Install
Getting a single machine running takes about five minutes — install the bundle, then one guided command:Full quickstart
Step-by-step: prerequisites, the menu-bar option, verifying, your first block,
and uninstall.
What it protects
The agent works from a host allowlist of known AI vendors — it inspects traffic to those hosts and leaves everything else untouched. The current list covers:| AI vendor / tool | Covered |
|---|---|
| ChatGPT / OpenAI | ✅ |
| Claude / Anthropic | ✅ |
| Google Gemini | ✅ |
| Perplexity | ✅ |
| Mistral | ✅ |
| Cohere | ✅ |
| Microsoft Copilot | ✅ |
| GitHub Copilot | ✅ |
| Cursor | ✅ |
| DeepSeek | ✅ |
| Grok (x.ai) | ✅ |
| Poe | ✅ |
| HuggingChat | ✅ |
| Meta AI | ✅ |
| Platform | Status |
|---|---|
| macOS | ✅ generally available (signed + notarized) |
| Windows | 🚧 in development (private preview) |
| Linux | 🚧 in development (private preview) |
What happens at send-time
Every paste, prompt, or upload gets one verdict in milliseconds:- Block — secrets, API keys, and prompt-injection attempts are stopped; the employee gets a clear notification with a short reference and a one-click copy-safe-version option.
- Redact — PII is masked on the device, so the raw value is never transmitted and the employee still gets useful help.
- Allow — everything else passes through untouched.
Two ways to deploy
Self-serve (today)
A user installs it and approves the certificate once. Perfect for pilots and
smaller teams. A local admin can turn it off unless you push it via MDM.
Managed for enterprise
Pushed by your MDM, with a managed certificate and a tamper-resistant
capture layer (macOS System Extension / Windows filtering driver). Same
detection — just locked down and zero-touch for employees.
Honest limits
A few things are out of scope by design or still in progress. The short version:It needs a certificate to read encrypted traffic
It needs a certificate to read encrypted traffic
Inspecting HTTPS means terminating TLS, which requires a trusted certificate
on the device — in both deployment tiers. The enterprise tier doesn’t
remove the certificate; it makes it MDM-managed and harder to tamper with.
Content is read locally; only the verdict and masked metadata are logged.
Certificate-pinned apps and QUIC/HTTP-3 can bypass inspection
Certificate-pinned apps and QUIC/HTTP-3 can bypass inspection
Some native apps pin their own certificate and bypass any inspection proxy,
and QUIC/HTTP-3 can route around the HTTP proxy entirely. Image OCR isn’t
supported yet either.
Next steps
Roll it out to your team
Enroll many devices with scoped, revocable credentials.
Choose where your data runs
Cloud, hybrid, or fully air-gapped.