01
Legal pack
Pre-filled CSE notice and DPIA provided by SYLink. Prior staff information (French Labour Code).
Step 01
Product catalog
Family Threat Intel
SYLink Browser
Your employees use AI. The SOC knows before the leak.
Enterprise browser extension for Firefox, Chrome and Edge. SYLink Browser detects, locally, leaks of credentials, secrets and sensitive data toward public generative-AI services, phishing, typosquatting and risky usage — without ever reading your content in clear. Only a SHA-256 hash and a binary "secret detected" flag reach the SOC. GDPR-compatible by design, DPIA and works-council notice delivered ready to sign.
The product, in plain words
What it does SYLink Browser
Enterprise browser extension for Firefox, Chrome and Edge. SYLink Browser detects, locally, leaks of credentials, secrets and sensitive data toward public generative-AI services, phishing, typosquatting and risky usage — without ever reading your content in clear. Only a SHA-256 hash and a binary "secret detected" flag reach the SOC. GDPR-compatible by design, DPIA and works-council notice delivered ready to sign.
Key takeaway
SYLink Browser — Your employees use AI. The SOC knows before the leak..
The technical playbook
How to use it
Watch the browser from inside — without reading content
Le navigateur est devenu l'angle mort majeur des SI : 78 % des employés en bureau utilisent au moins un assistant IA en ligne. 41 % y collent du code, 28 % des données client, 17 % des informations financières internes. Ces fuites transitent en HTTPS chiffré dans le navigateur, après le pare-feu — invisibles pour le MDM, l'EDR et la sonde réseau. Les solutions par proxy SSL ajoutent latence et complexité, et finissent par traiter vos contenus chez l'éditeur.
SYLink Browser observe le navigateur depuis l'intérieur, au moment précis où l'utilisateur fait CTRL+V dans un prompt — avant l'envoi. Le scan local cherche des secrets (cartes bancaires Luhn, IBAN mod97, clés cloud, JWT, jetons de session, clés privées PEM) et des e-mails d'entreprise dans le contenu pasté. Si un secret est détecté, deux options selon la policy : bannière d'avertissement (mode warn) ou modale de confirmation "Annuler / Envoyer quand même" (mode block). Côté SOC, seul un hash SHA-256 et un drapeau binaire remontent.
Le simple fait d'afficher la modale modifie durablement le comportement : nos déploiements montrent une réduction de plus de 65 % des alertes Shadow AI critiques entre le mois 1 et le mois 2.
Key capabilities
- Manifest V3 — MV3 extension compliant with the latest store requirements
- 100% local detection in the browser — no SSL-proxy dependency
- No full URLs nor clear-text content reach the SOC — only hashes and registrable domains
- Browser-level anti-phishing (declarative): faster than an enterprise DNS filter
- Per-tenant control: monitor / warn / block modes configurable per module
- Compatible with fleet deployment via Active Directory (GPO), Intune, Workspace, MDM
Where the product fits in your topology
Network placement
Extension navigateur déployée par GPO / Intune ou stores officiels sur les postes Firefox / Chrome / Edge. Détection locale des fuites Shadow AI, du phishing et du typosquatting — événements en hash-only remontés vers UniSOC. Aucun proxy SSL, aucune URL en clair.
Deployment pipeline
Deployment diagram
Typical 200-endpoint rollout in under 30 minutes: sign the works-council notice and pre-filled DPIA, distribute via GPO / Intune or official stores, activate the tenant license. Initial observation wave in monitor mode, then cut over to warn / block after one to two weeks.
- 02
Tenant provisioning
Create the UniSOC tenant, generate the license key, configure 80 protected tier-1 domains and active modules.
Step 02 - 03
Deployment
Active Directory GPO, Intune, Workspace, MDM, or install from official stores with enterprise policy.
Step 03 - 04
Observation phase
1 to 2 weeks in monitor mode: map real Shadow AI, recurring typosquatting and risky extensions on the fleet.
Step 04 - 05
Switch to warn / block
Progressive activation of warn then block modes, module by module, based on user maturity and tenant policies.
Step 05
- 01
Legal pack
Pre-filled CSE notice and DPIA provided by SYLink. Prior staff information (French Labour Code).
Step 01 - 02
Tenant provisioning
Create the UniSOC tenant, generate the license key, configure 80 protected tier-1 domains and active modules.
Step 02 - 03
Deployment
Active Directory GPO, Intune, Workspace, MDM, or install from official stores with enterprise policy.
Step 03 - 04
Observation phase
1 to 2 weeks in monitor mode: map real Shadow AI, recurring typosquatting and risky extensions on the fleet.
Step 04 - 05
Switch to warn / block
Progressive activation of warn then block modes, module by module, based on user maturity and tenant policies.
Step 05
↓ Integration pipeline — step by step, from scoping to production ↓
Prerequisites
- Active SYLink UniSOC tenant
- Fleet-deployment capability (GPO, Intune, Workspace, MDM or enterprise store)
- Signed CSE / DPIA notices (templates provided by SYLink)
- List of tier-1 domains to protect (corporate sites, banks, vendors)
What you concretely gain
Benefits
- 01
Shadow AI under control, without blocking innovation
Detects the copy-paste and upload of source code, customer data, IBANs, card numbers, private keys and tokens to public AI assistants — at paste time, before send. The user keeps the choice: continue informed, or cancel.
