Documentation: Notmining AI Shield

1. Introduction

Notmining AI Shield is a browser extension designed to act as a Data Loss Prevention (DLP) tool in corporate environments. It passively monitors employee interactions with Artificial Intelligence platforms (such as ChatGPT, Claude, Copilot, etc.) and blocks the leakage of sensitive data like SSNs, credit cards, passwords, or custom regular expressions.

2. Key Blocking Features

The extension operates at the browser layer and applies multiple restrictions to ensure information does not leave the endpoint:

Clipboard Analysis (Paste): Instantly blocks copying and pasting of sensitive data, preventing the user from massively inputting protected information into the AI chat.
PowerShell / Terminal Anti-Copy: Detects and blocks copying and pasting of terminal commands, scripts, or execution traces that could reveal network structure or internal configurations.
File Upload Blocking: Prevents the reading of confidential files that the user attempts to drag & drop or attach by clicking into the AI chat.
Multi-tab Monitoring: Continuously protects all active tabs that match the target domains configured by the administrator.

Notmining AI Shield user panel Configuration panel visible to the end user.

Notmining AI Shield block alert Alert displayed to the user when a data leak attempt is blocked.

3. Installation in Developer Mode (ZIP)

To test the extension locally or in controlled environments before GPO deployment, you can install it manually by loading the ZIP file:

Download the notmining-ai-shield.zip file provided by our team.
Extract the file into a secure folder on your computer.
Open Google Chrome and navigate to chrome://extensions/.
Enable Developer mode (toggle in the top right corner).
Click Load unpacked and select the folder where you extracted the files.
The extension will appear installed and ready to use.

4. Configuration and GPO Deployment

For Enterprise environments, the extension is centrally managed via Windows Group Policy Objects (GPO) using the schema.json file.

⚠️

Warning: It is currently recommended NOT to distribute the extension via GPO by installing it from a local .crx or .zip file. We recommend waiting until the extension is published and approved in the Chrome Web Store. Distributing the official store ID via GPO will ensure that all endpoints receive transparent automatic security updates from Notmining.

Liability Disclaimer: The configuration and implementation of Group Policy Objects (GPO) described in this documentation have a direct impact on the behavior of corporate browsers and endpoints. It is the sole responsibility of the system administrator to thoroughly review the policies and conduct testing in pre-production environments before general deployment. Notmining is not liable for potential data loss, service interruptions, accidental blocks, or any other consequences resulting from the misconfiguration of these policies in production environments.

Administrators can enforce the configuration of:

Target Domains (customDomains): URLs where the extension will be active. The administrator can freely add or remove domains (e.g., chatgpt.com, claude.ai). It also allows setting specific path restrictions (e.g., m365.cloud.microsoft/chat) to limit action only to those areas and leave the rest of the domain as an exception.
SIEM Webhook (siemWebhookUrl): The endpoint URL (Collector) where logs will be sent.
Log Format (logFormat): The standard format the SIEM expects (CEF, LEEF, Syslog, CSV, JSON).
User Identifier (endpointIdentifier): Username, email, or hostname (e.g., jdoe-laptop) to identify who triggered the alert. The extension also auto-generates a unique UUID per device (device_id) for tracking.
Encryption Key (siemEncryptionKey): Shared secret or password used for AES-256-GCM encryption of the payload before sending it to the SIEM.
Justification Bypass (allowBypass): Allows specific user groups to temporarily bypass a DLP block (60 seconds) by providing a written justification, which will be audited.
Custom Regular Expressions (customRegexes): Allows injecting custom detection rules (e.g., medical record numbers, internal invoice formats).

GPO Configuration Example (Windows Registry)

To distribute these policies to domain computers, you can import the configuration directly into the Windows Registry under the Chrome policies path:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\3rdparty\extensions\EXTENSION_ID\policy]
"customDomains"="[\"chatgpt.com\", \"claude.ai\", \"m365.cloud.microsoft/chat\"]"
"siemWebhookUrl"="https://siem.mydomain.local:8088/services/collector"
"logFormat"="JSON"
"siemEncryptionKey"="M1_S3cr3t_K3y_S0C"
"allowBypass"=dword:00000001
"endpointIdentifier"="LAPTOP-%USERNAME%"
"customRegexes"="[{\"name\": \"Medical Record\", \"pattern\": \"EXP-\\\\d{6}\", \"active\": true}]"

Note: All this configuration can also be set manually from the Admin Panel inside the extension itself (password protected), although forcing these values via GPO is highly recommended for corporate environments.

Security Note: It is recommended that administrators disable Incognito/InPrivate mode via GPO to prevent users from evading the DLP.

Notmining AI Shield admin panel Manual configuration panel for administrators.

5. SIEM Integration and Log Forwarding

Notmining AI Shield is designed to integrate natively with major market SIEMs (Splunk, QRadar, ArcSight, Microsoft Sentinel, etc.). The integration is done via direct HTTP/HTTPS pushes from the user's browser to the SIEM collector, without the need for intermediate servers.

Integration Steps:

Enable an HTTP Collector on the SIEM: Configure your SIEM to receive events via HTTP/HTTPS. For example, enable an HTTP Event Collector (HEC) in Splunk, or an HTTP Receiver in QRadar. Make sure to get the endpoint URL and, if required, the authentication token (which can be included in the URL itself).
Configure the Extension via GPO: In the schema.json file or the admin panel, set the webhookUrl policy to your collector's address (e.g., https://siem.mydomain.local:8088/services/collector).
Select the Log Format: Set the logFormat policy to the format your SIEM expects (JSON, CEF, LEEF, Syslog, or CSV).
Data Reception: Every time the extension blocks or audits a data leak attempt, it will automatically send a POST request to the configured URL with the formatted log.

