AI Browser Guard

Detect and monitor AI agents in your browser and block their scripted navigations, form submissions, and downloads

BETA - AI Browser Guard is in active development. We are building security infrastructure for the AI agent ecosystem and want your feedback. Report issues or suggest features: https://github.com/opena2a-org/AI-BrowserGuard/issues AI Browser Guard detects when AI automation frameworks take control of your browser and gives you tools to manage what they can do. WHAT IT DOES When an AI agent (Playwright, Puppeteer, Selenium, Anthropic Computer Use, OpenAI Operator, or any WebDriver-based tool) starts controlling your browser, AI Browser Guard: - Detects the takeover using multiple signals: WebDriver flags, Chrome DevTools Protocol markers, behavioral analysis of mouse/keyboard patterns, and framework-specific fingerprints - Shows detection status in the popup with confidence level and detection method - Logs all agent activity in a session timeline FIVE CORE FEATURES 1. Agent Takeover Detection - identifies automation frameworks without requiring agents to self-identify. WebDriver flag detection, CDP connection scanning, behavioral heuristics (click precision, typing cadence, synthetic events), and framework fingerprinting. 2. Emergency Kill Switch - one-click termination of all agent access. Clears automation flags, revokes delegated permissions, and broadcasts stop commands to all tabs. Keyboard shortcut: Ctrl+Shift+K (Cmd+Shift+K on Mac). 3. Delegation Wizard - define what agents can and cannot do before they connect: Read-Only (navigate and read, no clicking or typing), Limited (specific sites you choose, with time limits 15min / 1hr / 4hr), or Full Access (everything allowed, with logging and alerts). 4. Boundary Violation Alerts - when an agent attempts an action outside its delegation scope, the action is blocked and you receive a notification showing what was attempted, which rule blocked it, and the option to allow it once. 5. Session Timeline - chronological log of all agent actions: timestamps, action types, target URLs, element selectors, and whether each action was allowed or blocked. Last 5 sessions retained. PRIVACY By default, AI Browser Guard makes zero network requests. All detection, delegation, and session tracking runs locally on your device. There is no analytics, no telemetry, and no tracking. Session logs and settings are stored in chrome.storage.local and are deleted when you uninstall. The extension also offers three optional community-intelligence features that are OFF BY DEFAULT. They only send data after you explicitly enable them, and each can be turned off again with one click: - AIM identity lookup and registry trust lookup - when an agent is detected, look up a trust score for that agent type. Only the detected agent type (for example "playwright") is sent. Your URLs and page content are never sent. - Anonymized contribution - share anonymized detection and behavior summaries (an anonymous token, the detected framework name, and summary counts) to improve community threat intelligence. Prompted once after 5 detections; dismissible. None of these features transmit your URLs, page content, form data, keystrokes, cookies, authentication tokens, or identity. Full privacy policy: https://opena2a.org/aibrowserguard/privacy PERMISSIONS AI Browser Guard requests host access to all URLs because AI agents can operate on any website, so the detection content script must run on every page. By default the extension makes no network requests; the only outbound requests are the optional, off-by-default features described under PRIVACY. ABOUT OPENA2A AI Browser Guard is built by OpenA2A, an open-source security platform building infrastructure for the AI agent ecosystem. Learn more: https://opena2a.org - Source code: https://github.com/opena2a-org/AI-BrowserGuard This is a beta release. We are actively improving detection accuracy, adding framework signatures, and expanding delegation controls. Open an issue on GitHub with feedback: https://github.com/opena2a-org/AI-BrowserGuard/issues