The latest articles on DEV Community by BloodAndCode (@bloodandcode). https://dev.to/bloodandcode https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3817471%2F2e1d3d89-5be5-4445-b9bc-cf23c484f650.png https://dev.to/bloodandcode en BloodAndCode Tue, 10 Mar 2026 20:36:13 +0000 https://dev.to/bloodandcode/i-almost-leaked-an-api-key-into-chatgpt-so-i-built-a-chrome-extension-1mhm https://dev.to/bloodandcode/i-almost-leaked-an-api-key-into-chatgpt-so-i-built-a-chrome-extension-1mhm <p>I use AI chats a lot when coding and analyzing logs.</p> <p>A few days ago I almost pasted a real <strong>API key</strong> into ChatGPT while sharing some logs.</p> <p>I noticed it just before sending.</p> <p>But it made me realize something:</p> <blockquote> <p>It's extremely easy to accidentally leak sensitive data when using AI chats.</p> </blockquote> <p>So I built a small Chrome extension called <strong>PasteSafe</strong>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F58ekbn2kkmmrb6i4lq35.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F58ekbn2kkmmrb6i4lq35.gif" alt=" "></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyxa57s909ncf8lclipu9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyxa57s909ncf8lclipu9.png" alt=" "></a></p> <h2> What it does </h2> <p>When you paste text into AI chats, it scans the content and detects things like:</p> <ul> <li>API keys </li> <li>emails </li> <li>phone numbers </li> <li>IBAN </li> <li>UUID </li> <li>URLs </li> </ul> <p>If something sensitive is detected, it automatically <strong>masks the values before sending</strong>.</p> <p>Example:<br> API_KEY → [API_KEY#1]</p> <h2> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcs692ol5ntkn66m5g6mh.png" alt=" "> </h2> <h2> Works with </h2> <ul> <li>ChatGPT </li> <li>Claude </li> <li>Gemini </li> </ul> <h2> Privacy first </h2> <p>Everything runs <strong>locally in the browser</strong>.</p> <ul> <li>no servers </li> <li>no tracking </li> <li>no data collection </li> </ul> <h2> Small update: </h2> <p>The extension just got approved in the Chrome Web Store.</p> <p> </p> <div class="crayons-card c-embed text-styles text-styles--secondary"> <div class="c-embed__content"> <div class="c-embed__cover"> <a href="https://chromewebstore.google.com/detail/pastesafe-%E2%80%94-ai-paste-sani/gpoiombmmaegnfijmcelgbkfbkelgdih" class="c-link align-middle" rel="noopener noreferrer"> <img alt="" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Flh3.googleusercontent.com%2FtFJbq-c9v3E1hnJISdwrDVatzysvlzXXimpsNKOpCesBJrP325GJ2Oe2BDK2AUPwlaTrvzUM48JQbBXWBmPtK85f0XY%3Ds128-rj-sc0x00ffffff" height="auto" class="m-0"> </a> </div> <div class="c-embed__body"> <h2 class="fs-xl lh-tight"> <a href="https://chromewebstore.google.com/detail/pastesafe-%E2%80%94-ai-paste-sani/gpoiombmmaegnfijmcelgbkfbkelgdih" rel="noopener noreferrer" class="c-link"> PasteSafe — AI Paste Sanitizer - Chrome Web Store </a> </h2> <p class="truncate-at-3"> Protects API keys, emails and sensitive data when pasting into ChatGPT, Claude and Gemini. Detects and masks sensitive data. </p> <div class="color-secondary fs-s flex items-center"> <img alt="favicon" class="c-embed__favicon m-0 mr-2 radius-0" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fssl.gstatic.com%2Fchrome%2Fwebstore%2Fimages%2Ficon_48px.png"> chromewebstore.google.com </div> </div> </div> </div> <p>If anyone wants to try it with real prompts or logs and share feedback, I'd really appreciate it.</p> <p>GitHub repo:<br><br> <a href="https://github.com/pastsafe-ext/pastesafe" rel="noopener noreferrer">https://github.com/pastsafe-ext/pastesafe</a></p> <p>Curious:</p> <p><strong>Have you ever accidentally pasted something sensitive into an AI chat?</strong></p> ai chatgpt security webdev