界 Kai watches the live page for credential-harvesting UI — overlay phishing, cross-origin login forms, browser-in-the-browser spoofs and seed-phrase prompts — and tells you exactly why, before you type.
No single signal decides — 界 Kai weighs many, relative to the page's own origin and your trust store, so the combination is what raises a flag.
Fake "OS browser window" drawn in HTML to spoof an OAuth popup. 界 Kai spots the painted chrome.
A login form that posts your password to a foreign origin — judged relative to the page you're actually on.
An injected modal or overlay collecting credentials on top of a legit-looking page.
A uniform recovery-phrase input grid, or recovery-phrase wording — a hallmark of wallet-draining sites.
A known brand's name or mark on a non-matching, lookalike or freshly-registered domain.
On a block verdict, 界 Kai arms the form and stops the submit, so credentials never leave — not even on a misclick.
Every stage runs locally and contributes reasons. The on-device AI only adjudicates borderline cases — it can never force trust.
Is there a password field or seed-phrase wording? If not, stop. This is the main false-positive control.
Weighted rule catalog scores the page and emits a stable id + human reason for each signal.
A signed, per-domain modifier from your own trust store and optional local feeds.
Borderline only: Gemini Nano on-device gives a bounded, advisory verdict. Never commits trust.
Map the final score to inform / warn / block, attach actions, and explain every reason.
A calm paper notice, two severities. It informs or warns; on a block, it intercepts the submission.
界 Kai inspects the page in your browser. No domain, no page content, and no credential ever leaves it.
All scoring and decisions run locally and work offline. Nothing is uploaded by default.
界 Kai reads structure, not your data. It never transmits what you type or what a page contains.
The optional Gemini Nano adjudicator runs in your browser, only on borderline cases, and only advises.
Your allowlist and per-site decisions outrank built-in lists, feeds, heuristics and the AI.
No. Nothing is scored unless a password field or seed-phrase wording is present, and reasoning is relative to the page's own origin. Trusted providers are allowlisted out of the box, and your own allowlist always wins — so legitimate logins stay quiet.
Phishing that lives in the page: overlay login modals, fake "browser windows" (browser-in-the-browser), forms that post your password to another origin, brand impersonation, and seed-phrase prompts that drain crypto wallets.
No. Detection is 100% on-device and works offline. No domain or page content is sent to any server by default; the optional AI adjudicator also runs locally via Chrome's built-in model.
Chromium-based browsers like Chrome, Edge and Brave. The on-device AI step uses Chrome's built-in Prompt API (Gemini Nano) where available, and is skipped gracefully when it isn't.
界 Kai stands guard at the login. Install once — it watches every page and explains every call.
Add to Chrome — free* Pending store review; you can load it via developer mode in the meantime. See the project docs.