Bring Your Own Model (Early Access)
11 min
maro's browser extension uses a language model (llm) to spot risky activity in real time — catching sensitive data before it leaves the browser and classifying how people use the apps they work in by default, maro will try to run using local models for ultimate privacy however, in some cases, the hardware is not ai capable and the organization may want to use a trusted llm provider they have a contract with as a fallback in this case, maro will securely proxy any policy validation requests to the configured provider of your choice detection settings is where you choose which llm the extension uses to do that work for everyone in your organization you'll find it under organization → detection settings detection settings control the engine behind detection — the model that reads activity and decides whether a rule was triggered they don't change what you watch for or what happens when a rule fires; that's defined in your policies docid\ swafagwiqwgzevhazm im two ways to run detection there are two modes by default, organizations use the first one mode what it means when to use it use extension settings (default) each user's extension picks its own local model — for example gemini nano running directly in the browser no api key, no setup the default, and the right choice for most organizations detection runs on device and nothing leaves the user's machine use my llm (remote) the extension routes detection requests through an llm provider you configure here — anthropic, openai, or any openai compatible endpoint for machines that can't run a local model, or when you want every user on one consistent, centrally managed model use extension settings (the default) when this mode is selected, every user's extension chooses its own local llm this is the simplest option — there's nothing to configure and no api key to manage because detection happens on device, activity content is evaluated locally rather than sent to an outside provider this is the recommended default only switch to use my llm if you have a specific reason to use my llm (remote) choose this when local, on device models aren't an option — for example on locked down or older machines that can't run a browser embedded model — or when you want to guarantee that everyone in the org runs detection on the exact same model when you select use my llm , the extension stops using each user's local model and instead sends detection requests to the provider you configure below configuring a remote provider these fields appear only when use my llm is selected all of them are needed before you can save provider the llm service that will handle detection requests anthropic — claude models openai — gpt models openai compatible — any endpoint that speaks the openai api format (self hosted models, gateways, or third party providers) host url the address maro sends requests to for anthropic and openai , this defaults to the provider's public api ( https //api anthropic com and https //api openai com ) leave it as is unless you route traffic through your own proxy for openai compatible , this is required — point it at the base url of your endpoint model which model the provider should use for anthropic , choose from claude haiku 4 5 (recommended) — fast and cost effective claude sonnet 4 6 — more capable, higher cost for openai , choose from gpt 5 nano (recommended) — fast and cost effective gpt 5 mini — more capable, higher cost for openai compatible , type the exact model id your endpoint expects (for example, llama 3 1 70b instruct ) the recommended models are tuned for the high volume, low latency nature of real time detection start there unless you have a reason to prefer a larger model api key the credential maro uses to authenticate with your provider your key is stored encrypted on maro's servers and is never returned by the api — once saved, you can't read it back if a key is already saved, you'll see a key configured badge to change it, click replace key and enter the new one; click keep existing key to leave it untouched remote provider how your api key and policy detection activity is secured if you configure a remote provider, your api key is treated as a sensitive credential and handled accordingly stored in a dedicated secrets vault, not our database in production, keys are kept in aws secrets manager , encrypted at rest maro's application database only records whether a key is configured — never the key itself write only once saved, a key can be replaced but never read back by the api it's only accessible by the proxy service which is responsible for proxying the api call from your extension to the remote provider isolated per organization each organization's key is stored separately and scoped to that organization, with integrity checks to ensure one org's key can never be served to another admin only access only organization administrators can set, replace, or remove a key, and all requests are sent over encrypted (https) connections permanently removed on delete removing your configuration deletes the stored key immediately and irreversibly — there's no recovery window if you ever need it again, you simply re enter it tip because maro never reveals a stored key, treat key rotation as a "replace" — generate a new key with your provider, paste it in via replace key , then revoke the old one on the provider's side using a isolated separate service (the proxy service) maro's extension can communicate securely with your llm provider to perform policy detection this data is not logged nor does maro have visibility into the activity just like when the extension uses a local model, any recorded data associated with findings will be encrypted using your organization's key before being sent to the maro cloud this ensures that your user's activity remains private saving, resetting, and removing save configuration writes your changes the button stays disabled until you've actually changed something reset discards unsaved edits and restores the last saved configuration remove configuration clears your remote setup entirely the extension reverts to each user's local llm settings, and any stored api key is deleted and cannot be recovered after a successful save you'll get a confirmation, and the change takes effect for your organization's extensions