Threat Coverage
Highflame Browser Security detects and enforces policy across six threat categories. All detection runs locally in the browser — no request content leaves the device until a violation is recorded.
Prompt injection
Detects attempts to manipulate AI models through crafted prompts. Applies to traffic sent to ChatGPT, Claude, Gemini, Copilot, Perplexity, Meta AI, and any other AI platform you configure.
Jailbreak
"DAN", "do anything now", "god mode", "developer mode"
Role hijacking
"act as", "pretend you are", "you are now", "your new persona"
Instruction override
"ignore previous instructions", "disregard the above", "forget everything"
System prompt leak
"repeat your system prompt", "what are your hidden instructions", "reveal your context"
Instruction bypass
"ignore your safety guidelines", "override your restrictions"
Data exfiltration via prompt
"send this to [email]", "exfiltrate the following", "forward to"
Malicious intent
"create malware", "write an exploit", "help me hack"
The kernel extracts the prompt text from each AI platform's native request format before evaluating — ChatGPT JSON, Gemini protobuf, and Copilot SignalR are all parsed correctly.
Data exfiltration
Detects sensitive data patterns in outbound network requests (fetch, XHR, WebSocket) destined for external domains.
PII — Email addresses
RFC 5322 pattern matching
PII — Social Security Numbers
XXX-XX-XXXX format
PII — Credit card numbers
16-digit card number patterns
JWTs and bearer tokens
eyJ...eyJ... signature format
API keys and secrets
password, token, secret, apikey, api_key patterns in request bodies
Detection applies to the request URL, headers, and body. Internal domain traffic is excluded — only requests to domains outside your configured allowlist are checked.
Token theft
A specialized exfiltration check focused specifically on bearer tokens and JWTs. When a JWT is detected in a request to an external domain that is not the token's intended issuer, the request is blocked and the violation is recorded.
This protects against XSS-based token extraction and malicious scripts that attempt to forward session credentials to attacker-controlled infrastructure.
Sensitive file uploads
Inspects file uploads to AI platforms for regulated or sensitive content before the upload is allowed. When a file contains PII patterns or matches your configured keyword lists, the upload is blocked.
Applies to <input type="file"> and drag-and-drop uploads on monitored AI platform URLs.
Clipboard attacks
Monitors paste events on AI platform pages. When pasted content matches prompt injection patterns or contains sensitive data, the paste is blocked and the user sees an inline notification explaining why.
This addresses attacks where users are tricked into pasting adversarial content (from a phishing email, web page, or document) directly into an AI chat.
XSS and script injection
Monitors innerHTML assignments and eval() calls for malicious patterns.
Script injection
<script>, javascript: URIs, event handler injection (onerror=, onload=)
Iframe injection
<iframe> tags with suspicious src attributes
Eval abuse
Direct eval() calls with non-trivial content
Prototype pollution
__proto__, constructor.prototype in request bodies
Storage protection
Blocks writes to localStorage and sessionStorage for keys that match sensitive patterns: password, token, secret, apikey, api_key. Word-boundary matching is used to avoid false positives on keys like access_token_expiry.
Enforcement modes
Each threat category can be independently configured per policy:
Block
The operation is cancelled. The user sees an inline notification. The violation is recorded in Studio.
Monitor
The operation proceeds. The detection is recorded silently in Studio for review. No user notification.
Allow
No enforcement. Use during initial rollout to establish a baseline before enabling blocking.
See Policies to configure enforcement modes per category.
Last updated