Proof, not promises
Security claims are cheap. Mira's are enforced in the browser core and checked by automated test gates that run on every change — so denied actions actually fail closed, and release artifacts are scanned for leaked prompts, page content or secrets. The point is that a security reviewer can verify behavior, not just read a PDF.
The trust boundaries
Five rules the core never breaks:
- Remote pages are untrusted. A web page never receives raw browser APIs, local storage keys, policy signing keys, or provider secrets.
- Typed IPC only. The page talks to the core solely through typed, sender-validated calls — no raw object access.
- AI calls are gated. A model call happens only after policy, context-scope, budget, DLP and prompt-injection checks all pass.
- Agents re-check at the boundary. Automation re-validates policy immediately before each action.
- Config must be verified. A policy bundle must be signature-verified before it becomes trusted runtime policy.
Data protection at the source
Sensitive data is handled before it can leave the device. PII, PHI, credentials, payment-card data, source code and hidden page text are detected and redacted ahead of any provider call. A no-send gate can block model execution entirely for high-sensitivity workflows, and an AI visible-context inspector lets users and admins see exactly what the model is allowed to receive before sensitive use. Prompt-injection indicators in untrusted page content are detected and blocked so a hostile page can't hijack an AI or agent action.
Storage and keys
Anything stored locally is encrypted with AES-GCM, scoped to tenant, profile and workspace, given a time-to-live, and made to reject credential-like content. Encryption keys are wrapped by the operating system's secure storage. The default posture assumes sensitive work — you opt into more sharing, never the other way around.
Audit, kill switch and trusted time
Audit is metadata-first by default: decision, actor, route, capability, domain and timestamp — streamable to your SIEM or OpenTelemetry pipeline. Raw prompts, cookies, tokens and page content are not stored by default, and prompt logging is off in the bundled enterprise route.
Admins run everything from a central, signed configuration and can cut access instantly: one change drops a user, role, device or tenant — live sessions end, the workspace locks, cached data is wiped, and further access fails closed. Admin-configured NTP keeps TTLs, tokens and audit timestamps from being spoofed.
Compliance mapping
Mira ships one-click presets aligned to SOC 2, HIPAA, GDPR and DPDP, with exportable, metadata-first evidence and ISO 27001-aligned controls. It complements — rather than replaces — your endpoint security, identity provider, CASB, DLP and SIEM. For reviewers, we provide the threat model, control matrix and an enterprise evidence pack up front.
What to ask for in a review
If you're evaluating Mira, request the evidence pack and bring these questions: which apps and domains are allowed for the pilot role; which actions require approval; which data classes must be blocked or masked before AI context leaves the browser; which audit fields you need; and which identity and device-trust signals must be integrated. We'd rather have that conversation first than last.
Want this applied to your stack? Book a 30-minute walkthrough and we'll show Mira on your real SaaS apps — or see pricing.