Detect, monitor, and control AI agents in your browser.
Chrome extension that detects when AI agents take over your browser, enforces delegation boundaries, and gives you an emergency kill switch. Zero network requests. All processing local.
Open chromewebstore.google.com and click InstallFree. No account required. Works in any Chromium browser.
AI Browser Guard
Status. Active
[!] Agent detected on current tab
Framework. Playwright
Signals. WebDriver flag, CDP connection, synthetic events
Confidence. High
[*] Active delegation. Limited
Allowed sites. github.com, docs.example.com
Time remaining. 47 min
[BLOCKED] Form submission on bank.example.com
Rule. Site not in allowlist
[Kill switch. Ctrl+Shift+K]Why a browser layer
Playwright, Puppeteer, Selenium, Anthropic Computer Use, and OpenAI Operator can all control your browser. AI Browser Guard detects them without requiring the agent to identify itself.
Without AI Browser Guard
- AI agents take over your browser silently via CDP, WebDriver, or automation frameworks.
- No visibility into what actions the agent is performing.
- The agent can navigate to any site, submit forms, and download files.
- No way to stop a runaway agent without killing the entire browser.
With AI Browser Guard
- Agent takeover detected automatically via multiple independent signals.
- Every agent action logged with timestamp, target, and outcome.
- Delegation boundaries enforced. Site restrictions, action limits, time bounds.
- Emergency kill switch terminates all agent access instantly.
Five core features
Detection, control, delegation, enforcement, and logging. Everything runs locally in your browser.
Agent takeover detection
Multiple detection signals run in parallel. WebDriver flags, CDP markers, behavioral analysis (event timing, click precision, typing cadence), and framework specific fingerprints. No agent self identification required.
- WebDriver and CDP flag monitoring
- Synthetic event pattern detection
- Framework fingerprinting across five frameworks
- Works without agent cooperation
Emergency kill switch
One click revocation of all agent access. Terminates active CDP connections, disables content script injection, clears automation flags, and revokes delegated permissions. Visual confirmation in the popup.
- Keyboard shortcut Ctrl+Shift+K or Cmd+Shift+K
- Terminates CDP connections
- Clears all automation flags
- Revokes delegated permissions
Delegation wizard
Define what an agent can and cannot do before it gets access. Three presets. Read Only navigates and reads only. Limited targets specific sites with a time bound. Full Access permits everything with logging.
- Three presets. Read Only, Limited, Full Access
- Site allowlist and blocklist via glob patterns
- Action type restrictions
- Time limits with countdown of 15 min, 1 hr, 4 hr
Boundary violation alerts
Fail closed rule evaluation. Every agent action is compared against active delegation rules. Violations are blocked before execution at the content script level. A Chrome notification fires for each violation.
- Block before execution. Fail closed
- Real time Chrome notifications
- What was attempted and which rule blocked it
- Option to allow once per violation
Session timeline
Chronological log of every agent action per session. Each entry includes timestamp, action type, target URL, target element via CSS selector, and outcome of allowed or blocked. Last five sessions retained.
- Per session chronological log
- Action type, target URL, and element
- Allowed or blocked status per action
- Last five sessions stored locally
How detection works
A multi stage pipeline runs on every page load. Each stage operates independently, so detection succeeds even if an agent evades one layer.
Privacy first
AI Browser Guard makes zero network requests. All processing happens locally on your device. No data leaves your browser.
Zero network requests
No external API calls, no analytics, no telemetry, no crash reports. The extension never communicates with any server.
Local storage only
All data stored in chrome.storage.local on your device. Sessions, rules, and settings never leave your machine. Uninstall deletes everything.
Open source
Apache 2.0 licensed. Full source code on GitHub. Audit every line. No obfuscated code. No hidden behavior.
Quick start
Install from the Chrome Web Store for automatic updates, or build from source for development.
Build from source
For development
Clone, build, and load as an unpacked extension in developer mode.
View on GitHub# Clone the repository
$ git clone https://github.com/opena2a-org/AI-BrowserGuard.git
$ cd AI-BrowserGuard
# Install dependencies and build
$ npm install
$ npm run build
# Load in Chrome
1. Open chrome://extensions
2. Enable Developer Mode (toggle in top right)
3. Click "Load unpacked"
4. Select the dist/ directory
# Run tests
$ npm run testArchitecture
Chrome Manifest V3 extension with three coordinating components.
Content script
Injected into every page. Runs the detection pipeline, intercepts agent actions, and enforces delegation boundaries at the DOM level.
Background service worker
Manages session state, delegation rules, and chrome.storage.local. Coordinates between content scripts and the popup. Handles kill switch execution.
Popup UI
Displays detection status, active delegation rules, violation log, and session timeline. Hosts the kill switch button and the delegation wizard.
Permissions
Every permission has a specific purpose. No optional or broad permissions requested.
| Permission | Reason |
|---|---|
| storage | Persist sessions, rules, and settings locally |
| alarms | Delegation expiration timers |
| notifications | Boundary violation alerts |
| debugger | Detect CDP client attachments. Layer 1 detection |
| <all_urls> | Detect agents on any page the user visits |
Install AI Browser Guard
Take back control of your browser. Detect AI agents, enforce boundaries, and terminate access with one click.
Open chromewebstore.google.com and click Install