Self-Hosted · Open Deployment

Stop AI data leaks
before they leave
your perimeter.

BitDrip intercepts everything your team sends to ChatGPT, Claude, Gemini and other LLMs — blocking PII, credentials, PHI and proprietary data in real time. Runs entirely in your infrastructure. Self-hosted. Zero-trust by design.

⇓ Download v2.2.0 View Docs →
SHA-256: 41cc64470d4cf6866e9a65900099a550c36c7cfe47cbf8daa72ca74d714589a7  · 3 MB
Designed to support compliance with GDPR HIPAA PCI DSS SOC 2 ISO 27001 CCPA
YOUR DATA STAYS YOURS.
< 5 min
Average deploy time
6
Compliance frameworks
15+
Detection categories
< 10ms
Avg policy check time
Why BitDrip

Built for enterprise security teams

Nine capabilities that make BitDrip the right choice for organisations that take data privacy seriously.

🛡
Real-time Protection

Every request your team sends to ChatGPT, Claude, Gemini and other AI services is checked before it leaves the device. Sensitive data — names, medical records, card numbers, passwords, and proprietary content — is detected and blocked in real time. Works automatically for both browsers and command-line tools, with no manual setup required.

👁
AI Response Scanning

Scans what comes back from AI services, not just what goes in. Detects hallucinated PII, jailbreak success signals, and data exfiltration artifacts in AI responses — a protection layer no other browser-level tool offers.

🔒
Zero Cloud Dependency

Runs entirely in your own infrastructure using a single configuration file. Your AI prompts and responses never leave your environment — they go directly from your device to the AI provider, checked locally at every step. No AI content ever touches our servers.

📋
Compliance & Audit

Built-in profiles for GDPR, HIPAA, PCI DSS, SOC 2, ISO 27001 and CCPA. Every audit record is protected by a tamper-evident digital signature — if any log entry is modified after the fact, the signature breaks and the tampering is immediately detectable.

🔌
SIEM Integration

Export audit events to Splunk (HEC/CEF), Elastic/OpenSearch, and Azure Sentinel in real time. Configurable per organisation — violations land in your existing security toolchain automatically.

🤖
Agentic AI & MCP Monitoring

Monitors and controls the actions that AI agents take on your systems — such as reading files, running commands, or accessing sensitive data. Block unauthorized actions from automated AI workflows before any damage is done.

📈
Throughput & Usage Analytics

Track AI usage volume by organisation and time period. Per-GB scanning metrics and time-series charts give security teams visibility into AI exposure across the entire organisation.

🖥️
Fleet Visibility

Enroll workstations with a one-time token. The admin dashboard shows every enrolled device — hostname, OS, proxy version, and live online/offline status based on heartbeat. Revoke a device in one click if it's lost or decommissioned.

🖥
System Tray App

A native app for macOS, Windows and Linux lives in your system tray and gives your team a one-click way to start, stop and monitor BitDrip's protection — no terminal required. Shows live connection counts, protection status, and links directly to the admin dashboard.

Security-first architecture

Built against industry standards. Every control is implemented in code and documented.

A01
Broken Access Control
JWT RBAC with role-based permissions. Org-scoped data isolation on every query.
A02
Cryptographic Failures
AES-256 at rest, TLS 1.3 in transit, ed25519 license signing.
A03
Injection
Parameterized queries throughout. Schema-validated inputs. XSS sanitization on all user-controlled output.
A04
Insecure Design
Privacy-by-design. AI content never stored — SHA-256 hashes only.
A05
Security Misconfiguration
Helmet.js (HSTS, CSP, X-Frame-Options). CORS allowlisting. No default credentials.
A06
Vulnerable Components
Automated dependency scanning. Dependabot-enabled weekly updates. Reproducible builds with npm ci.
A07
Auth Failures
Magic-link auth — no passwords, no credential stuffing. Short-lived signed JWTs. OIDC/SSO for enterprise deployments.
A08
Integrity Failures
SHA-256 installer checksums. ed25519-signed license JWTs. Pinned lock files.
A09
Logging Failures
Structured JSON audit logging. Sensitive fields sanitized at source. Tamper-evident event trail.
A10
SSRF
No external URL fetching from user content. Outbound connections allowlisted.

