Your employees paste sensitive data into AI chat faster than any policy can catch it.
Inspect every prompt before it reaches the provider.
Customer records, source code, internal identifiers, secrets — they go into ChatGPT, Claude, and Gemini in seconds, and an acceptable-use memo does nothing in that moment. The AI Chat Firewall is a managed browser extension that evaluates each prompt against your organization's policy in real time, on the device, before it ever reaches the AI provider — and blocks the ones that violate it, with the reason shown to the employee.
Real-time prompt inspection at the browser, fail-closed by design — ChatGPT, Claude, Gemini, Copilot, Grok, Perplexity.
Policy lives in a document. The paste happens in the browser.
The gap between what your AI-use policy says and what an employee actually types into a chat box is where the data loss happens.
Generative-AI assistants are now part of the daily workflow: drafting, summarizing, debugging, analyzing. That is genuinely useful, and it also means a steady stream of organizational data leaves the building one prompt at a time — a customer's record pasted in for a summary, a config file dropped in to debug an error, an internal URL or API key copied along with the rest of a snippet.
Network DLP and CASB tools were built for files and email, not for a text box inside an HTTPS session to a third-party AI provider. By the time anything downstream sees the traffic, the prompt has already been submitted. The control has to live where the paste happens — in the browser, before the request is sent.
That is what the AI Chat Firewall does: it sits in the browser, reads the prompt the employee is about to submit on a monitored AI site, and checks it against your policy before the submission completes.
How it works
A managed browser extension, an encrypted policy check, and a clear block — in the moment, before the prompt leaves the device.
Policy set by your admins
Your IT or security team configures policies in the Containment.ai dashboard. The extension pulls that policy configuration down to each device. It deploys at scale through Chrome Enterprise managed storage — push it via group policy or MDM, no per-user setup.
Every prompt, in real time
When an employee submits a prompt on a monitored AI site, the extension sends the text over a TLS-encrypted connection to the policy-check service, which evaluates it against your organization's policy and returns an allow or block decision — before the prompt reaches the AI provider.
Stopped, with the reason shown
A violating prompt is blocked at the point of submission, and the employee sees exactly which policy fired and why. The policy check does not store the full prompt; only violation alert metadata — policy name, severity, the message, and the matched term or pattern — is recorded for your administrators' audit log.
What's in the firewall
Built for security teams who have to deploy it broadly and defend it to an auditor.
Real-time prompt inspection
Each prompt is evaluated against policy at submit time, on the device, before it reaches the AI provider — not reconstructed from logs after the fact.
TLS-encrypted policy check
Prompt text travels only to Containment.ai's policy-check service, over TLS, solely to evaluate it against your policy — never to advertisers or data brokers.
Fail-closed by default
An unauthenticated or misconfigured extension blocks rather than permits. The safe state is the default state — a misconfiguration cannot quietly turn the control off.
Chrome Enterprise managed storage
Configurable via the Chrome Enterprise managed-storage schema and deployable at scale through group policy or MDM. No per-user install ritual.
Per-domain policy
Apply different rules per AI site. Sessions are stored locally per device (not synced), so policy follows the device, not a roaming profile.
Audit metadata, not prompt hoarding
Violation alert metadata feeds the admin audit log for review and compliance reporting. Pairs with the Containment.ai dashboard for policy management and SOC 2, GDPR, and EU AI Act Article 12 evidence needs.
Supported surfaces today: ChatGPT, Claude, Gemini, Microsoft Copilot, Grok, and Perplexity.
Who this is for
Security teams facing shadow AI
Your people are already using AI assistants whether or not you have sanctioned a tool. You need a control on the prompt itself — at the browser — rather than a block list that pushes usage onto personal devices.
Regulated workplaces
Healthcare, financial services, and the public sector cannot afford a customer record or a regulated identifier landing in a third-party model. You need the block to happen before submission, with an audit trail you can show.
IT admins deploying at scale
You manage a fleet through group policy or MDM and need a control you can push centrally, configure per domain, and run without touching every endpoint by hand.
Compliance & privacy owners
You are accountable for SOC 2, GDPR, and EU AI Act obligations and need evidence that prompt-level controls exist and fire — not just a policy document that asserts they should.
What it does — and what it doesn't
Honest scope. The firewall governs the human at the browser; other layers cover the rest.
What it does
- Inspects employee prompts to supported AI chat sites in real time, before they reach the provider.
- Returns an allow or block decision against your organization's policy, with the reason shown to the user.
- Fails closed, deploys via Chrome Enterprise managed storage, and feeds violation metadata to your audit log.
What it doesn't claim
- It is a browser-layer control for people using chat assistants — not a control for autonomous agents acting on their own. That is Agent Governance.
- It returns allow or block at the browser; real-time redaction lives at the proxy layer, not in the extension.
- It covers the AI surfaces listed above today; it is not a universal network DLP for every application.
- No invented customers, no invented metrics. It requires a Containment.ai account; a free tier is available.
Where it fits in the stack
The AI Chat Firewall is the human-facing edge of the Containment.ai platform — the layer that governs people using AI in the browser.
AI Chat Firewall
This product. Governs the prompts people submit to AI chat assistants, at the browser, before they leave the device.
Agent Governance
Deterministic, pre-execution decisions on what autonomous agents do — the layer above human chat usage.
High-Assurance Gateway
For air-gapped and cross-domain environments where the same governance must run under defense-grade rigor.
Stop the next risky paste
Start free, or book a 30-minute demo. We'll show the firewall blocking a real sensitive paste on ChatGPT in real time — and the audit record it writes.
Comparing approaches to runtime AI governance? See how we align with the AARM standard →