Stage 02 · The Containment Field

Let the good through.
Contain the rest.

DomainGuard decides — in real time — what your people and their AI tools are allowed to do. Safe activity flows. Risky activity is blocked at the source: in the browser, and across the whole device.

Get a demo How it works Log in ↗
Two parts, one field

A browser extension and an endpoint agent, working as one.

Most controls watch a single browser tab. DomainGuard enforces the same policy everywhere your team works — in the browser, and on the device beneath it — so there's no gap to slip through.

Component A · In the browser

The Browser Extension

Sits in the browser and inspects AI use and web traffic as it happens — allowing what's safe, blocking what isn't.

  • Blocks risky AI activity — uploads, prompts, and tools that violate policy
  • Real-time web & URL filtering by category, risk, and allow/deny lists
  • Zero-friction for safe traffic — users barely notice it's there
Component B · On the device

The Endpoint Agent

Extends the same policy beyond the browser — enforcing your AI rules across the whole device, where standalone apps and background tools live.

  • Enforces AI policy on the endpoint, not just inside one browser tab
  • Catches native apps and tools the browser never sees
  • One policy, enforced consistently — managed centrally
Where it sits in the reaction
01
Detector
ITDR spots the event
02
Containment
DomainGuard blocks & filters, instantly
03
Observatory
MDR reviews — optional
In the field

Three risks, contained at the source.

What real-time AI and web policy enforcement looks like in the browser and on the device. Timelines are illustrative.

Scenario 01 · Shadow AI paste
  1. 11:02An employee pastes a customer list into a public AI chatbot.
  2. 11:02The browser extension matches the destination and the data pattern against policy.
  3. 11:02Submission blocked in-page; the user sees why, the event is logged.

Outcome: sensitive data never leaves the browser.

Scenario 02 · Malicious URL
  1. 14:37A phishing link lands and the user clicks through.
  2. 14:37Real-time URL filtering scores the domain as high-risk.
  3. 14:37Page blocked before it loads; attempt reported to the console.

Outcome: the credential-harvest page never renders.

Scenario 03 · Off-browser AI app
  1. 16:20A user opens a standalone desktop AI tool the browser can't see.
  2. 16:20The endpoint agent applies the same AI policy device-wide.
  3. 16:20Disallowed activity blocked; allowed use passes untouched.

Outcome: one policy, enforced beyond the browser tab.

Questions

DomainGuard, answered.

Which browsers are supported? +
The extension targets the major Chromium-based browsers and Firefox. Full supported list coming soon
Which operating systems does the endpoint agent run on? +
The agent is built for Windows and macOS endpoints. Full support & availability coming soon
Do I need both the extension and the agent? +
No — the browser extension works on its own for web and in-browser AI use. The endpoint agent extends the same policy to standalone apps and tools the browser never sees. Run one or both.
Will it slow down safe browsing? +
Safe traffic is designed to pass with minimal friction — users barely notice it. Enforcement kicks in only when activity violates policy. Benchmarks coming soon
How are policies managed across clients? +
Centrally, from the multi-tenant console. Push a baseline to every tenant, or tune AI and web policy per client.
What data does the extension see and store? +
It inspects web and AI activity to enforce policy; what's logged and retained is configurable and encrypted. See Security & Compliance. Capture details coming soon
The promise

Risky AI use stops before it leaves the device.

See the Containment Field in action