Self-Hosted · Open Deployment

Stop AI data leaks
before they leave
your perimeter.

BitDrip intercepts everything your team sends to ChatGPT, Claude, Gemini and other LLMs — blocking PII, credentials, PHI and proprietary data in real time. Runs entirely in your infrastructure. Self-hosted. Zero-trust by design.

⇓ Download v2.2.17 View Docs →
SHA-256: ec8d602ff959959feca5af9b600edb8c7d7a9b6e2d88608895f37d51898c9c96  · 3 MB
Designed to support compliance with GDPR HIPAA PCI DSS SOC 2 ISO 27001 CCPA
YOUR DATA STAYS YOURS.
< 5 min
Average deploy time
6
Compliance frameworks
15+
Detection categories
< 10ms
Avg policy check time
How It Works

Every AI request. Evaluated before it leaves.

BitDrip runs entirely in your network. A lightweight proxy daemon intercepts HTTPS traffic, the policy engine evaluates it against your rules, and clean requests continue to the AI service. Violations never leave your perimeter.

YOUR NETWORK PERIMETER WORKSTATIONS user device user device HTTPS BITDRIP Proxy Daemon Port 8080 · TLS 1.3 · CA lifecycle Policy Engine 29 rules · 6 frameworks ✕ BLOCKED + LOGGED PII · PHI · Credentials detected ✓ allowed ↓ audit log · dashboard · SIEM export AI SERVICES ChatGPT api.openai.com · chat.openai.com Claude api.anthropic.com · claude.ai Gemini, Copilot + 12 more All major AI providers monitored Perplexity · Mistral · Cohere · Grok · and more
Violation Detected — Blocked
The request is rejected immediately. An audit event is created with the rule name, category, user identity, and a SHA-256 hash of the matched content. The actual content is never stored.
Clean Request — Forwarded
The request continues to the AI service normally. Usage is logged at metadata level only — provider, timestamp, user identity — with zero content retention.
Responses Scanned Too
AI responses pass back through the proxy. BitDrip checks for hallucinated PII, data exfiltration artifacts in responses, and jailbreak success signals on the return path.
Why BitDrip

Built for enterprise security teams

Nine capabilities that make BitDrip the right choice for organisations that take data privacy seriously.

🛡
Real-time Protection

Every request your team sends to ChatGPT, Claude, Gemini and other AI services is checked before it leaves the device. Sensitive data — names, medical records, card numbers, passwords, and proprietary content — is detected and blocked in real time. Works automatically for both browsers and command-line tools, with no manual setup required.

👁
AI Response Scanning

Scans what comes back from AI services, not just what goes in. Detects hallucinated PII, jailbreak success signals, and data exfiltration artifacts in AI responses — a protection layer no other browser-level tool offers.

🔒
Zero Cloud Dependency

Runs entirely in your own infrastructure using a single configuration file. Your AI prompts and responses never leave your environment — they go directly from your device to the AI provider, checked locally at every step. No AI content ever touches our servers.

📋
Compliance & Audit

Built-in profiles for GDPR, HIPAA, PCI DSS, SOC 2, ISO 27001 and CCPA. Every audit record is protected by a tamper-evident digital signature — if any log entry is modified after the fact, the signature breaks and the tampering is immediately detectable.

🔌
SIEM Integration

Export audit events to Splunk (HEC/CEF), Elastic/OpenSearch, and Azure Sentinel in real time. Configurable per organisation — violations land in your existing security toolchain automatically.

🤖
Agentic AI & MCP Monitoring

Monitors and controls the actions that AI agents take on your systems — such as reading files, running commands, or accessing sensitive data. Block unauthorized actions from automated AI workflows before any damage is done.

📈
Throughput & Usage Analytics

Track AI usage volume by organisation and time period. Per-GB scanning metrics and time-series charts give security teams visibility into AI exposure across the entire organisation.

🖥️
Fleet Visibility

Enroll workstations with a one-time token. The admin dashboard shows every enrolled device — hostname, OS, proxy version, and live online/offline status based on heartbeat. Revoke a device in one click if it's lost or decommissioned.

🖥
System Tray App

A native app for macOS, Windows and Linux lives in your system tray and manages the BitDrip proxy daemon without any terminal required. Supports system proxy mode for centrally managed devices and PAC-based routing for BYOD and unmanaged devices. Shows live connection counts and blocked-request totals in the tooltip, with a built-in preferences window for proxy mode, policy engine URL, and CA certificate status.

Security-first architecture

Built against industry standards. Every control is implemented in code and documented.

A01
Broken Access Control
JWT RBAC with role-based permissions. Org-scoped data isolation on every query.
A02
Cryptographic Failures
AES-256 at rest, TLS 1.3 in transit, ed25519 license signing.
A03
Injection
Parameterized queries throughout. Schema-validated inputs. XSS sanitization on all user-controlled output.
A04
Insecure Design
Privacy-by-design. AI content never stored — SHA-256 hashes only.
A05
Security Misconfiguration
Helmet.js (HSTS, CSP, X-Frame-Options). CORS allowlisting. No default credentials.
A06
Vulnerable Components
Automated dependency scanning. Dependabot-enabled weekly updates. Reproducible builds with npm ci.
A07
Auth Failures
Magic-link auth — no passwords, no credential stuffing. Short-lived signed JWTs. OIDC/SSO for enterprise deployments.
A08
Integrity Failures
SHA-256 installer checksums. ed25519-signed license JWTs. Pinned lock files.
A09
Logging Failures
Structured JSON audit logging. Sensitive fields sanitized at source. Tamper-evident event trail.
A10
SSRF
No external URL fetching from user content. Outbound connections allowlisted.

