Browser · CLI · IDE · Free · Source available

You typed a secret
into the AI.

blckit intercepts API keys, passwords, PHI, and credentials before they reach any AI — in your browser, your terminal, or your IDE. You keep working normally.

Free. No account. Takes 30 seconds to install.

✓ You're on the list. Install it now:

Download the zip, unzip it, then load it in your browser below.

Install on C Chrome F Firefox E Edge

Live demo — try it

Try pasting something sensitive, or pick an example:

API key Patient record SSN Credit card Clean text

blckit watching

〈API_KEY_1〉 token replaces the real value

〈NAME_1〉 patient name sealed

Wherever you use AI

⬛

Browser

ChatGPT, Claude, Gemini, Copilot, Perplexity, Grok, Slack, Gmail, Teams, WhatsApp, Doximity, Zoom, TigerConnect, Notion — every supported tab, automatically.

⬛

Terminal

Using AI from the command line? blckit wraps any CLI tool. Same detection, same sealed tokens, same audit log — no browser required.

⬛

IDE

Cursor, VS Code, Windsurf. blckit intercepts before your code context reaches the model — at the source, not after the fact.

One token format across every surface. 〈API_KEY_1〉 means the same thing whether it came from your browser, your terminal, or your editor.

How it works

Install and forget

Add blckit to Chrome, Firefox, or Edge. It runs silently in every tab — no setup, no accounts, no configuration required.

Work normally — anywhere you use AI

In the browser: ChatGPT, Claude, Gemini, Copilot, Perplexity, Slack, Gmail, Teams, Doximity, Zoom, and more. In the terminal: any AI CLI tool. In your IDE: Cursor, VS Code, Windsurf. blckit covers the surface — you don't change how you work.

Send — it seals before transmit

When you hit send, blckit intercepts in under 50ms. Detected secrets are replaced with sealed tokens like 〈API_KEY_1〉. The real value never reaches the server.

Every action is logged locally

A tamper-evident Ed25519-signed ledger on your device records every seal. No data leaves your machine. You own the audit trail.

What blckit catches

API Keys

sk-proj-abc123...

→ 〈API_KEY_1〉

AWS Keys

AKIAIOSFODNN7...

→ 〈AWS_KEY_1〉

Passwords

password=hunter2...

→ 〈PASSWORD_1〉

Private Keys

-----BEGIN RSA...

→ 〈PRIVATE_KEY_1〉

JWTs

eyJhbGciOiJIUzI...

→ 〈JWT_1〉

SSN

123-45-6789

→ 〈SSN_1〉

Credit Cards

4111 1111 1111 1111

→ 〈CREDIT_CARD_1〉

Patient Records

MRN 12345 dob 1/1/70

→ 〈MRN_1〉〈DOB_1〉

Crypto Wallets

0x71C7656EC7ab...

→ 〈CRYPTO_1〉

Connection Strings

postgres://user:pass@...

→ 〈PASSWORD_1〉

IBAN / Routing

routing 021000021

→ 〈ROUTING_1〉

Passport / DL

passport: A12345678

→ 〈PASSPORT_1〉

How we built it

Zero cloud

Detection runs locally in the extension. Nothing is sent to our servers — because we don't have any in your data path.

Source available

The entire extension is readable on GitHub. Inspect what it does before you install it. Security tools that hide their code are the threat.

AES-256-GCM sealing

Tokens are encrypted with a key that never leaves your device. Your browser is the only place that can unseal them.

Signed audit ledger

Every seal is recorded in an Ed25519-signed, hash-chained local ledger. Tamper-evident proof that protection happened.

50ms intercept

Detection runs before your send completes. Under 50ms round-trip. You won't notice it.

One undo

After auto-seal, a 10-second toast lets you undo if blckit caught something that wasn't actually sensitive.

Every tier, every surface

Free

Browser extension — Chrome, Firefox, Edge
CLI tool — wraps any AI from the terminal
IDE integration — Cursor, VS Code, Windsurf
27 detection types, tamper-evident audit ledger
Source available — inspect before you install

Pro

Shield mode — arm every send in a session with one keystroke
Visual PHI redaction on screenshots and images before sharing
Echo and ultrasound clip scrubbing — PHI banner removed frame-zero
Extended audit export for personal compliance records

Clinical HIPAA

Zero-knowledge NanoTDF envelopes — sealed letters only the recipient can open
2FA key delivery with signed authorization records: "Dr. Jones read this at 9:47am"
Clinical NER — catches bare patient names, shorthand, and informal identifiers regex misses
DICOM de-identification for radiology files
MDM deployment package, org compliance dashboard, SIEM export
HIPAA BAA included

Talk to us → hello@blckit.co

You typed a secretinto the AI.