Shadow AI and the Copy-Paste Problem

Evidence & Data Points

• Research across enterprise environments found an average of 223 PII paste events per organization per month into unsanctioned AI services. Employees copy customer data, employee records, financial figures, and medical information from business applications and paste them into ChatGPT, Claude, Gemini

Solution

The Solution: How anonym.legal Addresses This Chrome Extension: Browser-Level Interception The anonym.legal Chrome Extension (v1.1.37, Manifest V3) detects PII in AI chat input fields. When a user pastes text containing names, emails, phone numbers, or other PII into ChatGPT or Perplexity, the extension highlights detected entities and offers one-click anonymization. The anonymized text replaces the paste content before the user sends the message. Office Add-in: Document-Level Interception The Office Add-in (v5.23.25) for Microsoft Word enables users to anonymize PII in documents before copying content to AI services. Users can select text, detect PII, and anonymize within Word — then copy the anonymized content to any AI service. This shifts the anonymization step to before the copy

Try Free

Compliance Context

Compliance Mapping This pain point intersects with GDPR Article 5(1)(f) (integrity and confidentiality), GDPR Article 32 (security of processing), and the concept of 'appropriate technical measures.' Network controls alone are insufficient when the data transfer vector operates at the application layer. anonym.legal's GDPR, HIPAA, PCI-DSS, ISO 27001 compliance coverage, combined with Hetzner Germany, ISO 27001 hosting, provides documented technical measures organizations can reference in their compliance documentation.