# Overview

Highflame Browser Security protects enterprise users from AI-related threats at the browser level. It deploys as a managed extension across Chrome, Firefox, Safari, and Edge, intercepting browser APIs and network traffic in real time to detect and block prompt injection attacks, data exfiltration, token theft, and other threats before they reach AI platforms or leave the network.

All threat detections and policy violations are reported to Highflame Studio, giving security teams unified visibility alongside their agent and gateway guardrails.

***

## What it protects against

Browser Security focuses on threats that originate in or pass through the browser — attacks that occur when employees use AI platforms directly, and data leaks that happen before any server-side control can intervene.

| Threat category              | Examples                                                                                                                                        |
| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| **AI prompt injection**      | Jailbreak attempts, role hijacking, instruction overrides, system prompt leaks sent to ChatGPT, Claude, Gemini, Copilot, and other AI platforms |
| **Data exfiltration**        | PII, credit card numbers, SSNs, API keys, and JWTs sent to external domains via fetch or XHR                                                    |
| **Token theft**              | Bearer tokens and JWTs intercepted and sent to unauthorized external endpoints                                                                  |
| **Sensitive file uploads**   | Documents containing regulated or sensitive content uploaded to AI platforms                                                                    |
| **Clipboard attacks**        | Malicious content pasted into AI chat interfaces                                                                                                |
| **XSS and script injection** | Unsafe HTML injected into `innerHTML`; dangerous `eval()` calls                                                                                 |

***

## How it works

The extension installs a lightweight security kernel (12.7 KB) into every browser tab. The kernel intercepts browser APIs at runtime — `fetch`, `XMLHttpRequest`, `WebSocket`, `localStorage`, `sessionStorage`, `innerHTML`, and clipboard events — and evaluates each operation against your active policies before allowing it to proceed.

```
Employee browser tab
        │
        ▼
┌─────────────────────────────────────────────────────┐
│  Highflame Browser Extension                        │
│                                                     │
│  API Interceptor                                    │
│  (fetch, XHR, WebSocket, storage, DOM, clipboard)  │
│          │                                          │
│          ▼                                          │
│  Threat Detection  ──►  Policy Engine               │
│  (heuristic, <2ms)      (Cedar, <5ms)               │
│          │                                          │
│          ▼                                          │
│  Enforce decision: allow / block / transform        │
│          │                                          │
│          ▼                                          │
│  Report violation to Highflame Studio               │
└─────────────────────────────────────────────────────┘
```

Targeted threat detections run locally — request content is sent to Highflame and recorded for audit & compliance. Policy evaluation runs synchronously, adding no perceptible latency to normal browsing.

***

## AI platforms monitored

Browser Security applies prompt inspection to traffic destined for:

* **ChatGPT** — `chatgpt.com`, `chat.openai.com`
* **Claude** — `claude.ai`, `api.anthropic.com`
* **Google Gemini** — `gemini.google.com`
* **Microsoft Copilot** — `copilot.microsoft.com`, `sydney.bing.com`
* **Perplexity** — `perplexity.ai`
* **Meta AI** — `meta.ai`

and more...

Policy controls apply for AI data exfiltration, token theft, and storage threats.

***

## Supported browsers

| Browser     | Deployment method                                            |
| ----------- | ------------------------------------------------------------ |
| **Chrome**  | Chrome Browser Cloud Management, Google Workspace Admin, GPO |
| **Edge**    | Microsoft Intune, Group Policy, Edge Management Service      |
| **Firefox** | Firefox Enterprise Policy (JSON or GPO)                      |
| **Safari**  | MDM profile (Jamf, Mosyle, or compatible MDM)                |

***

## Getting started

1. [Deploy the extension](/browser-security/deployment.md) to managed devices via your MDM or browser management console
2. [Configure policies](/browser-security/policies.md) to set enforcement mode and tune detection thresholds
3. [Monitor violations](/browser-security/monitoring.md) in Highflame Studio


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.highflame.ai/browser-security/browser-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.