Every AI prompt that leaves your org
is a policy decision
CitrusGlaze enforces it automatically — across every developer, every agent, every tool. Priced for the teams who need it most.
Developer
For individuals building with AI
Scanner is MIT open source. Always.
- ✓ AI chat history scanner (349+ secret patterns)
- ✓ Local prompt firewall
- ✓ Real-time secret blocking
- ✓ Browser extension (60+ AI sites)
- ✓ Token cost tracking
- ✓ Dashboard + conversation search
- ✓ Prompt injection detection
Team & Enterprise
For security teams deploying AI at scale
Annual contracts. Volume pricing. Custom deployment.
- ✓ Everything in Developer
- ✓ Cedar policy engine (hot-reload)
- ✓ Destination allowlisting & firewall
- ✓ Honey tokens & exfiltration detection
- ✓ MCP Gateway — secure all MCP servers
- ✓ Team audit log & compliance export (coming soon)
- ✓ Kernel sandbox (Seatbelt / Landlock)
- ✓ SSO / SAML
- ✓ Role-based access control (RBAC)
- ✓ SOC 2 Type II (in progress)
- ✓ Data Processing Agreement (DPA)
- ✓ NIST AI 600-1 controls mapping (documentation)
- ✓ Dedicated onboarding + SLA
- ✓ Procurement support (MSA, security review)
Deploys in under 5 minutes. No network changes. No agents to manage. AI inspection runs locally — your prompts never touch our servers.
Why teams choose CitrusGlaze over legacy DLP
Legacy DLP was built for files and email. It has no idea what an AI agent is.
| Legacy DLP (Netskope, Zscaler, Nightfall) | CitrusGlaze | |
|---|---|---|
| AI agent traffic | Blind | Full visibility |
| Deployment | 6–12 months | Under 5 minutes |
| Policy engine | Keyword rules | Cedar (hot-reload) |
| Data leaves org? | Yes — cloud proxy | No — local by default |
| MCP server security | None | MCP Gateway |
| Secret detection patterns | ~30–50 | 349+ |
| Exfiltration canaries | No | Honey tokens |
The problem isn't hypothetical
97% of AI-related breaches involved systems with no AI access controls
IBM Cost of a Data Breach Report, 2025 — 604 organizations surveyed
Book a demoFAQ
Is the free tier really free? ▾
Yes. The scanner is MIT open source — free forever, no credit card, no account required. The local prompt firewall, secret detection, and browser extension are all included at no cost for individual developers.
How does enterprise pricing work? ▾
We price on annual contracts based on team size, deployment model, and required features. Book a demo and we'll put together a proposal within 24 hours. Most teams get to a signed contract in under two weeks.
Does deployment require IT or network changes? ▾
No network changes required. CitrusGlaze installs as a local daemon and sets a PAC proxy via macOS system settings — one command, no firewall rules, no VPN, no cloud routing. Linux support uses nftables with the same zero-touch approach.
Do AI prompts ever leave the machine? ▾
All inspection happens locally — the proxy runs on the developer's machine, not our servers. Enterprise deployments can optionally route audit logs to a self-hosted or cloud aggregator. We never see your prompts.
What compliance frameworks does CitrusGlaze map to? ▾
CitrusGlaze provides technical controls that map to NIST AI 600-1 (GenAI risk categories: prompt injection, data privacy, information security), NIST AI RMF 1.0 (GOVERN + MEASURE functions), and OWASP LLM Top 10. We can provide a compliance mapping document for enterprise procurement.
What counts as a "user" in enterprise pricing? ▾
One user = one human identity, unlimited devices, plus up to 10 AI agents (Claude Code, Cursor, custom scripts, MCP servers, etc.). CI/CD pipeline agents count toward the user who configured them. Enterprise tier includes pooled agent capacity for shared infrastructure and custom limits.
Ready to see what's leaving your org?
30-minute demo. We'll show you CitrusGlaze running against a live AI workload.