Medusa Documentation

Complete guide to deploying, configuring, and operating the Medusa in-browser AI-DLP extension and its dashboard control plane.

How It Works

Medusa is an endpoint DLP (Data Loss Prevention) browser extension for AI sites. It runs a small classification model directly in the browser and scans what people type or paste into AI providers (ChatGPT, Claude, Gemini, Copilot, Perplexity, Grok) in real-time, before anything is sent.

Medusa

You type or paste

(ChatGPT, Claude, Gemini)

Medusa Extension

(scans in-browser)

Warn / block per policy

(optional approval)

Medusa Platform

PoliciesTelemetryAlerts & Reports

The extension runs a lightweight ONNX token-classification model (Medusa Model) directly in the browser. It scans the text you type or paste into AI sites for sensitive data across 7 categories — all inference is local, so nothing leaves the device for scanning.

Getting Started

Roll out the Medusa extension to any Chromium- or Firefox-based browser in under a minute.

📘 Full Deployment Guide →

Granular, step-by-step instructions for org-wide MDM rollout (Google Admin / Intune / Jamf / Edge) and self-hosting on your own infrastructure.

1. Generate an Org Key

Go to Settings in the dashboard and create a new org enrollment key.

2. Install the Extension

Install Medusa from your browser's web store (or load the packaged extension for managed deployments). Once installed, Medusa adds a small icon to the toolbar and is ready to enroll.

3. Enroll the Browser

Enroll the browser one of two ways: click Enroll on the Deploy page in the dashboard, or open the extension's options and paste your org key:

Org key: org_YOUR_KEY_HERE

As soon as the browser is enrolled, the extension fetches your org policy and starts scanning AI sites in-browser. Check the Browsers page to confirm it appears online.

Extension Settings

Most settings are pushed from your org policy, but a few local options are stored in the extension's own settings and surfaced in its options page.

Key Fields

FieldDescriptionDefault
org_keyEnrollment key for the dashboard(required)
supabase_urlDashboard backend URL(set during enrollment)
telemetry_interval_secondsFinding upload frequency60
policy_sync_interval_secondsPolicy fetch frequency300
dlp_confidence_thresholdMin confidence for DLP detections0.5
dlp_model_enabledEnable in-browser DLP scanningtrue
auto_update_enabledAuto-update the extensiontrue

Supported AI Sites

The extension activates automatically on the major AI provider sites:

  • ChatGPT — chatgpt.com
  • Claude — claude.ai
  • Gemini — gemini.google.com
  • Copilot, Perplexity, and Grok

On each supported site, the extension watches the prompt input and scans text in-browser before a submission is sent — no changes to the site and no proxying required.

DLP Detection

The DLP engine uses a fine-tuned ONNX token-classification model (Medusa Model) that runs entirely in the browser. No data is sent to external APIs for scanning.

Detection Categories

Secrets

API keys, tokens, passwords, connection strings

PII

Names, emails, phone numbers, SSNs, addresses

Financial

Credit cards, bank accounts, transactions

Health / PHI

Medical records, diagnoses, prescriptions

Injection

Prompt injection, jailbreak attempts

Source Code

Code snippets, function definitions

Insurance

Policy details, claims, underwriting

How Scanning Works

As you type or paste into an AI site, the extension captures the pending submission and runs it through the DLP scanner in-browser. The Medusa Model classifies each token with BIO labels (B-SECRET, I-SECRET, B-PII, I-PII, etc.) and merges contiguous tokens into detected spans with confidence scores — all before the text is sent.

Custom regex patterns can be added via the Policy Manager for organization-specific formats (internal IDs, proprietary tokens).

Policy Engine

Policies are configured in the dashboard and synced to enrolled browsers every 5 minutes. They control, per category, whether a flagged submission is warned, blocked, blocked-with-justification, or hard-blocked.

Policy Scopes

  • Global — applies to all enrolled browsers
  • Endpoint — applies to a specific enrolled browser
  • Group — applies to browsers with a specific tag

Policy Controls

ControlDescription
Site BlocklistBlock submissions on specific AI sites
Site AllowlistOnly scan listed AI sites (allowlist mode)
Category ActionsSet warn / block / justify / hard-block per category
Pattern RulesFlag custom formats with regex patterns
DLP TogglesEnable/disable detection per category
Warn vs BlockShow a warning or stop the submission
Justification ModeRequire a logged reason to proceed
ApprovalsLet admins approve blocked submissions
Injection ProtectionDetect and block prompt-injection attempts

Policy Actions

WARN

Warn, then proceed

BLOCK

Stop the submission

JUSTIFY

Block unless justified

HARD-BLOCK

Stop, no override

Dashboard

API Reference

The extension communicates with the dashboard via Supabase Edge Functions. All endpoints require a Bearer token (org key).

POST/functions/v1/gateway-events

Upload findings from the extension. Returns update directives (target_version, auto_update_enabled).

GET/functions/v1/gateway-policy

Fetch the resolved policy for this browser. Supports ETag caching (If-None-Match → 304). Returns HMAC-signed policy.

POST/functions/v1/extension-register

Enroll a new browser as an endpoint. Resolves the org from the org key and mints a per-endpoint key.

POST/functions/v1/dlp-approval-request

Request admin approval for a hard-blocked submission. Only sha256(content) is sent — never the text.

GET/functions/v1/dlp-approval-status

Poll the approval status for a content hash. Returns pending / approved (with expiry) / denied.

Authentication

Authorization: Bearer org_YOUR_ORG_KEY

Org keys are generated in the Settings page. Keys are hashed with SHA-256 — the full key is only shown once at creation time.

Security

Medusa is built security-first. The extension runs with minimal permissions and all sensitive data is protected.

Local-Only Inference

All scanning runs in-browser. Scanned text never leaves the device, and org keys are never stored in plaintext logs.

Model Integrity

The Medusa Model is verified via SHA-256 checksum against the manifest on every load. Tampered models are rejected.

Inference Safety

A 10-second timeout on model inference prevents adversarial inputs from hanging the extension. Submissions over 10MB are skipped.

Policy Signing

Policies are signed with Ed25519 by the edge function; the extension verifies the signature with an embedded public key before applying, and rejects a tampered policy (keeping the last-known-good). The private key never ships in client code.

Minimal Permissions

The extension only requests host access for supported AI sites and stores settings in the browser's own extension storage.

ReDoS Protection

Custom regex patterns are tested with a 1-second timeout before activation. Vulnerable patterns are rejected.

Endpoint Identity Validation

The gateway-events edge function verifies that the agent_id belongs to the authenticated customer before accepting findings.