Internal note: Notify of changes

10.1 Our approach to AI

Dashlane has used machine learning in its product for years, starting with autofill. The scope has expanded, but the constraints have not changed: AI features must respect Dashlane's zero-knowledge architecture, and user data must never be used to train or fine-tune AI models.

We leverage two categories of AI, which operate under different rules:

• On-device AI runs entirely within the user's browser or device. No data is transmitted to Dashlane servers or third-party AI providers for inference. AI Phishing Alerts and the autofill engine both fall into this category. Our proprietary AI models are distributed as part of the extension; the data never leaves the device.
• Cloud-based AI leverages large language models running inside Dashlane's confidential computing environment (on AWS EC2 Attested instances). This allows AI to process sensitive data while preserving zero-knowledge guarantees.

10.2 AI-powered features in the product

The table below maps each AI-powered feature in the Dashlane product to its AI category and links to the section where its technical implementation is described in detail.

AI-Powered Autofill

Dashlane's autofill engine uses a machine learning model that runs entirely within the browser extension. The model classifies form fields locally, matching them against stored credentials without transmitting any user data to Dashlane servers or third-party providers. The model is trained offline on form data collected by the Dashlane team; no user data is involved at any stage of training.

AI Phishing Alerts

Dashlane's phishing detection runs on-device, analyzing up to 80 visual and behavioral signals per page in real time. No page data or browsing activity is sent to Dashlane or any external provider for training or during inference.

AI Advisor

AI Advisor is a natural-language assistant embedded in the Admin Console for business customers. Dashlane's Confidential AI Engine operates within our Confidential Cloud, processing activity logs inside hardware-isolated AWS EC2 Attested instances. Activity Log data is decrypted, analyzed, and re-encrypted entirely within the enclave; neither Dashlane nor the cloud provider can access it. Data is not retained after the session or used to train models.

Dashlane MCP server

The Dashlane CLI includes an MCP server that exposes audit log data to local AI agents. All inference happens on the operator's machine; no audit log data is transmitted to Dashlane.

10.3 How Dashlane uses AI internally

Customers doing vendor due diligence often ask how a vendor governs its own use of AI. The answer matters because internal AI practices can affect the security of the product and the confidentiality of customer data.

This section describes how Dashlane governs AI usage across the organization, with particular focus on the controls that protect customer data from exposure through internal AI tooling.

10.3.1 Internal AI policy

Dashlane operates under a formal internal AI policy that applies to every employee, regardless of role. Its core requirements are:

• Approved tools only: Employees may use only pre-vetted AI tools for work. The approval process evaluates how the provider handles inputs and outputs, data retention terms, and the nature of data likely to be submitted.
• No customer or personal data in prompts: Customer data, personally identifiable information, and any data covered by Dashlane's Client and User Data Acceptable Use Policy must never be submitted to an AI tool.
• No secrets in prompts: API keys, tokens, passwords, and credentials are explicitly prohibited from AI inputs.
• Human review of all outputs: AI-generated content — code, text, designs — must be reviewed by a human before use, sharing, or deployment. Accountability rests with the employee, not the tool.
• Compliance with the Secure Development Lifecycle: AI-generated code goes through the same security reviews, testing, and quality gates as human-written code.

10.3.2 Securing AI coding tools for engineers

Dashlane rolled out AI coding tools, including Claude Code and MCP integrations, across its entire engineering organization. Given the risk that AI coding tools can exfiltrate secrets or access overly broad internal systems, this rollout was preceded by a formal threat model covering four risk categories: Secret and credential leakage, data leakage through MCP connections, AI agents with excessive permissions, and misconfigured development environments.

The mitigations implemented:

• Dev Container isolation: AI coding tools run inside sandboxed containers on engineers' machines. The container boundary defines and restricts what the AI tool can access: Network endpoints, filesystem, libraries, and credentials. This prevents the tool from reaching sensitive systems outside its defined scope.

• MCP permission audits: Every MCP server connection was audited before rollout. Least-privilege access was applied to each connection.
• Credential isolation: OAuth credentials used by MCP connections are isolated from the agent context via a network forwarding configuration, preventing AI tools from directly accessing authentication tokens.
• Approved tool marketplace: An internal marketplace lists Claude Code tools and skills approved by Dashlane's security team, giving engineers a clear boundary between vetted and unvetted integrations.

10.3.3 Governance beyond engineering

AI coding tools are no longer limited to engineers. To address the risk of non-engineers producing and deploying AI-assisted code without adequate oversight, Dashlane built a four-tier governance framework that applies to all employees.

The framework assigns requirements based on two variables: Who will use the output, and what data it touches.

The governing principle across all tiers: The person who generates, shares, or deploys an AI-assisted artifact is accountable for its content, regardless of whether AI produced it.