- 02
Hash-only by design — auditable
Clear-text content never leaves the browser. SHA-256 local + "secret detected" flag only. Demonstrable through a code-source audit of the extension. No individual profiling, no employee behavior scoring.
- 03
Native anti-phishing & anti-typosquatting
Declarative blocking at the browser level on a local UniSOC IOC cache (~1M+ entries). Typosquatting detection by Levenshtein distance, homoglyphs (rn→m, 0→o) and IDN punycode against your 80 protected tier-1 domains.
- 04
Real-time central control via UniSOC
Multi-tenant console, monitor / warn / block modes per module, real-time policy push via WebSocket — an admin change propagates without waiting for sync. Fleet deployment via GPO, Intune, Workspace or official stores.
The full datasheet
Specifications
Format & deployment
| Compatibilité | Firefox · Chrome · Edge · Brave (Manifest V3) |
| Footprint | ≈ 75 Ko · zéro impact perceptible sur la navigation |
| Distribution | Stores officiels signés · Omaha self-hosted pour GPO / Intune |
| Go-live | Déploiement parc 200 postes < 30 min via GPO / Intune |
| Licence | Inerte sans clé valide · effacement automatique si licence révoquée |
Detection modules (10 modules)
| Shadow AI detector | Paste / frappe / upload vers les services d'IA générative publics · scan local Luhn (CB), mod97 (IBAN), regex clés cloud / JWT / PEM, e-mails d'entreprise |
| Anti-phishing DNR | Blocage déclaratif au niveau navigateur sur IOC UniSOC · modes warn (bannière) ou block (page de confinement) |
| Anti-typosquatting | Levenshtein ≤ 2 · table d'homoglyphes · IDN punycode xn-- contre 80 domaines tier-1 protégés |
| Risky services | VPN publics, prise en main à distance, Tor, pools de minage, e-mails jetables, raccourcisseurs d'URL |
| Credential snooper | Champs password cachés, autofill sur champ invisible, formulaire HTTP non-HTTPS, OAuth abusif, lecture clipboard |
| Credential reuse | Hash local des MDP corporate · alerte si même hash soumis sur domaine non corporate |
| Extension blocker | Désactivation auto des extensions blocklistées ou aux permissions risquées (debugger, proxy, nativeMessaging) |
| Adblock entreprise | ≈ 150 domaines tier-1 ads / trackers neutralisés au niveau navigateur |
| Inventory | Extensions installées, cookies, destinations registrables, Shadow SaaS (par domaine, jamais par URL complète) |
| Device fingerprint | UUID device persistant + heartbeat machine (UA, plateforme, écran) — sans identification nominative |
Privacy by design
| Aucun contenu en clair | Hash SHA-256 local + drapeau secret_detected uniquement |
| Granularité réseau | Domaine registrable seulement (pas d'URL ni de chemin) |
| Mots de passe | Hashés localement avant comparaison · jamais transmis |
| Rétention SOC | TTL 90 jours côté UniSOC · purge automatique |
| Sans licence | Extension totalement inerte (zéro télémétrie, zéro blocage) |
| Pas de profiling salarié | Conforme RGPD art. 22 · pas de scoring comportemental individuel |
Management & alerting
| Console centrale | Portail UniSOC SYLink (FR) · multi-tenant |
| Policy push | WebSocket temps réel · changement admin → propagation immédiate sans attente sync |
| Modes par module | monitor / warn / block · configurable par tenant |
| Event output | API REST signée JWT · enrichissement CTI et risk score 0–100 |
| Latency | Paste → log SOC ≈ 3–5 s · paste → alerte qualifiée ≈ 2–5 min |
| Mapping ATT&CK | T1052 (exfiltration via support amovible) · T1566 (phishing) · T1539 (vol de session) |
Built for
Target customers
Law firm 80 staff — Shadow AI leak
Deployed after a documented leak at a peer firm (excerpts of pleadings pasted into a public AI assistant). Month 1: 12 Shadow AI alerts including 3 with secrets (case numbers, IBANs). Month 6: under 1 alert / month. Behavior durably changed by the "Cancel / Send anyway" modal.
Mid-market finance dept 350 people — suspicious OAuth grant
Detection of an abusive OAuth consent: an employee allowed a third-party plugin to read their work drive (accounting data). Without Browser, the data would have stayed accessible to the plugin's vendor for months. With Browser, alert the same day, revocation, training.
Local government — honeytoken + Browser
A fake "partner IBAN" placed on an SMB share. An employee copied its content into an AI assistant to "check the format". Browser surfaced the hash → match with the honeytoken → identified the at-risk behavior. Action: training, not punishment.
Government IT department — anti-phishing on a heterogeneous fleet
Office fleet without unified MDM, admin staff used to clicking. Block mode on the UniSOC IOC cache: phishing campaign attempts neutralized at the browser level, no dependency on the carrier's DNS filter.
HR / payroll firm — critical GDPR
Salary data, medical records, social benefits. Block mode on paste of structured data (IBAN, French SSN detected by regex) toward public AI assistants. No personal data leaves the browser — by construction.
R&D / industry — proprietary code and patents
Risk: a "summarize this code" sends a not-yet-filed patent to a public AI service. Browser intercepts pastes of large code blocks toward AI domains, alerts the SOC + shows the user modal.
Test SYLink Browser on your infrastructure
30-minute guided demo, PoC on a pilot perimeter, support by our French teams based in Clermont-Ferrand, Marseille and Rennes.