Your Last Line of Defense
Before AI Gets Your Secrets

Aegis OmniGuard scans your input locally for credit cards, API keys & crypto mnemonics before sending to AI chatbots. 100% offline. Zero cloud. Open source.

Add to Chrome — Free View on GitHub
100% Local Zero Cloud Open Source MIT License

Available Now on Chrome Web Store

Install Aegis OmniGuard in one click. Free, lightweight (215 KB), and ready to protect you in seconds.

Install from Chrome Web Store →
The Problem

AI Tools Are the New Data Leak Vector

Every day, millions of users paste sensitive data into AI chatbots without realizing the risk.

23M+
Secrets leaked to GitHub repos in 2024
900K+
ChatGPT conversations stolen by malicious extensions
32%
Enterprise data incidents involve Shadow AI usage
// Pasting into ChatGPT...
sk-proj-a8Kx9mN2pQ4...
🛡 Aegis: BLOCKED → sk-pr**********Q4...
⚠ API Key detected and masked before sending
Features

Complete Protection for the AI Era

Two shields. One extension. Zero data leaves your browser.

🛡

Web2 DLP Shield

Real-time scanning of everything you type or paste into AI chatbots. Detects credit cards, API keys, mnemonics, private keys, PII, and .env secrets before they leave your browser.

Phase 1 — Live

Web3 Transaction Guard

Intercepts MetaMask eth_sendTransaction, eth_signTypedData, and personal_sign calls. Analyzes contracts for unlimited approvals, permit exploits, and phishing signatures.

Phase 2 — Live
🔗

Multi-Chain Detection

Bitcoin WIF keys (Base58Check + SHA-256), Solana keypairs, Tron private keys, and Ethereum hex keys. Plus BIP-39 mnemonic detection in English and Chinese.

BTC · ETH · SOL · TRON
🧠

BYOK AI Analysis

Bring Your Own Key for deep Web3 contract analysis. Supports OpenAI (gpt-4o-mini), Anthropic (claude-haiku-4), and DeepSeek. Keys encrypted with AES-256-GCM.

Optional · Off by Default
🌐

Bilingual Interface

Full English and Chinese (Simplified) support with 93 translation keys across all pages. One-click language toggle. Preference persisted automatically.

EN · 中文
🏭

Zero CSS Conflicts

All in-page UI (toast notifications, alert panels) injected via Shadow DOM with mode:closed. Complete style isolation from any website's CSS. Works everywhere.

Shadow DOM Isolation
How It Works

Four Steps. Fully Automatic.

Install once. Aegis works silently in the background, protecting every keystroke.

You Type or Paste

Text enters an input field or contenteditable element on any webpage

🔍

Local Scan

Regex pre-filter + Luhn + BIP-39 + Shannon entropy analysis runs locally

Threat Detected

Sensitive data identified with confidence scoring and type classification

Data Masked

Content replaced with **** before sending. Shield notification confirms the block.

Detection Engine

13+ Data Types. Two-Pass Verification.

Fast regex pre-filter, then algorithmic confirmation. Minimal false positives.

💳

Credit Cards

Regex + Luhn checksum

13-19 digit validation. Random numbers pass through.

🔑

BIP-39 Mnemonics

2048-word dictionary match

12/24 word sequences. English + Chinese supported.

🔒

Private Keys

Hex pattern + Shannon entropy

ETH (0x+64 hex), BTC WIF, SOL, TRON chains.

🤖

OpenAI Keys

sk-proj-... / sk-...

Pattern match with near-zero false positives.

🧬

Anthropic Keys

sk-ant-...

Claude API key detection.

AWS Access Keys

AKIA...

20-character key ID format match.

🐙

GitHub Tokens

ghp_ / gho_ / ghu_ / ghs_

All GitHub token formats detected.

🔍

Google AI Keys

AIza...

Google API key pattern recognition.

📄

.env Secrets

KEY=VALUE format

DATABASE_URL, API_KEY, SECRET, TOKEN patterns.

🪪

Chinese ID Cards

18-digit + checksum

Mathematical verification, not just pattern.

📱

Phone Numbers

1[3-9]XXXXXXXXX

Chinese mobile number format.

📧

Email Addresses

Standard regex

Common email format detection.

🔥

High-Entropy Secrets

Shannon entropy analysis

Generic API keys and secrets > 20 chars.

Architecture

Three-Layer Isolation Design

Built on Chrome Manifest V3 with strict privilege separation.

Injection & Interception

dlp_observer.ts provider_proxy.ts injector.ts bridge.ts

Content Scripts (Isolated World) + Main World ES6 Proxy for window.ethereum hijacking

Background Service Worker

dlp_engine.ts sentinel_engine.ts luhn.ts bip39_checker.ts entropy.ts wallet_detector.ts key_vault.ts llm_proxy.ts

DLP scanning, Web3 contract analysis, AES-256-GCM encrypted key vault, LLM API proxy

User Interface

Dashboard.tsx Logs.tsx Settings.tsx Whitelist.tsx shadow_host.ts i18n.tsx

React 19 Popup + Shadow DOM toast notifications & alert panels (zero CSS conflicts)

In Action

See It Working

Aegis OmniGuard overview
Product overview — AI-era data protection at a glance
Real-time interception
Real-time interception — sensitive data detected and masked instantly
Extension dashboard
Dashboard & workflow — protection controls and interception logs
Roadmap

Building the Future of Data Sovereignty

Phase 1 — Web2 DLP Shield Complete

Credit card, API key, mnemonic, PII detection. React/Vue state sync. Shadow DOM UI. Whitelist & logging.

Phase 2 — Web3 Sentinel + BYOK + i18n Complete

MetaMask transaction interception. Multi-chain key detection (BTC/ETH/SOL/TRON). BYOK LLM analysis. Chinese language support.

Phase 3 — Advanced Threat Intelligence In Progress

Phishing URL database. Cross-chain bridge monitoring. Enhanced false positive tuning. Community-contributed rules.

Phase 4 — Enterprise & Team Features Planned

Admin dashboard. Centralized policy management. Team deployment. Advanced rule packages.

Beyond — Multi-Platform Expansion Planned

Firefox extension. VS Code / Cursor integration. Edge Add-ons. System-level clipboard guardian.

Quick Start

Up and Running in 30 Seconds

1

Install

Click "Add to Chrome" from the Chrome Web Store. The extension icon appears in your toolbar.

2

Enable

Click the shield icon. Ensure the Protection toggle is ON (green). Choose your protection level.

3

Test

Open ChatGPT or Claude. Paste 4111 1111 1111 1111 and hit Enter. Watch it get blocked!

4

Configure

Add trusted domains to Whitelist. Adjust protection level. Check Logs for interception history.

Protection Levels

Low — 0.95 confidence, highest precision Medium — 0.80 confidence, recommended High — 0.60 confidence, aggressive
Privacy & Security

Your Data Never Leaves Your Browser

🛡

100% Local Processing

All scanning runs entirely in your browser. Zero network requests for detection.

🚫

Zero Telemetry

No analytics, no tracking, no data collection of any kind. Ever.

🔒

AES-256-GCM Encryption

API keys encrypted with per-installation secrets + random salts via WebCrypto.

📝

Open Source Audit

Every line of code is public under MIT License. Inspect, fork, contribute.

Start Protecting Your Data Today

Free. Open source. Takes 5 seconds to install. Your AI conversations will never accidentally leak secrets again.

Add to Chrome — Free Star on GitHub