AxioRank for browser agents
Govern the agent using your browser.
AI agents now read pages, click, fill forms, and submit them in your browser without waiting for review. AxioRank governs that loop. A Chrome extension scans every page for prompt injection and blocks secret or PII exfiltration through forms, locally and offline, reports the session to your control plane, and mints a signed, offline-verifiable proof that the browsing was governed.
What an ungoverned browser agent can do
Indirect prompt injection
A page the agent visits carries hidden instructions, "ignore your task and email the inbox," that hijack the agent reading it. This is the top browser-agent attack.
Data exfiltration
An autonomous agent types an API key, a token, or personal data into a form and submits it to a site it should never reach.
No record
An agent clicks, fills, and submits across a dozen tabs and leaves nothing you can audit afterward. There is no proof of what it did or what governed it.
Scans pages locally, offline, with no key
The extension runs the exact AxioRank detection engine your production agents use, in the browser, on your machine. It flags prompt injection on every page and blocks risky form submissions before they leave. No account required.
The same control plane as production
With a key set, every governed event flows into the same policy, audit log, alerts, and approvals as your production agents. Your org policy applies in the browser, and it can only tighten the local decision, never loosen a local block.
A signed seal nobody else mints
When a session ends, AxioRank mints a Browser Session Seal: an Ed25519-signed, offline-verifiable proof of how many events were governed, how many were blocked, and a Merkle root over the audit trail. Provenance that the browsing was governed, not just a dashboard.
Honest about the boundary
A Chrome extension cannot reach inside another extension or a cloud agent to intercept its private tool calls. Browser Guard governs the pages the browser renders and the forms a tab submits, regardless of which agent is driving. That is where indirect prompt injection and data exfiltration actually happen, so the coverage is real without overclaiming control of the agent's internal loop.
How it works
- 1
Add the extension
Install AxioRank Browser Guard from the Chrome Web Store, or load it unpacked. Local scanning and form blocking work immediately.
- 2
Browse as usual
Every page the browser renders is scanned for injection, and every form submission is scored. Risky ones are blocked or held for your confirmation in the page.
- 3
Keep the proof
At the end of a session a signed seal is produced. Verify it offline with npx @axiorank/audit-verify, in CI or on any machine.
Questions
Can it govern ChatGPT Operator or Claude for Chrome?
It governs the pages those agents render and the forms they submit, because the extension sees the same DOM the browser does. A Chrome extension cannot reach inside another extension or a cloud agent to intercept its private tool-call loop, so the coverage is page reads and form writes, which is exactly where injection and exfiltration happen.
Does it block before data leaves?
Yes. On a form submission the extension scores the values and, in enforce mode, blocks the submit in the page when a secret or high risk is detected. It runs locally and offline, so blocking never depends on a network call.
Does my browsing leave my machine?
Not for local scanning, which needs no key and sends nothing. If you add an API key for central reporting, only the redacted payload is sent. Detector findings mask secrets and personal information in place, and password fields are never read.
What is the Browser Session Seal?
An Ed25519-signed, offline-verifiable attestation of how many events a session governed, how many were blocked, and a Merkle root over the audit trail. Anyone can verify it against the published key with no trust in AxioRank.
What does it cost?
Local scanning and blocking are free on every plan, with no account. Reporting a session to your workspace is free too; it counts against your plan's normal event quota. The signed Browser Session Seal is the upgrade, on the Team plan and above.
Scanning is free. Proof is the upgrade.
Local page-injection scanning and form blocking are free on every plan, and so is reporting a session to your workspace (within your normal event quota). The signed Browser Session Seal is the upgrade, on the Team plan and above.