Skip to main content

Chrome Extension Setup

The Containment.AI browser extension (Chrome and Firefox, Manifest V3) is the core component that enforces your organization's policies on prompts sent to supported AI chat surfaces. This guide covers installation, configuration, and troubleshooting.

Overview

The Chrome extension:

  • Monitors what users type and paste into supported AI chat surfaces in real-time
  • Sends the prompt text over an encrypted (TLS) connection to Containment.AI's policy-check service, which returns an allow/block decision before the prompt reaches the AI provider
  • Retains only violation alert metadata (policy name, severity, violation message, and the matched term/pattern) for your organization's audit log — the full prompt is not stored
  • Provides instant feedback when policies are triggered

Installation Methods

Manual Installation

For individual users or small teams:

  1. Open the Containment AI listing on the Chrome Web Store
  2. Click Add to Chrome
  3. Confirm by clicking Add extension
  4. Click the extension icon and sign in with your work email
note

The extension is published on the Chrome Web Store as Containment AI (extension ID cfliledfjcblpjkeiokhhdadfcpekiog).

MDM Deployment

For enterprise-wide deployment, push the extension via your MDM. Force-install requires Chrome 114 or later (Manifest V3).

The extension ID is cfliledfjcblpjkeiokhhdadfcpekiog. Use it in the examples below.

Microsoft Intune

{
"ExtensionInstallForcelist": [
"cfliledfjcblpjkeiokhhdadfcpekiog;https://clients2.google.com/service/update2/crx"
]
}

Jamf Pro

  1. Create a new Configuration Profile
  2. Add Chrome extension policy
  3. Set Extension ID to cfliledfjcblpjkeiokhhdadfcpekiog and update URL to https://clients2.google.com/service/update2/crx
  4. Deploy to target computers

Google Workspace Admin

  1. Go to Admin Console > Devices > Chrome > Apps & Extensions
  2. Add by extension ID cfliledfjcblpjkeiokhhdadfcpekiog
  3. Select Force Install
  4. Apply to relevant organizational units

See MDM Integration for detailed instructions for each provider.

Configuration

Automatic Configuration

When you sign in to the extension:

  • It automatically connects to your organization
  • Policies are synced from your dashboard
  • Updates apply in real-time

Organization ID

For MDM deployments, configure the organization ID via managed storage so devices enroll with zero touch:

{
"orgId": "your-org-id-here"
}

Find your Organization ID in Settings > Account > Organization Details.

Fail-Closed Behavior

The extension defaults to fail-closed: if the policy-check service is unreachable or the extension is unauthenticated or misconfigured, submissions are blocked rather than permitted. Administrators can change this with the failPolicy managed-storage key ("closed" is the default and recommended for regulated environments; "open" allows submissions when the service is unreachable for a lower-friction experience).

How It Works

Policy Enforcement

When you interact with a supported AI chat surface:

  1. Input Monitoring - The extension captures the prompt text you type or paste on submit
  2. Policy Evaluation - The prompt text is sent over TLS to Containment.AI's policy-check service, which evaluates it against your organization's active policies
  3. Action Taken - The service returns a decision before the prompt reaches the AI provider:
    • Block: Prevents submission, shows warning
    • Detect: Records the event and creates an alert
    • Redact: Masks sensitive content before sending

Supported Platforms

The extension works with these AI chat surfaces:

  • ChatGPT (chat.openai.com, chatgpt.com)
  • Claude (claude.ai)
  • Google Gemini (gemini.google.com)
  • Microsoft Copilot (copilot.microsoft.com)
  • Grok (grok.com)
note

Additional internal or enterprise LLM front-ends can be added by administrators via the allowedDomains managed-storage key.

Data Privacy

How prompt content is handled:

  • On submit, the prompt text is sent over an encrypted (TLS) connection to Containment.AI's policy-check service solely to evaluate it against your policies
  • The policy check does not store the full prompt — only violation alert metadata (policy name, severity, violation message, and the matched term/pattern) is retained for your organization's audit log
  • Prompt content is never sold or shared with advertisers or data brokers
  • Sessions are stored in chrome.storage.local on each device and are not synced across devices
  • The default policy-check endpoint is https://proxy.containment.ai; enterprises can override it (for example, for on-prem or sovereign-cloud deployments) via the proxyUrl managed-storage key

Extension Interface

Click the extension icon to see:

  • Connection Status - Green = connected, Red = disconnected
  • Recent Alerts - Last few policy triggers
  • Quick Actions - Report issue, view settings

Notification Badge

The icon shows a badge when:

  • 🔴 Red number - Blocked actions count
  • 🟡 Yellow number - Detections count
  • ✅ Green check - All clear, protection active

Troubleshooting

Extension Not Working

Symptoms: No policy enforcement, no alerts

Solutions:

  1. Click the extension icon to check connection status
  2. Ensure you're signed in with your work email
  3. Try clicking "Reconnect" in the popup
  4. Disable and re-enable the extension
  5. Check that the site isn't in your browser's restricted list

Policy Not Triggering

Symptoms: Expected violations not detected

Solutions:

  1. Verify the policy is enabled in the dashboard
  2. Check the policy applies to the AI platform you're using
  3. Review policy sensitivity settings
  4. Test with the exact pattern the policy is designed to catch

Slow Performance

Symptoms: Lag when typing in AI platforms

Solutions:

  1. Check for conflicting extensions
  2. Clear browser cache
  3. Ensure you have the latest extension version
  4. Contact support if issue persists

Sign-In Issues

Symptoms: Can't sign in to extension

Solutions:

  1. Ensure you're using your work email
  2. Check your email domain is registered
  3. Try signing in through the dashboard first
  4. Clear extension data and retry

Updates

The extension updates automatically through Chrome. To manually check:

  1. Go to chrome://extensions
  2. Enable Developer Mode
  3. Click Update

Uninstalling

To remove the extension:

  1. Right-click the extension icon
  2. Select Remove from Chrome
  3. Confirm removal
warning

Uninstalling the extension removes protection from that device. For MDM-managed extensions, users may not be able to uninstall.

Security

Permissions Explained

The extension requires these permissions:

PermissionPurpose
activeTab / host access to supported AI sitesCapture prompt text on supported AI chat surfaces to enforce policies
storageSave preferences and session data locally
tabsDetect active AI chat surfaces
alarmsSchedule periodic policy and session refresh

Host permissions are limited to Containment.AI infrastructure (*.containment.ai, *.supabase.co, *.containment-ai-account.workers.dev) and product analytics (us.i.posthog.com), in addition to the supported AI chat surfaces.

Code Security

  • Extension code is reviewed for security
  • Updates go through a security review process
  • Product analytics are collected via PostHog; prompt content is never sold or shared with advertisers or data brokers

Support

If you encounter issues:

  1. Check this documentation
  2. Review the Troubleshooting section
  3. Contact support@containment.ai