Mastercard

Mentorship Program Mentee

September 2025 – Present | Remote

View PromptShield on Chrome Web Store
PromptShield detecting sensitive data in ChatGPT

Mentored by an experienced Mastercard security engineer, I developed PromptShield, a privacy-focused Chrome Extension designed to block sensitive data from being accidentally submitted to LLMs like ChatGPT. I implemented real-time scanning using JavaScript/TypeScript to detect credit cards (validated via the Luhn algorithm), SSNs, API keys, and plaintext passwords before submission. The extension features a non-intrusive UI overlay utilizing HTML/CSS to warn users of detected risks, offering options to manually edit or automatically redact sensitive information. It was engineered to run 100% locally within the browser, ensuring zero data collection, transmission, or external analytics for maximum user privacy, and was successfully deployed and published to the Google Chrome Web Store.

How It Works

PromptShield monitors the text you type into LLM chatboxes like ChatGPT in real-time. When it detects sensitive information—such as credit card numbers, Social Security numbers, email addresses, phone numbers, or API keys—it intercepts the submission and displays a warning overlay. Users can then choose to go back and edit their message or remove the sensitive data and send it safely.

PromptShield detecting multiple types of sensitive data including SSN, credit card, email, phone, and API keys

Detecting 5 types of sensitive data at once

PromptShield detecting a single credit card number

Detecting a single piece of sensitive data (credit card number)

Why It Matters

As LLMs like ChatGPT become part of everyday workflows, a growing number of people are unknowingly pasting sensitive information—credit card numbers, Social Security numbers, passwords, and API keys—directly into AI chatboxes. This data can be stored, logged, or even leaked in future breaches, posing a serious privacy risk.

This isn't just a hypothetical concern. In January 2026, CISA reported that government employees were pasting sensitive data into ChatGPT, highlighting how widespread this issue has become—even within organizations with strict data handling policies.

Older and less tech-savvy users are particularly at risk, as they may not fully understand how LLMs store and process data. PromptShield was built to address this gap—acting as a safety net that runs entirely in the browser, catching sensitive data before it ever leaves the user's machine.