Supported Formats and Payload Examples

Depending on the chosen format, the POST request payload will vary to fit your SIEM's ingestion standards. Here is an example of what a block event for detecting an SSN would look like in JSON format:

{
  "timestamp": "2026-04-23T10:30:00Z",
  "action": "blocked",
  "url": "chatgpt.com",
  "matchedRule": "National ID (DNI/NIE/SSN)",
  "matchedContent": "[ENCRYPTED_PAYLOAD]",
  "userJustification": ""
}

And the same event structured in CEF (ArcSight) format:

CEF:0|Notmining|AI Shield|1.2.0|DLP_BLOCK|DLP Policy Violation|7|act=blocked request=chatgpt.com msg=National ID (DNI/NIE/SSN) cs1Label=EncryptedContent cs1={"encrypted":true,"algorithm":"AES-256-GCM","iv":"...","ciphertext":"..."}

Wazuh Integration

Wazuh does not have a native "HTTP Webhook Receiver" open by default for ingesting arbitrary logs (its REST API is primarily used for management and querying, not for massive single-event ingestion). Furthermore, it is not feasible for the agent to read Chrome's internal database (LevelDB) due to browser process lock restrictions.

Therefore, the officially supported and recommended method in Wazuh environments is to deploy a simple Python script (or tools like Logstash/Fluentd) acting as an intermediate server: it will receive the HTTP webhook from the extension in real-time, decrypt the content (using your key), and write it cleanly to a standard local text file (e.g., /var/log/notmining_dlp.log) that the Wazuh agent can easily ingest via <localfile>.

1. Receiver Script (Python):

from flask import Flask, request
import json
import logging
import base64
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from flask_cors import CORS

app = Flask(__name__)
CORS(app) # Allow Cross-Origin requests from the Chrome extension

# Configure the local log file for Wazuh
logging.basicConfig(filename='/var/log/notmining_dlp.log', level=logging.INFO, format='%(message)s')

# Must match the "siemEncryptionKey" set in GPO / Extension
SHARED_SECRET = "MiSuperPassword123"

# Token to prevent fake log injection. Must match "siemAuthHeader"
EXPECTED_AUTH_HEADER = "Bearer mi_token_secreto"

def decrypt_payload(encrypted_obj, password):
    try:
        kdf = PBKDF2HMAC(
            algorithm=hashes.SHA256(),
            length=32,
            salt=b'notmining_salt',
            iterations=100000,
        )
        key = kdf.derive(password.encode())
        aesgcm = AESGCM(key)
        
        iv = base64.b64decode(encrypted_obj['iv'])
        ciphertext = base64.b64decode(encrypted_obj['ciphertext'])
        
        decrypted_data = aesgcm.decrypt(iv, ciphertext, None)
        return decrypted_data.decode('utf-8')
    except Exception as e:
        return f"[DECRYPTION_FAILED] {str(e)}"

@app.route('/webhook', methods=['POST'])
def siem_webhook():
    # Verify authentication
    auth_header = request.headers.get('Authorization', '')
    if auth_header != EXPECTED_AUTH_HEADER:
        return {"error": "Unauthorized", "message": "Invalid token"}, 401

    data = request.json
    
    # If the extension sent the entire payload encrypted
    if data and isinstance(data, dict) and data.get('encrypted'):
        decrypted_str = decrypt_payload(data, SHARED_SECRET)
        try:
            data = json.loads(decrypted_str)
        except:
            data = {"error": "Invalid JSON after decryption", "raw": decrypted_str}
            
    # Write the event to the local file for Wazuh
    logging.info(json.dumps(data))
    return {"status": "success"}, 200

if __name__ == '__main__':
    # SECURITY NOTE: By default, it listens on 127.0.0.1 (localhost) to avoid exposing
    # the port on all network interfaces, which is insecure.
    # If you need to receive logs from other machines, change this to '0.0.0.0', but
    # make sure to restrict access to port 8088 using a firewall (iptables/ufw).
    app.run(host='127.0.0.1', port=8088)

2. Wazuh Agent Configuration (ossec.conf):

Add the following block to the configuration of the Wazuh agent running on the same server as the Python script:

<localfile>
  <log_format>json</log_format>
  <location>/var/log/notmining_dlp.log</location>
</localfile>

End-to-End (E2E) Encryption and Internal Networks

The security of logs in transit is a priority:

E2E Encryption: The intercepted content (the text the user tried to send to the AI) travels encrypted within the payload. Even if the traffic is intercepted, the actual sensitive data remains obfuscated.
Transport Flexibility: Although using HTTPS for the SIEM Webhook is highly recommended, the extension allows plain HTTP. This is specifically designed for corporate environments where traffic is routed through an internal VPN or trusted segmented networks, reducing the overhead of SSL certificate management on internal collectors without compromising data security (thanks to the E2E payload encryption).

6. Bypass Auditing ("Justification Mode")

When the allowBypass policy is active, users who are blocked will see a "I need to send this" button on the main alert.

Bypass Button in Notmining AI Shield The user can request a temporary exception if their use case is legitimate.

If they choose to use it, they will be required to explain why they need to send the data (e.g., "It is open-source source code").

Bypass Justification Form Form where the employee writes the justification for the cybersecurity team.

Upon confirming, the extension pauses blocking for 60 seconds. Immediately, an event is sent to the SIEM with action: "bypassed" and the justification field populated, allowing the SOC team to audit the action retroactively and detect potential trust abuse.