AegisPrompt is a lightweight Chrome extension that scans every prompt before it reaches an AI platform. Sensitive data is detected and blocked locally โ nothing ever leaves the browser.
Scans every prompt in real time as your team types โ PII, API keys, financial data, and custom restricted terms.
Blocks submission and shows a detailed warning. Employees can review and remove sensitive data before proceeding.
Every event is logged to the admin dashboard โ what was detected, where, and whether the user proceeded or canceled.
Multi-layered pattern matching with built-in validation to minimize false positives
Catches the most common types of PII before they reach AI platforms.
Protects banking and cryptocurrency identifiers from accidental exposure.
Detects credentials and tokens that could compromise your infrastructure.
A built-in library of 50+ phrases that indicate sensitive context.
Company admins can define restricted terms that are specific to their organization โ project codenames, internal product names, or confidential phrases. These rules are pushed to every employee's extension automatically and trigger on any match, case-insensitive.
A multi-layered interception approach that catches sensitive data regardless of how the user submits
Watches keystrokes in real time and caches text as the user types โ so even if a platform clears the input field before submission, AegisPrompt still has the text to scan.
Catches send-button clicks using event delegation on mousedown, and intercepts Ctrl/Cmd+Enter keyboard shortcuts โ the two most common ways users submit prompts.
Intercepts form submissions at the DOM level using preventDefault and stopImmediatePropagation, ensuring the prompt never reaches the AI platform until it passes the scan.
Prompts over 10,000 characters are automatically chunked into 5,000-character segments and scanned individually to avoid performance degradation. Custom phrases are scanned against the full text.
Every pattern has contextual validators โ SSNs exclude invalid area codes, credit cards must pass Luhn check, phone numbers exclude credit card prefix patterns, AWS secrets require mixed-case characters.
Each AI platform has unique input patterns โ textareas, contenteditable divs, different send button implementations. AegisPrompt detects and adapts to each automatically.
The send action is immediately intercepted. The prompt does not reach the AI platform.
A clear modal shows exactly what was detected โ data type, count, and a truncated example (limited to 20 characters for security).
Two options: "Cancel & Review" to go back and remove sensitive data, or "I've Reviewed - Proceed" to explicitly acknowledge and send anyway.
Regardless of the user's choice, the detection event is logged to the admin dashboard โ what was found, where, and what action was taken.
Automatically detects input fields and send mechanisms specific to each platform
AegisPrompt handles the unique input patterns of each platform โ textareas, contenteditable divs, and various send button patterns โ so protection works seamlessly regardless of which AI tool your team prefers.
Complete visibility into AI usage and data exposure risk across your organization
See every detection event across your organization โ what type of sensitive data was flagged, which AI platform it happened on, and whether the user proceeded or canceled.
Understand which AI platforms your team actually uses, how frequently, and where the highest concentration of risk events occur.
Generate reports showing that active controls are in place and working. Demonstrate to auditors and regulators that you take AI data governance seriously โ with data to back it up.
Track detection patterns over time to identify whether risk is increasing or decreasing, which teams need additional training, and where to focus your security efforts.
Every detection event, warning, cancel, and proceed action is recorded with: the data types detected, counts, which AI platform it occurred on, timestamp, and user information. This gives admins a clear picture of where the real risks are โ and evidence that your controls are working.
Two simple activation paths โ no MDM, no browser replacement, no IT tickets
Admins generate activation codes (format: AEGIS-XXXX-XXXX). Employees install the Chrome extension, enter their code and work email, and they're protected immediately.
Employees log in through aegisprompt.ai, which syncs authentication tokens to the extension via a secure frontend bridge. Tokens are validated for format, email consistency, and expiry before being accepted.
Every architectural decision prioritizes data privacy and minimal permissions
It does not read, store, or transmit the actual prompt content. It only scans locally in the browser and reports metadata (detection types and counts). The full text of what the employee typed never leaves the browser.
All detection happens in the browser. Prompt content is never sent to AegisPrompt servers. Only anonymized metadata (detection types and counts) powers the admin dashboard.
Built on Chrome's latest extension architecture with only the permissions needed: activeTab, storage, notifications, alarms, and scripting. No broad host permissions.
All user-facing content in warning modals uses textContent assignment โ never innerHTML with raw input. Sensitive data examples are truncated to 20 characters.
Auth tokens stored in chrome.storage.local (not sync) to keep credentials off shared Chrome profiles. No hardcoded API keys โ backend validation uses extension ID + JWT.
The auth bridge validates JWT format, checks email-claim consistency, and verifies token expiry before accepting any authentication โ preventing token injection or replay attacks.
Start your 30-day free trial and deploy AegisPrompt to your team in under 10 minutes.