Chrome Extension Setup
The Containment.AI browser extension (Chrome and Firefox, Manifest V3) is the core component that enforces your organization's policies on prompts sent to supported AI chat surfaces. This guide covers installation, configuration, and troubleshooting.
Overview
The Chrome extension:
- Monitors what users type and paste into supported AI chat surfaces in real-time
- Sends the prompt text over an encrypted (TLS) connection to Containment.AI's policy-check service, which returns an allow/block decision before the prompt reaches the AI provider
- Retains only violation alert metadata (policy name, severity, violation message, and the matched term/pattern) for your organization's audit log — the full prompt is not stored
- Provides instant feedback when policies are triggered
Installation Methods
Manual Installation
For individual users or small teams:
- Open the Containment AI listing on the Chrome Web Store
- Click Add to Chrome
- Confirm by clicking Add extension
- Click the extension icon and sign in with your work email
The extension is published on the Chrome Web Store as Containment AI (extension ID cfliledfjcblpjkeiokhhdadfcpekiog).
MDM Deployment
For enterprise-wide deployment, push the extension via your MDM. Force-install requires Chrome 114 or later (Manifest V3).
The extension ID is cfliledfjcblpjkeiokhhdadfcpekiog. Use it in the examples below.
Microsoft Intune
{
"ExtensionInstallForcelist": [
"cfliledfjcblpjkeiokhhdadfcpekiog;https://clients2.google.com/service/update2/crx"
]
}
Jamf Pro
- Create a new Configuration Profile
- Add Chrome extension policy
- Set Extension ID to
cfliledfjcblpjkeiokhhdadfcpekiogand update URL tohttps://clients2.google.com/service/update2/crx - Deploy to target computers
Google Workspace Admin
- Go to Admin Console > Devices > Chrome > Apps & Extensions
- Add by extension ID
cfliledfjcblpjkeiokhhdadfcpekiog - Select Force Install
- Apply to relevant organizational units
See MDM Integration for detailed instructions for each provider.
Configuration
Automatic Configuration
When you sign in to the extension:
- It automatically connects to your organization
- Policies are synced from your dashboard
- Updates apply in real-time
Organization ID
For MDM deployments, configure the organization ID via managed storage so devices enroll with zero touch:
{
"orgId": "your-org-id-here"
}
Find your Organization ID in Settings > Account > Organization Details.
Fail-Closed Behavior
The extension defaults to fail-closed: if the policy-check service is unreachable or the extension is unauthenticated or misconfigured, submissions are blocked rather than permitted. Administrators can change this with the failPolicy managed-storage key ("closed" is the default and recommended for regulated environments; "open" allows submissions when the service is unreachable for a lower-friction experience).
How It Works
Policy Enforcement
When you interact with a supported AI chat surface:
- Input Monitoring - The extension captures the prompt text you type or paste on submit
- Policy Evaluation - The prompt text is sent over TLS to Containment.AI's policy-check service, which evaluates it against your organization's active policies
- Action Taken - The service returns a decision before the prompt reaches the AI provider:
- Block: Prevents submission, shows warning
- Detect: Records the event and creates an alert
- Redact: Masks sensitive content before sending
Supported Platforms
The extension works with these AI chat surfaces:
- ChatGPT (chat.openai.com, chatgpt.com)
- Claude (claude.ai)
- Google Gemini (gemini.google.com)
- Microsoft Copilot (copilot.microsoft.com)
- Grok (grok.com)
Additional internal or enterprise LLM front-ends can be added by administrators via the allowedDomains managed-storage key.
Data Privacy
How prompt content is handled:
- On submit, the prompt text is sent over an encrypted (TLS) connection to Containment.AI's policy-check service solely to evaluate it against your policies
- The policy check does not store the full prompt — only violation alert metadata (policy name, severity, violation message, and the matched term/pattern) is retained for your organization's audit log
- Prompt content is never sold or shared with advertisers or data brokers
- Sessions are stored in
chrome.storage.localon each device and are not synced across devices - The default policy-check endpoint is
https://proxy.containment.ai; enterprises can override it (for example, for on-prem or sovereign-cloud deployments) via theproxyUrlmanaged-storage key
Extension Interface
Popup Menu
Click the extension icon to see:
- Connection Status - Green = connected, Red = disconnected
- Recent Alerts - Last few policy triggers
- Quick Actions - Report issue, view settings
Notification Badge
The icon shows a badge when:
- 🔴 Red number - Blocked actions count
- 🟡 Yellow number - Detections count
- ✅ Green check - All clear, protection active
Troubleshooting
Extension Not Working
Symptoms: No policy enforcement, no alerts
Solutions:
- Click the extension icon to check connection status
- Ensure you're signed in with your work email
- Try clicking "Reconnect" in the popup
- Disable and re-enable the extension
- Check that the site isn't in your browser's restricted list
Policy Not Triggering
Symptoms: Expected violations not detected
Solutions:
- Verify the policy is enabled in the dashboard
- Check the policy applies to the AI platform you're using
- Review policy sensitivity settings
- Test with the exact pattern the policy is designed to catch
Slow Performance
Symptoms: Lag when typing in AI platforms
Solutions:
- Check for conflicting extensions
- Clear browser cache
- Ensure you have the latest extension version
- Contact support if issue persists
Sign-In Issues
Symptoms: Can't sign in to extension
Solutions:
- Ensure you're using your work email
- Check your email domain is registered
- Try signing in through the dashboard first
- Clear extension data and retry
Updates
The extension updates automatically through Chrome. To manually check:
- Go to
chrome://extensions - Enable Developer Mode
- Click Update
Uninstalling
To remove the extension:
- Right-click the extension icon
- Select Remove from Chrome
- Confirm removal
Uninstalling the extension removes protection from that device. For MDM-managed extensions, users may not be able to uninstall.
Security
Permissions Explained
The extension requires these permissions:
| Permission | Purpose |
|---|---|
activeTab / host access to supported AI sites | Capture prompt text on supported AI chat surfaces to enforce policies |
storage | Save preferences and session data locally |
tabs | Detect active AI chat surfaces |
alarms | Schedule periodic policy and session refresh |
Host permissions are limited to Containment.AI infrastructure (*.containment.ai, *.supabase.co, *.containment-ai-account.workers.dev) and product analytics (us.i.posthog.com), in addition to the supported AI chat surfaces.
Code Security
- Extension code is reviewed for security
- Updates go through a security review process
- Product analytics are collected via PostHog; prompt content is never sold or shared with advertisers or data brokers
Support
If you encounter issues:
- Check this documentation
- Review the Troubleshooting section
- Contact support@containment.ai