Overview
Swif’s browser extension uses a combination of local detection and selective LLM (AI) processing to enhance security, automation, and user experience.
LLM capabilities are only used where necessary and are designed to:
Improve detection accuracy
Reduce manual admin work
Provide clearer feedback during workflows
All AI-powered features are controlled by admins and follow strict data minimization principles.
How It Works
The extension primarily relies on local logic for performance and privacy.
LLM is used as a fallback or enhancement layer when:
Local detection is insufficient
Contextual understanding is required
Human-readable output is needed
Key characteristics:
Runs on-demand or once per page load, not continuously
Sends minimal metadata only (no sensitive content)
Can be fully disabled per feature by admins
LLM-Powered Features
Sign-Up Detection
The extension detects sign-up or login flows to enforce policies such as blocking unauthorized account creation.
How it works:
Uses a lightweight snapshot of page structure (e.g., button labels, headings)
No form inputs, screenshots, or user data are collected
Runs once per page load when sign-up blocking is enabled
This improves detection accuracy across different websites without relying on hardcoded rules.
Login Page Detection (Fallback)
Used to identify login pages and trigger features like credential autofill.
How it works:
Most login pages are detected locally with no network calls
LLM is used only as a fallback when detection is uncertain
Sends only page title, URL, and UI labels
This ensures reliable detection while minimizing external processing.
PII Detection & Redaction
Swif detects and protects sensitive data entered into forms on monitored applications.
How it works:
Uses a self-hosted detection engine (Presidio) for PII identification
Automatically redacts detected data before storage (e.g.,
J***)Runs only on form submissions for monitored apps
LLM is not required for core detection but may assist in edge cases.
Team Table Parsing (Provisioning Workflows)
Used during automated user provisioning and deprovisioning.
How it works:
Reads structured pages (e.g., team/member lists in SaaS apps)
Extracts user data for bulk operations
Runs only when an admin initiates a provisioning workflow
This removes the need for manual data entry when managing users across systems.
Error Message Translation
Improves usability during automation workflows.
How it works:
Converts technical errors into clear, user-friendly messages
Local pattern matching is used first
LLM is used only when errors cannot be interpreted locally
This helps admins quickly understand and resolve issues.
Admin Controls
All LLM-powered features can be independently enabled or disabled by administrators.
Admins can control:
Whether AI is used at all
Which features rely on LLM
Where automation is allowed
This ensures alignment with internal security and compliance requirements.
Data Handling & Privacy
Swif is designed to minimize data exposure when using LLM features.
The extension:
Does not send passwords, cookies, or authentication tokens
Does not access browsing history
Does not capture screenshots or full page content
Sends only limited metadata required for the specific task
PII is redacted before storage, and detection primarily runs locally.
Security & Compliance Impact
Using LLM in a controlled manner allows Swif to:
Improve detection of Shadow IT and unauthorized account creation
Automate provisioning and deprovisioning workflows
Reduce human error in identity and access management
Provide audit-friendly, structured outputs
At the same time, strict data controls ensure alignment with compliance requirements such as SOC 2, ISO 27001, and NIST.
Summary
Swif uses LLM selectively to enhance:
Detection accuracy
Automation workflows
Admin usability
While maintaining:
Strong data minimization
Full admin control
Compliance-ready security practices
Most functionality remains local-first, with LLM used only when it adds meaningful value.