AI Browser Guard

About

BETA — AI Browser Guard is in active development. We are building the security infrastructure that the AI agent ecosystem needs, and we want your feedback to get it right. Report issues or suggest features: https://github.com/opena2a-org/AI-BrowserGuard/issues

AI Browser Guard detects when AI automation frameworks take control of your browser and gives you tools to manage what they can do.

WHAT IT DOES

When an AI agent (Playwright, Puppeteer, Selenium, Anthropic Computer Use, OpenAI Operator, or any WebDriver-based tool) starts controlling your browser, AI Browser Guard:

— Detects the takeover using multiple signals: WebDriver flags, Chrome DevTools Protocol markers, behavioral analysis of mouse/keyboard patterns, and framework-specific fingerprints
— Shows detection status in the popup with confidence level and detection method
— Logs all agent activity in a session timeline

FIVE CORE FEATURES

1. Agent Takeover Detection
Identifies automation frameworks without requiring agents to self-identify. Uses WebDriver flag detection, CDP connection scanning, behavioral heuristics (click precision, typing cadence, synthetic events), and framework fingerprinting.

2. Emergency Kill Switch
One-click termination of all agent access. Clears automation flags, revokes delegated permissions, and broadcasts stop commands to all tabs. Keyboard shortcut: Ctrl+Shift+K (Cmd+Shift+K on Mac).

3. Delegation Wizard
Define what agents can and cannot do before they connect:
— Read-Only: Navigate and read, no clicking or typing
— Limited: Interact with specific sites you choose, with time limits (15min / 1hr / 4hr)
— Full Access: Everything allowed, with logging and alerts

4. Boundary Violation Alerts
When an agent attempts an action outside its delegation scope, the action is blocked and you receive a notification showing what was attempted, which rule blocked it, and the option to allow it once.

5. Session Timeline
Chronological log of all agent actions: timestamps, action types, target URLs, element selectors, and whether each action was allowed or blocked. Last 5 sessions retained.

PRIVACY

All processing happens locally on your device. Zero network requests. No analytics, no tracking, no data collection. Session logs and settings are stored in chrome.storage.local and deleted when you uninstall.

See full privacy policy: https://opena2a.org/aibrowserguard/privacy

PERMISSIONS EXPLAINED

This extension requires host access to all URLs because AI agents can operate on any website. Detection content scripts must run on every page to provide coverage. The extension makes no network requests and processes all data locally.

ABOUT OPENA2A

AI Browser Guard is built by OpenA2A, an open-source security platform building infrastructure for the AI agent ecosystem. AI agents are already making decisions, calling APIs, and accessing production data — without identity, visibility, or accountability. One compromised or misaligned agent can silently exfiltrate data, escalate privileges, or delete critical systems, and most organizations won't notice until damage is done.

OpenA2A builds the tools to close that gap. 11 npm packages published, 17K+ downloads across the ecosystem, 8 security PRs accepted into OpenClaw (205K+ stars), and 2,500+ lines of security code merged into projects used by millions. Our ecosystem includes:

— AIM (Agent Identity Management) — Cryptographic identity, trust scoring, capability-based access control
— HackMyAgent — 147+ security checks, adversarial attack payloads, OASB compliance scoring
— Secretless AI — Keeps secrets out of AI context windows across Claude Code, Cursor, Copilot, Windsurf
— ARP (Agent Runtime Protection) — Multi-layer runtime security monitoring and enforcement
— OASB (Open Agent Security Benchmark) — 222 attack scenarios across 10 MITRE ATLAS techniques
— DVAA (Damn Vulnerable AI Agent) — Intentionally vulnerable agents for learning and red-teaming
— Registry — Live security intelligence across 16,900+ MCP servers and 78K+ AI packages

AI agents should be powerful — but never unaccountable.

Learn more: https://opena2a.org
Source code: https://github.com/opena2a-org/AI-BrowserGuard

FEEDBACK

This is a beta release. We are actively improving detection accuracy, adding new framework signatures, and expanding delegation controls. If you encounter issues, have feature requests, or want to contribute, open an issue on GitHub:
https://github.com/opena2a-org/AI-BrowserGuard/issues