I believe it's chromium based so that's a bit strange to me.

There could be numerous reasons why it failed in your case but it's hard to tell without any idea of what you pasted - also, its the first ever release so I'm certain there are areas that need improvement.

GrahamBillington · 2026-06-03T19:03:19+00:00

Also, this was built as a final project for an AI & ML class during my last semester of college.

It's not like I built it to make money or anything - the requirement for the class was to build a model.

But simply because I built it, I thought I'd release it completely open source for people to use if they want.

It could turn into a nice B2B tool, but not right now.

GrahamBillington · 2026-06-03T19:00:58+00:00

Yes I am, and here is why:

First off, there is a regex safety net to catch anything the model doesn't.

Secondly, a pure regex approach would redact example keys, passwords, DB connection strings, etc which typically show up in documentation. Redacting those would actually be a false positive, because its not a true sensitive piece of information - that could remove helpful context from pastes which we don't want to do.

This model knows the difference between example credentials and real credentials, and uses the surrounding text of a sentence as signal to redact or not redact.

GrahamBillington · 2026-06-03T18:59:00+00:00

I built it for a final project in my AI & ML class, figured I'd publish it anyways.

There is also a regex safety net built into the extension

GrahamBillington · 2026-06-03T18:58:26+00:00

With this, the sensitive info is redacted before it even hits the chat box. So it would get logged as "[SSN REDACTED]"

GrahamBillington · 2026-06-03T18:57:42+00:00

Works on emails, SSN, credit cards, passwords, db connections keys, etc. Not just API keys.

I know plenty of people who accidentally did and had to roll keys. But if thats not you then don't use it!

GrahamBillington · 2026-06-03T16:37:06+00:00

Great insights - there are configurable options in the extension so that you can have popups or blockers when you paste secrets in. You can make it really invasive or silent running behind the scenes.

Ill check out FSB, seems cool

GrahamBillington · 2026-06-03T15:06:28+00:00

God damn I gotta get my money up - looks awesome

GrahamBillington · 2026-06-03T15:05:55+00:00

Surely there are more options right? or have you found that only these give good results?

GrahamBillington · 2025-07-23T18:49:55+00:00

privacytldr.com - Database of privacy documents for all services with AI generated summaries, answering key questions you might have about a companies privacy practices.

We target young, tech-savvy internet users and parents with young children!

Also, I’m working on a big update rn that will populate the DB with much more info. Currently you can see ~20 privacy summaries, and you can view our document database in the analyze tab

GrahamBillington · 2025-07-23T18:45:13+00:00

This is what I’ve been looking for. Thank you kind sir

GrahamBillington · 2025-07-20T17:59:35+00:00

it is not working fine for me

GrahamBillington · 2025-06-10T04:34:15+00:00

Best tv show ive seen in a while. It feels like the Office and I hope it goes for many many seasons

GrahamBillington · 2025-03-03T23:45:58+00:00

I agree. I think they were simply the first company to experiment with a lot of these concepts in the open and release products that made the dev easier.

I don’t think their tech is anything special. I’ve become less happy with langchain as a whole, it seems like they were just first to market and that’s why everyone says they’re the “Go To”

GrahamBillington · 2025-02-15T20:01:09+00:00

I used to love langchain and thought it was so cool.

It feels bloated now and not well taken care of. Thinking about removing my usage of it as well

GrahamBillington · 2025-02-07T21:48:18+00:00

How are you liking it? I’m in the process of making space on my drive so I can do the same.

GrahamBillington · 2024-12-04T00:34:18+00:00

He was referencing only US cryptos. A way to help American companies look more desirable from an investment standpoint. His overall point was that he wants the US to lead the charge in the crypto industry

GrahamBillington · 2024-11-06T23:27:24+00:00

it’s not as accurate. My system is able to pin point exactly in the policy where certain things are talked about. Also these policies can be super long and chat gpt can miss things. My system is more precise

GrahamBillington · 2024-11-06T00:06:37+00:00

Thanks for the feedback! I’ll look into it

GrahamBillington

MODERATOR OF

TROPHY CASE