How We Approach AI at Dashlane: Innovation with Integrity
As a company that protects the keys to our customers’ digital lives, embracing generative AI hasn’t been a decision we’ve taken lightly. We handle some of the most sensitive assets imaginable—your credentials—and we owe it to every user to proceed with both ambition and caution.
Our approach to AI revolves around three core principles:
- Accelerate innovation in the Dashlane product
- Multiply productivity across the organization
- Do so responsibly and securely
Let’s take a closer look at what this means in practice.
Using AI responsibly and securely
We started our journey with a clear prerequisite: Define a responsible and secure framework for AI adoption.
We knew that excitement around AI could easily lead to "shadow AI"—tools used without visibility or oversight. To prevent this and guide the organization constructively, we published our AI policy internally. Rather than restrict creativity, the goal was to empower teams to explore AI safely and in line with our values.
Core principles from our AI policy
- Only approved tools: Employees may only use pre-vetted AI tools for work, ensuring we understand and trust how data is processed. The approval process considers how inputs and results may be used by the provider, the level of control we have over data retention and deletion, and the nature of the inputs
- No personal data in prompts: Inputs must be minimized and sanitized. Personal or confidential data should never be used.
- Human in the loop: All AI-generated outputs—code, text, designs—must be reviewed by a human. Responsibility remains with the employee.
- Transparency: Teams must clearly document and disclose AI involvement in any internal or customer-facing work.
- Security and access control: Tools must be configured securely. Employees can only use their Dashlane work account to use AI. No personal accounts, no credential sharing.
- Compliance with our Secure Development Lifecycle: Any AI-generated code goes through the same security reviews, tests, and QA processes as human-written code.
- Ethics and sustainability: We require teams to use AI ethically, assess outputs for bias, and avoid wasteful use of resources.
This policy will evolve—just like the technology itself. But it already helps us strike the right balance of guardrails without roadblocks.
Accelerating innovation in our product
AI isn’t new at Dashlane. We’ve long used machine learning to enhance features like autofill. What has changed is how we can now integrate more intelligent systems while still respecting our zero-knowledge foundation.
AI-powered autofill built for privacy
Our autofill engine is powered by local AI models that never send your data to the cloud. We use anonymized and opt-in feedback from employees to improve accuracy, enriched with open specifications like SAWF for semantic form understanding. Labeling is done offline using GenAI, not on user data, and the final model runs entirely in your browser.
That’s how we scale innovation without compromising privacy.
On-device AI phishing detection
Phishing remains one of the most persistent threats. Dashlane’s phishing detection runs in real time, directly in the browser, scanning for 80 visual and behavioral cues—without sending a byte of your data to the cloud.
Our model reacts in under 500 milliseconds to protect users before they even realize a page is suspicious. This isn’t just AI. It’s proactive, privacy-preserving defense.
What we're exploring next
We're building proof of concepts around Dashlane’s Model Context Protocol (MCP), in which AI agents can securely retrieve credentials. But we’re not rushing in for three key reasons:
- Unpredictable outputs from large language models (LLMs) make it risky to fully automate credential handling.
- Prompt injection and context blending (e.g., an LLM that reads your emails to act) introduce new security risks.
- Once a password is exposed to an AI agent, there’s no technical guarantee it won’t be leaked or misused—even unintentionally.
We're also investing in research and development to run LLMs inside confidential computing environments, such as our cloud secure enclave. This would allow AI to interact with sensitive data while preserving Dashlane’s zero-knowledge architecture.
Multiplying our productivity as an organization
AI is also changing how we work—not just what we build. Every team at Dashlane is experimenting with ways AI can streamline their work.
For instance:
- Engineers are benchmarking how to use code copilots to boost velocity.
- Customer support improves knowledge base content using AI-assisted writing.
- Teams translate copy faster and with more context using AI translation tools.
Even this blog post benefitted from AI. I used it to polish the language and make sure it reads well in English, since I’m French and not a native speaker.
In July, we ran an internal hackathon with AI as the central theme. We saw 17 creative projects across departments—from small productivity tests to ambitious product concepts. Not every idea will go to production, but the learning matters.
What we’ve learned: AI is a tool, not a shortcut. It’s great for repetitive, low-risk tasks and for accelerating creativity. But we also need human oversight, skepticism, and intention.
Closing thoughts
Adopting AI at Dashlane has meant asking hard questions and making deliberate choices. But it’s also opening new doors.
We believe responsible AI is not a contradiction—it’s a necessity. And it’s core to our mission of building secure, intuitive tools that help people take control of their digital identity.
As we continue to explore, test, and innovate, one principle remains constant: Security and privacy come first. Always.
Sign up to receive news and updates about Dashlane
