What is AIEGIS
AIEGIS is an endpoint AI visibility platform. It watches every interaction your employees have with AI tools — ChatGPT, Claude, Gemini, Copilot, Cursor — and gives your IT department a real-time view of what's happening, without the data ever leaving your infrastructure.
Why it exists
When an employee pastes a customer list into ChatGPT to write outreach emails, your organisation has no record of it. That data is now in OpenAI's systems. Under the EU AI Act, that is a compliance failure. Under your data protection obligations, it may be a breach.
AIEGIS closes that gap. Every prompt sent to an AI tool is intercepted before it leaves the device, checked against your organisation's policy, and logged to your own infrastructure. If a prompt violates policy, it is blocked before it reaches the AI. If it is allowed, it is logged with full context.
What AIEGIS is not
AIEGIS is not a cloud logging service. Your data never goes to AIEGIS Ltd servers. It is not a content filter that reads personal emails or browsing history — it only activates on known AI platforms. It is not a keylogger — it reads only prompt content submitted to AI tools.
Before You Begin
AIEGIS has three components. You do not need to install all of them — choose the ones that match your deployment needs.
System requirements
| Component | Requirements |
|---|---|
| Browser Extension | Chrome, Edge, or Firefox · macOS, Windows, or Linux |
| Mac Agent | macOS 13 Ventura or later · Apple Silicon or Intel |
| API Integration | Any platform that can make HTTPS POST requests |
What you need from AIEGIS
Before deployment, your IT administrator should have the following ready:
https://aiegis.ie for cloud deployment, or your self-hosted URL for on-premises.company-london-itBrowser Extension
The browser extension is the primary deployment method. It installs in Chrome, Edge, or Firefox and monitors all AI tool usage in the browser — no changes to employee workflow required.
How to install (IT administrator)
chrome://extensions → enable Developer mode → click Load unpacked → select the aegis-browser-ext folder.What employees see
When a prompt is allowed, nothing changes. The AI responds normally. When a prompt is blocked, the AI tool displays an error message explaining the prompt was blocked by organisational policy. Employees are not shown the specific policy rule triggered — only that a violation occurred.
What is monitored
The extension intercepts the fetch() and XMLHttpRequest calls made by AI platforms. This gives it access to the prompt content before it leaves the device. It does not read browser history, cookies, passwords, or any content on non-AI websites.
Mac Agent
The Mac agent provides deeper coverage for macOS users — including native app AI interactions that the browser extension cannot see, such as Copilot in Microsoft Word or AI features in Xcode.
Installation
AiegisAgent.pkg).aegis-agent --configure in Terminal. Enter your API key, endpoint URL, and agent ID when prompted. Credentials are stored securely in the macOS Keychain.aegis-agent --status in Terminal. A healthy response shows active: true and the current policy mode.What the Mac agent monitors
| AI Surface | Covered |
|---|---|
| ChatGPT in browser | ✓ Browser extension + Mac agent |
| Claude in browser | ✓ Browser extension + Mac agent |
| Copilot in Microsoft 365 | ✓ Mac agent (native app) |
| Cursor (AI code editor) | ✓ Mac agent |
| AI in Xcode | ✓ Mac agent |
| Personal device (unmanaged) | ✗ Not covered — policy only |
How Enforcement Works
Every prompt submitted to an AI tool passes through 15 security layers before a decision is made. This happens in under 200 milliseconds — fast enough that employees do not experience any perceptible delay on clean traffic.
The three decisions
What triggers a block
AIEGIS blocks prompts that match your organisation's configured policy rules. Default rules cover:
Fail-open behaviour
If AIEGIS cannot reach the enforcement endpoint (network outage, maintenance), it fails open — prompts go through and are logged locally for later upload. This is a deliberate design decision: employee work is never blocked by an infrastructure failure outside your control.
The IT Dashboard
The IT Violation Centre gives your security team a real-time view of every blocked and warned prompt across your organisation. See who triggered what, take action, and build your audit trail.
The dashboard is available at https://aiegis.ie/it/violations?key=YOUR_ADMIN_KEY. Your admin key is provided during onboarding — treat it as a privileged credential.
For a complete guide to every feature in the dashboard, see the Dashboard Manual →
Quick actions
| Action | What it does |
|---|---|
| Notify | Logs that the employee was notified. Does not send a message automatically. |
| Note | Adds an investigator note to the violation record. Visible in audit exports. |
| Escalate | Logs escalation to incident response. Adds the record to your escalation queue. |
| Training | Logs a training recommendation for the employee. |
| Done | Marks the violation as reviewed. Moves it out of the pending queue. |
Privacy & Data
AIEGIS is designed to give organisations visibility while respecting employee privacy. Here is exactly what is captured, what is redacted, and where data goes.
What is captured
| Data | Captured? | Notes |
|---|---|---|
| Prompt text | Yes | After PII redaction — emails, phones, ID numbers replaced with [REDACTED] |
| AI response | Yes | Logged after render, same redaction applied |
| Employee identity | Agent ID only | You define the ID — we don't receive employee names |
| AI model used | Yes | e.g. gpt-4o, claude-3-5-sonnet |
| Timestamp | Yes | UTC, millisecond precision |
| Passwords / tokens | Never | Redacted before logging, not stored |
| Non-AI browsing | Never | Extension scoped to AI domains only |
| TLS keys | Never | No TLS interception — sensor reads at application layer |
Where data goes
In self-hosted deployments, all data goes directly from the endpoint to your infrastructure. AIEGIS Ltd never receives it. In cloud deployments, data is sent over TLS to your AIEGIS-managed instance — processed, then stored in the region of your choice. Default retention is 90 days, configurable.
/compliance/worker-notice-template — adapt it to your organisation's legal requirements before deployment.Troubleshooting
Extension not intercepting prompts
chrome://extensions and confirm AIEGIS Endpoint AI Visibility is enabled and not paused.curl -sI https://aiegis.ie/api/health. If you get a non-200 response, the enforcement endpoint is unreachable — check your network or firewall rules.Mac agent not running
aegis-agent --status in Terminal. If it returns an error, the agent is not running.aegis-agent --restart. If the issue persists, reinstall the package and re-grant permissions.Violations not appearing in dashboard
The dashboard auto-refreshes every 30 seconds. If violations are not appearing after 60 seconds, check: (1) your admin key in the URL is correct, (2) the agent ID in the extension matches what your dashboard is filtered to, (3) the endpoint and API key in the extension are correctly set.
Technical Reference
API endpoints used by the extension
| Endpoint | Purpose | Auth |
|---|---|---|
POST /api/protect | Inline enforcement check on every prompt | X-API-Key |
GET /api/health | Liveness check on extension startup | None |
Extension storage keys
| Key | Value | Default |
|---|---|---|
aegis_api_key | Your organisation's API key | Empty (enforcement disabled) |
aegis_endpoint | AIEGIS endpoint URL | https://aiegis.ie |
aegis_agent_id | Your deployment agent ID | browser-ext-agent |
aegis_enforce | Block mode (true) or warn mode (false) | true |
Performance specifications
| Metric | Value |
|---|---|
| Enforcement latency p95 | <200ms (boundary) |
| CPU overhead (Mac agent, idle) | <2% |
| Memory footprint (Mac agent) | <50MB |
| Network overhead per prompt | <100kbps average |
| Security layers checked per request | 15 |