Honest scope. What AiEGIS captures, what it does not, and where each gap is on the roadmap. Compliance teams can plan defense-in-depth knowing exactly where the boundary is.
AiEGIS sensors capture TLS connection metadata via OS-level hooks (Schannel on Windows, NetworkExtension on macOS). The capture surface depends on what the OS exposes at the TLS handshake layer.
Modern browsers (Firefox stable, Chrome experimental flags, Safari 17+) increasingly support ECH, which encrypts the SNI extension in the TLS ClientHello. When a user runs an ECH-enabled browser to an ECH-supporting server, our network sensor sees the connection IP and timing but not the destination hostname. Vendor matching by SNI fails for that connection.
What still works: the AiEGIS browser extension captures prompts at the DOM layer before TLS encryption happens. For ECH coverage today, deploy the extension alongside the network sensor (belt-and-braces).
What does NOT work: network-sensor-only deployments on machines where users run ECH-enabled browsers without the extension installed.
Users running their AI traffic through a VPN, SSH local-forward, or non-corporate proxy will surface in capture events with a tunnel_active or proxy_active flag. The sensor records that the bypass exists but cannot read the destination SNI behind a tunnel terminator under the user's control.
Defense pattern: the flag itself IS the audit signal. Auditors and compliance officers see "this endpoint had unverified tunnel traffic during the audit window" and can require remediation.
AiEGIS sensors run as a privileged service (LocalSystem on Windows, root LaunchDaemon on macOS). An attacker who has already achieved kernel-level code execution can stop the service or feed it false events. We document this as out of scope for v0.5.
What still works: a SYSTEM-level service is harder to disable than a user-level process. The watchdog detects soft-disable scenarios (process running but not capturing) and flags them in the audit log. Stale-detect alerts surface in the customer dashboard within 30 minutes.
By default the sensor stores a SHA256 of the first 500 bytes of each captured prompt. The raw plaintext is never stored locally and never leaves the customer's infrastructure. This is a privacy choice, not a capability gap — but it means AiEGIS cannot retroactively show an auditor "the exact text of prompt X". It can show "prompt with hash H was sent to vendor V at time T by process P".
For full-content capture (regulated verticals that require it) the customer can opt-in to plaintext storage at deployment time. The default remains hash-only.
The sensor runs offline-first: capture continues with no network access. License-validation grace period is 30 days. Audit-pack manifests sign locally and queue for upload when connectivity returns. For truly air-gapped deployments (defense, industrial control), see the sovereign-tier deployment which ships with on-premises license + audit infrastructure.
Compliance teams plan defense-in-depth. Knowing where AiEGIS stops lets them deploy the right complementary controls (DLP, CASB, network segmentation) at the boundary. A vendor who claims complete coverage is either wrong or hiding the gap. We would rather lose a deal to a more honest pitch than win one we cannot defend in an audit.
Found a limitation we have not documented? Email travisanthonygerber@gmail.com or open an issue on our public Grid repo. Empirical falsification is the fastest way to make this list better.