Zero Trust Data Flow

AI content is never stored. SHA-256 hashing means violations are auditable without retaining sensitive data.

Cryptographic Verification

Every installer bundle ships with a SHA-256 checksum for integrity verification. License JWTs use ed25519 — the same algorithm that secures SSH keys.

Self-Hosted by Design

Your AI content never leaves your infrastructure. Policy decisions run entirely in your environment — no prompts, responses, or usage patterns are ever transmitted to BitDrip.

Designed to support compliance with GDPR HIPAA PCI DSS SOC 2 ISO 27001 CCPA

Controls are implemented in code and documented. Read the documentation →

Compliance Coverage

Designed to support your compliance requirements

BitDrip detects and blocks content that violates each framework's requirements — before it leaves your network.

🇪🇺
GDPR
PII & special-category data — names, emails, addresses, national IDs
🏥
HIPAA
PHI & patient data — medical records, conditions, insurance IDs
💳
PCI DSS
Card numbers (Luhn-validated), CVV codes, PINs
🔐
SOC 2
API keys, passwords, secrets & credentials
📋
ISO 27001
Credentials, proprietary data & internal document markers
⚖️
CCPA
California resident PII & consumer personal data

Designed to support compliance — not a substitute for legal review.

Getting Started

From zero to protected in minutes

Register once, deploy anywhere. No SaaS. Your AI data stays in your infrastructure, always.

1
Register
Create your account and choose a plan. Receive your signed license file by email.
2
Download
Download the installer bundle. Verify the SHA-256 checksum. Extract and review.
3
Deploy
Run ./install.sh — it configures everything automatically. Then start protection with bitdrip proxy start or via the system tray app. Live in under 5 minutes.
4
Protect
Configure policies in the dashboard. Enroll additional workstations from Settings → Workstations. BitDrip handles browser and terminal tool traffic automatically.

Full installation guide, configuration reference, and troubleshooting are in the documentation.

Read the Docs →
See It In Action

Visibility into every AI interaction

The BitDrip dashboard gives security teams a real-time view of blocked violations, compliance posture, and enrolled workstations — without ever storing sensitive content.

BitDrip Dashboard · Recent Violations
23 blocked today
2,841 allowed today
12 workstations
PII
Full Name detected → ChatGPT
"Please analyze patient John ████████'s lab results..."
hr@company.com · 2 minutes ago · BLOCKED
PHI
Medical Record ID detected → GPT-4
"Patient MRN ████████ was diagnosed with..."
clinic@company.com · 8 minutes ago · BLOCKED
CRED
API Secret Key detected → Claude
"sk-████████████████ is our prod key for..."
dev@company.com · 14 minutes ago · BLOCKED
PII
Email Address detected → Gemini
"Contact ████████@client.com to close the deal..."
sales@company.com · 31 minutes ago · BLOCKED
BitDrip Dashboard · Compliance Overview
94%
GDPR
87%
HIPAA
100%
PCI DSS
96%
SOC 2
91%
ISO 27001
98%
CCPA
LAPTOP-MBP-01 macOS · v2.2.17
DEV-UBUNTU-03 Linux · v2.2.17
WIN-HR-WORKST-04 Windows · v2.2.17
FINANCE-WIN-02 offline
Pricing

Simple, transparent pricing

Start free. No credit card required for the Community tier.

Community
Free
forever
  • Up to 10 users
  • All detection rules
  • HTTPS proxy daemon + system tray app
  • Audit logging (90 days)
  • Community support
Download Free ↓
Starter
$250
/mo · billed $3,000/yr — or $299/mo monthly
  • Up to 50 users
  • 1 deployment
  • All detection rules
  • HTTPS proxy daemon + system tray app
  • Compliance reports (PDF/CSV)
  • Throughput analytics
  • Webhook notifications
  • Email support
Get Started →
Most Popular
Professional
$1,000
/mo · billed $12,000/yr — or $1,199/mo monthly
  • Up to 500 users
  • 3 deployments
  • All detection rules
  • Compliance reports (PDF/CSV)
  • SIEM integration (Splunk / Elastic / Sentinel)
  • CA lifecycle management & audit log
  • MCP / Agentic AI monitoring
  • EU data residency option
  • SSO / OIDC (Azure AD, Okta, Google Workspace)
  • Priority support
Get Started →
Enterprise
Custom
pricing
  • 500+ users
  • Unlimited deployments
  • Kubernetes / Helm deployment
  • Air-gap & HA support
  • CA lifecycle management & audit log
  • Custom SLA & onboarding
  • Dedicated CSM
  • MDM / GPO cert deployment
  • Volume licensing
Contact Sales →
Ready to stop the leaks?
Register free, download the installer and have BitDrip running in your environment today. Community tier covers up to 10 users with full policy enforcement and audit logging.
Linux x86_64 Linux arm64 macOS Windows (WSL2) Docker Podman
Version: v2.2.17 ·  Released: 2026-06-07 ·  SHA-256: ec8d602ff959959feca5af9b600edb8c7d7a9b6e2d88608895f37d51898c9c96
⇓ Download v2.2.17 Register Free →
More from Anchor Cyber Security
TL;CR
CPE credit tracking for cybersecurity professionals
tlcr.app ↗