Zero Trust Data Flow

AI content is never stored. SHA-256 hashing means violations are auditable without retaining sensitive data.

Cryptographic Verification

Every installer bundle ships with a SHA-256 checksum for integrity verification. License JWTs use ed25519 — the same algorithm that secures SSH keys.

Self-Hosted by Design

Your AI content never leaves your infrastructure. Policy decisions run entirely in your environment — no prompts, responses, or usage patterns are ever transmitted to BitDrip.

Designed to support compliance with GDPR HIPAA PCI DSS SOC 2 ISO 27001 CCPA

Controls are implemented in code and documented. Read the documentation →

Compliance Coverage

Designed to support your compliance requirements

BitDrip detects and blocks content that violates each framework's requirements — before it leaves your network.

🇪🇺
GDPR
PII & special-category data — names, emails, addresses, national IDs
🏥
HIPAA
PHI & patient data — medical records, conditions, insurance IDs
💳
PCI DSS
Card numbers (Luhn-validated), CVV codes, PINs
🔐
SOC 2
API keys, passwords, secrets & credentials
📋
ISO 27001
Credentials, proprietary data & internal document markers
⚖️
CCPA
California resident PII & consumer personal data

Designed to support compliance — not a substitute for legal review.

Getting Started

From zero to protected in minutes

Register once, deploy anywhere. No SaaS. Your AI data stays in your infrastructure, always.

1
Register
Create your account and choose a plan. Receive your signed license file by email.
2
Download
Download the installer bundle. Verify the SHA-256 checksum. Extract and review.
3
Deploy
Run ./install.sh — it configures everything automatically. Then start protection with bitdrip proxy start or via the system tray app. Live in under 5 minutes.
4
Protect
Configure policies in the dashboard. Enroll additional workstations from Settings → Workstations. BitDrip handles browser and terminal tool traffic automatically.

Full installation guide, configuration reference, and troubleshooting are in the documentation.

Read the Docs →
Pricing

Simple, transparent pricing

Start free. No credit card required for the Community tier.

Community
Free
forever
  • Up to 10 users
  • All detection rules
  • HTTPS proxy daemon + system tray app
  • Browser extension
  • Audit logging (90 days)
  • Community support
Download Free ↓
Starter
$125
/mo · billed $1,500/yr — or $149/mo monthly
  • Up to 50 users
  • 1 deployment
  • All detection rules
  • HTTPS proxy daemon + system tray app
  • Browser extension
  • Compliance reports (PDF/CSV)
  • Throughput analytics
  • Webhook notifications
  • Email support
Get Started →
Most Popular
Professional
$417
/mo · billed $5,000/yr — or $499/mo monthly
  • Up to 250 users
  • 3 deployments
  • All detection rules
  • Compliance reports (PDF/CSV)
  • SIEM integration (Splunk / Elastic / Sentinel)
  • MCP / Agentic AI monitoring
  • EU data residency option
  • Keycloak SSO / OIDC
  • Priority support
Get Started →
Enterprise
$1,250
/mo · billed $15,000/yr — or $1,499/mo monthly
  • Unlimited users
  • Unlimited deployments
  • Kubernetes / Helm deployment
  • Air-gap & HA support
  • Custom SLA & onboarding
  • Dedicated CSM
Contact Sales →
Ready to stop the leaks?
Register free, download the installer and have BitDrip running in your environment today. Community tier covers up to 10 users with full policy enforcement and audit logging.
Linux x86_64 Linux arm64 macOS Windows (WSL2) Docker Podman
Version: v2.2.0 ·  Released: 2026-06-02 ·  SHA-256: 41cc64470d4cf6866e9a65900099a550c36c7cfe47cbf8daa72ca74d714589a7
⇓ Download v2.2.0 Register Free →
More from Anchor Cyber Security
Anchor Insight
Security awareness training & phishing simulations delivered in Slack
insight.anchorcybersecurity.com ↗
Compliance Bootcamp
Post-audit compliance gap tracking across 19 frameworks
bootcamp.anchorcybersecurity.com ↗
TL;CR
CPE credit tracking for cybersecurity professionals
tlcr.app ↗