Google Chrome Now Lets You Turn Off On-device AI Models with Simple Toggle

Google introduced a new control this week that security enthusiast @Leopeva64 discovered in Chrome Canary: a simple toggle that lets users delete the Gemini Nano AI models powering the browser’s on-device scam detection.

The new feature in “On-device GenAI” in Settings > System, gives users control over Chrome’s AI capabilities, including the ability to disable security features that Google says detect 20 times more scams than previous methods.

“Google has now added a new toggle that lets you delete the GenAI models (which power this feature) from your device,” @Leopeva64 explained. “Turning it off also disables the feature itself.”

The AI Being Controlled

To understand what users can now disable, it’s worth examining what the toggle actually does. It controls Gemini Nano, integrated into Chrome’s Safe Browsing last May to analyze pages locally for signs of fraud.

The AI’s effectiveness is substantial: Google reported that its on-device scam detection identified 20 times more deceptive pages than previous methods. The model targets tech support scams, which make up 30% of blocked fraud sites, and has reduced airline customer service impersonation scams by over 80%.

These numbers reflect a fundamental shift from reactive to predictive security. Chrome’s Safe Browsing system traditionally relied on blocklists and heuristics.

Gemini Nano shifted that approach, processing pages in real-time using language models trained to recognize phishing patterns, impersonation techniques, and social engineering tactics. The browser now catches fraud attempts that would have slipped through previous filters. It’s the kind of security layer users rarely see but benefit from continuously.

Privacy Framework

Despite the power of what users can now disable, the AI operates with privacy constraints. Gemini Nano analyzes pages on-device and sends only distilled security signals to Google Cloud, not personal data or raw browsing information.

As the Chrome Settings UI states, the toggle “powers features like scam detection locally. Turning this off deletes GenAl models from your device and disables these features.”

Google’s approach separates analysis from reporting: the AI evaluates content locally, generates a risk assessment, and transmits only that assessment as an anonymized signal. User data remains on the device in all identifiable forms. Even with this privacy-respecting design, Google is giving users a simple kill switch.

This architecture creates an unusual dynamic: Google built a system that processes data locally specifically to avoid privacy concerns, yet still offers users the option to reject it entirely.

The implication is clear: technical privacy guarantees won’t satisfy all audiences. Some will object to any algorithmic analysis regardless of implementation. By providing an opt-out, Google prioritizes user autonomy over even well-intentioned defaults.

Why would anyone turn off a feature that blocks scams with no obvious privacy cost? Some users may object to any AI processing, regardless of how it’s implemented. Others might prioritize disk space or computational overhead.

Enterprise administrators might want uniform configurations without variation in installed models. Therefore, Google’s decision to offer the toggle acknowledges that user autonomy sometimes supersedes even well-designed defaults.

Competitive Context

This philosophy of user control becomes clearer when compared to how other browsers handle AI. Chrome’s simple toggle stands in contrast to how competitors manage browser AI. Microsoft Edge embeds Copilot deeply into the interface, and disabling it requires Group Policy edits or Registry modifications, tools unavailable to typical users and complex even for power users. Edge positions its AI as an integrated part of the browsing experience, not an optional component.

Brave takes an opposite approach: its Leo AI is private by default, effectively anonymizing requests without requiring settings changes.

According to Brave’s privacy policy, “Brave Leo does not record chats, or use them for model training.” Brave’s philosophy treats privacy as the baseline, not a configuration option.

Chrome’s toggle represents a middle position: AI features are enabled by default for security reasons, but users who want them gone can remove them entirely with one click. This positions Chrome between Edge’s friction-by-design approach and Brave’s privacy-first architecture.

Edge makes AI removal deliberately difficult to preserve what Microsoft considers core functionality. Brave eliminates the need for removal by making privacy non-negotiable. Chrome offers power with an escape hatch, betting that many users will accept the security benefits while respecting the minority who won’t.

Enterprise and Roadmap

Looking beyond desktop, Google’s AI control strategy extends to mobile platforms. The company plans to expand on-device LLM scam detection to Chrome on Android later this year, bringing the same protection to mobile users. The desktop implementation suggests the company is willing to balance aggressive security defaults with user choice.

The enterprise policy layer reveals Google’s dual strategy: empower individual users with simple controls while giving organizations the infrastructure to enforce uniform policies at scale.

This mirrors how Chrome handles other security features with defaults optimized for protection and administrative overrides for environments where centralized control trumps individual choice. The Android expansion indicates Google intends to standardize this approach across platforms, making scam detection ubiquitous while keeping the off-switch accessible.

As Chrome rolls out this toggle to the stable channel in coming weeks, users will make that choice themselves. The responsibility for security now sits squarely on the user’s shoulders.