David Wolf · Project Use Case
AI SECURITY · PRODUCT SECURITY · INTERNAL PRODUCT
Internal Product
Chrome Extension WebLLM, WASM & Puppeteer Automation Platform
A browser-native AI automation platform embedding WebLLM, WASM modules, Puppeteer-core-style automation, page injections, tool registries, request...
Built a browser-native AI automation platform using a Chrome extension with embedded WebLLM, smaller local models, WASM modules, tool registries, page injections, optional Chrome debugger permission, browser-state awareness,...
Client
Internal Product / Browser-Native AI Platform
Engagement Type
Internal product platform buildout
Period
2023–2026
Role
Principal Architect / Browser-Native AI Architect / Chrome Extension Automation Engineer
Focus Areas
Chrome Extension Runtime, WebLLM, WASM Modules, Local Models
The Research Narrative
Strategic Problem
The challenge was combining high-authority browser automation with local AI and practical safety boundaries. Content scripts, background workers, offscreen documents, local models, WASM adapters, browser APIs...
What David Did
Built a Chrome extension platform designed for browser-native AI workflows rather than a simple popup or content script.
What Became Clearer
Created a canonical browser-native AI automation platform spanning extension UI, local models, WASM tools, page injections, request capture, and authenticated workflow automation.
Consulting Proof
This is evidence of turning messy security telemetry into explainable dashboards, alert-quality improvements, and executive-ready operating views.
The Context
This project is the canonical technical platform case for browser-native AI automation. It focuses on the extension runtime itself: embedded WebLLM, WASM modules, local tool registry, browser injections, request capture, Puppeteer-style automation, authenticated application context, runbooks/playbooks, omnibox/multi-channel inbox concepts, and extension-to-agent workflow orchestration.
The Challenge
The challenge was combining high-authority browser automation with local AI and practical safety boundaries. Content scripts, background workers, offscreen documents, local models, WASM adapters, browser APIs, debugger access, network interception, page injection, and authenticated application actions all have different trust boundaries. The system needed to capture context and automate work while keeping tools scoped, observable, and reviewable.
What I Did
- •Built a Chrome extension platform designed for browser-native AI workflows rather than a simple popup or content script
- •Embedded WebLLM to support local, in-browser language-model reasoning where privacy, latency, or offline execution mattered
- •Integrated smaller local models for classification, extraction, and workflow-specific assistance
- •Used WASM modules inside the extension so reusable scoring, parsing, extraction, and adapter logic could run locally
- •Created a tool registry where WASM adapters and extension capabilities could register callable tools for local AI workflows
- •Injected workflow helpers into target surfaces such as Gmail, Outlook, GitHub, Salesforce, HubSpot, LinkedIn, Crunchbase, Google Search, X/Twitter, and ATS systems
- •Explored optional Chrome debugger permission for deeper browser automation and inspection where explicitly authorized
- •Carved up and embedded Puppeteer-core-style automation concepts inside the browser extension framework
The Outcome
Created a canonical browser-native AI automation platform spanning extension UI, local models, WASM tools, page injections, request capture, and authenticated workflow automation.
Research Outcomes
Signal Quality
Improved the trustworthiness of operational security signals
Operational Clarity
Translated complex security data into clearer operating views
Stakeholder Visibility
Made technical risk and status easier to explain
Operational Impact
Turned raw telemetry into actionable security intelligence
Capabilities Demonstrated
Telemetry Normalization
Consistent and trusted data
Operational Reporting
Actionable views for security operations
Security Analytics
Signal investigation and event analysis
IAM / Access Control
Identity telemetry and access insights
SIEM Alert Debugging
Noise reduction and signal validation
Dashboard Development
Operational and executive views
Executive Reporting
Security data translated for leadership
Public-Safe Evidence
Shareable insights without sensitive data
Key Deliverables
- •Chrome extension AI automation runtime
- •Embedded WebLLM integration
- •Smaller local model integration
- •WASM module integration
- •Extension tool registry
- •Content script injection workflows
- •Background/offscreen worker architecture
- •Puppeteer-core-style automation patterns
Tools & Technologies
Consulting Translation
The reusable pattern is not Disney-specific: normalize fragmented security telemetry, debug low-signal alert behavior, build trusted operating views, and give leadership evidence they can act on without exposing sensitive systems.