Skip to content
CASE STUDY/02·OBSCURA · FOSSSHIPPED 2025 · v2.1.0 · MIT

“PII redaction that never leaves the client.”

★ FOSS · LOCAL-FIRST

AAL's open-source PII redaction tool for ChatGPT prompts. 100% local, 56+ entity types, zero bytes to the wire. Built in a Forge sprint, released under MIT. Proof that Forge ships FOSS clients adopt before paying for the SaaS.

BYTES LEAKED0
ENTITY TYPES56+
EXECUTION100% Local
LICENSEMIT
TIME TO RELEASE4 Weeks
02 · THE BRIEF

Solve PII before ChatGPT does.

Every client worried about the same thing: teams already pasting customer data, contract clauses, and internal numbers into ChatGPT. Compliance had memos, legal had policies, nothing stopped it — opening a separate tool was more friction than the perceived risk. Obscura redacts before the prompt leaves the browser, not after a quarterly audit catches it.

03 · SCOPE
Detection engine✓ INCLUDED
Browser extension✓ INCLUDED
Entity library (56+)✓ INCLUDED
Public GitHub release◐ LIVE
04 · HOW IT SHIPPED

Four weeks. Open by week five.

01 · SCOPEWEEK 1

Pick the entity library.

NER baselines plus regex for what NER misses at scale (emails, IBANs, license plates, project codenames). Settled on 56 entity types covering 95% of what clients flagged as “do not send.” Local-first, non-negotiable.

02 · BUILDWEEKS 2–3

Browser-side, no network.

WASM detection model running entirely in-browser. Prompt intercepted, redacted, sent — zero round-trips. An inline overlay shows what's protected. Built as an extension because an SDK clients had to integrate would have killed adoption.

03 · HARDENWEEK 4

Audit, document, ship under MIT.

Security pass on the manifest permissions. Removed every analytics call. README written for a security team to vet before install. Released to GitHub under MIT with a single-binary install script.

04 · COMPOUNDWEEK 5 → ONGOING

Open-source release, paid SaaS to follow.

Public on GitHub, adopted internally by three agency clients in the first month. The SaaS version — central policies, audit logs, fleet management — is the natural Forge follow-up: same engine, different distribution.

CLIENT QUOTE
“We needed our team to stop pasting customer data into ChatGPT without deploying yet another security tool. Obscura solved it where the problem happens: the browser, not a policy doc.”
FOSS
Engineering Lead
AGENCY CLIENT · EMEA
BUILT WITH
BunWebAssemblyBrowser extension APIRegex + NERGitHub ReleasesMIT
05 · WANT A TOOL LIKE THIS?

Brief a Forge build.

Forge ships custom SaaS for clients — and the FOSS that earns trust first. Two-sentence intake, 24-hour response.

TYPICAL BUILD4–12 weeks
OPEN SLOTS · Q32 of 4