How Dashlane Is Using AI for Security—Without Compromising Privacy

AI-generated, human-reviewed.

Dashlane, one of the world’s leading password managers, relies on artificial intelligence and machine learning to make its software more secure and user-friendly—without ever compromising user privacy. On Intelligent Machines, Dashlane CTO Frederic Rivain offered a detailed look behind the curtain at how AI is practically and thoughtfully embedded into their security tools, and what new generative AI models like Anthropic’s Claude Mythos mean for the future of vulnerability detection.

How AI Works Inside Dashlane (And Why Privacy Still Comes First)

Dashlane has integrated multiple layers of AI into its password management system for several years. According to Frederic Rivain on this week’s episode, AI powers everything from autofill features to phishing detection. However, the company’s guiding principle remains clear: no customer data is ever used to train AI models.

Instead, Dashlane builds and trains its machine learning models using synthetic data or purpose-built datasets. The AI features—such as the phishing detection model—run entirely on-device and never “see” the passwords, payments, or browsing activities of customers. This all-local approach ensures full privacy and security for users, even as AI delivers smarter features behind the scenes.

For example, Dashlane’s phishing detection model analyzes around 80 indicators to flag suspicious websites. All testing, benchmarking, and deployment happens without exposing sensitive user data outside devices.

Employing AI Code Assistants Securely in a Security Product

Internally, Dashlane’s engineering teams are embracing AI-powered developer tools like Claude Code. Over 100 engineers and even some product managers are leveraging these tools, but according to Frederic Rivain, strict security guardrails are in place.

Claude Code runs sandboxed within containers—completely isolated from Dashlane’s production systems—so that AI agents cannot write or delete code without human review. Suggestions from AI must be manually vetted and merged by engineers, and code security review agents provide an additional layer of oversight. Current use is focused on deterministic, well-understood tasks such as codebase migrations or large refactors, with a mandatory two-person reviewer system for every line of code that goes into the product.

Preparing for the Claude Mythos Era: AI and Vulnerability Discovery

One of the hottest topics discussed was Anthropic’s new Claude Mythos, an AI model reportedly capable of autonomously discovering large numbers of zero-day vulnerabilities in both operating systems and major applications.

Frederic Rivain highlights that AI-powered vulnerability discovery is a double-edged sword: while it enables defenders to catch and fix issues earlier, there’s little doubt these models will end up in the hands of attackers. Dashlane has proactively made its source code available for review and regularly invites external security researchers to scrutinize it. According to Rivain, having access to state-of-the-art AI vulnerability scanners is crucial—not just for tech giants, but also for smaller organizations seeking to secure their software before adversaries can exploit new weaknesses.

This also prompts a renewed focus on resilient security architecture. Dashlane’s zero-knowledge design means user data is always encrypted, and customer secrets are never accessible—even to Dashlane itself. This design reduces the potential damage (blast radius) of even advanced, AI-enabled attacks.

Post-Quantum and Forward-Thinking Security

With concerns around “harvest now, decrypt later” tactics and the prospect of quantum computers cracking classical encryption, Dashlane is already prototyping post-quantum cryptographic algorithms based on the latest NIST standards. Migrating critical pieces—especially those involving asymmetric encryption, like credential sharing—will require careful planning and broad key rotation, but Rivain emphasizes the imperative to act before new threats fully materialize.

What You Need to Know

• AI already powers autofill and phishing detection in Dashlane, but all models run locally and never train on customer data.
• Internal AI code tools are used under strict containment, never touching live systems without human oversight.
• The rise of advanced AI vulnerability hunters (e.g., Claude Mythos) will force all software vendors to up their security game—attackers will get these tools too.
• Dashlane’s zero-knowledge architecture keeps all customer data encrypted; AI never touches secrets or personal details.
• Preparation for quantum decryption threats is underway, with focus on standards-based cryptographic upgrades.

The Bottom Line

Dashlane’s approach to AI proves that security and privacy aren’t mutually exclusive. By building AI systems that work locally and never touch personal data, and by rigorously containing code-writing AI, Dashlane sets an example for trust in a rapidly changing software world. The coming wave of AI-driven vulnerability discovery will raise the bar for everyone—users should expect password managers and other security products to not only harness AI, but also safeguard their data with zero-knowledge and forward-compatible encryption.

Want more expert insights on how leading tech companies are navigating the age of Intelligent Machines?
Listen and subscribe at: https://twit.tv/shows/intelligent-machines/episodes/871