One paste away
from a leak.

Kasbah catches API keys, credentials, credit cards, and client data before they reach any AI tool. Detection runs entirely in your browser — your content never reaches our servers.

Experience the Power See it in action
Chrome Edge Brave Arc Firefox Safari

100% free  ·  No account required  ·  Works instantly

See how it works first →

🔒 chatgpt.com Kasbah active
ChatGPT
Fix this config — here are the creds:
DB_URL=postgresql://admin:xK9#[email protected]/customers
API_KEY=AKIA4HFKS82JDKSL93PQ
Kasbah blocked this
Your data stayed on your device
Detected
database credentials · AWS access key

Sending this would expose your production database and cloud account. Block it.

100%
local detection
0
content sent to servers
<10ms
detection speed
91/100
accuracy

What it catches

The things you didn't mean to share

Real patterns. Real risk. Stopped before they leave your device.

Blocked
API keys & secrets
AKIA4HFKS82JDKSL93PQ
AWS, GitHub, OpenAI, Stripe, and generic secret formats.
Blocked
Database credentials
postgresql://user:pass@host/db
PostgreSQL, MySQL, MongoDB — anything with credentials embedded.
Blocked
Credit cards
4532 1234 5678 9012
Visa, Mastercard, Amex, Discover — all spacing formats.
Blocked
Private keys
-----BEGIN RSA PRIVATE KEY-----
SSH, PEM, PKCS8 — caught immediately.
Blocked
Government IDs
SSN: 847-39-1234
Social security numbers, passport patterns in 9 languages.
Warning
Environment variables
SECRET_KEY=abc123xyz...
.env files, config patterns, password assignment syntax.

+ JWT tokens, OAuth tokens, shell commands, prompt injection, bearer tokens. Full list →

How it works

Invisible until you need it

Install once. It runs silently. You only see it when you're about to share something you shouldn't.

Step 01

Install

One click from the extension store. No account needed. 30 seconds total.

Step 02

Work normally

ChatGPT, Claude, Gemini — everything works as usual. Kasbah watches for 6 moments: send, paste, upload, edit, browse, download.

Step 03

Get protected

Low risk: silent. Medium: a small heads-up. High risk: a modal shows what was found. You always decide.

Silent

Normal content goes through. You see nothing.

0–39

Toast warning

Borderline content. A small, non-blocking alert.

40–69

Block modal

High-risk. Action stops. You see exactly what was found.

70–100

Full technical explanation →

Questions?

Whether you're a consultant, freelancer, founder, or team — we'd love to hear from you. A human responds within a day.

[email protected] See accuracy & performance →

The full app is coming

Clipboard monitoring, file watching, team audit trail. Drop your email and we'll reach out when it's ready.

No spam. One email when it's ready.

Transparency

How we stay trustworthy

The extension is free. Always.

We don't charge for the browser extension. We make money from professional tools — CLI, VS Code, SDK, API — and enterprise plans with team management and compliance features. The extension's business model is to be the thing you trust, so you upgrade when you need more.

We don't sell data. Ever.

No behavioral profiles. No ad targeting. No brokering. Your content never reaches our servers — detection runs locally in your browser. The only thing we receive (if you opt in) is anonymous performance metrics: detection speed and risk scores, never your actual text.

No crypto. No blockchain. No gimmicks.

Kasbah is a detection engine. It uses regex, entropy scoring, and ML classifiers — proven, auditable techniques. That's it. We removed blockchain integration that was added during early development because it added no value and raised legitimate trust concerns.

Telemetry is opt-in and off by default.

Anonymous usage metrics are disabled until you explicitly enable them in the extension Settings. When enabled, we receive detection speed and risk score numbers — never your content. You can toggle this at any time. Full details in our privacy policy.