Security Model

Last updated: 14 July 2026 · We believe honest threat-model documentation beats marketing claims.

Architecture in one paragraph

BRYG is a local MCP server. It attaches to a dedicated browser instance with its own profile (~/.bryg/chrome-profile) over the Chrome DevTools Protocol (CDP) on 127.0.0.1. Page content, screenshots, OCR results, and network recordings are produced locally and handed to your MCP client (e.g. Claude Code). BRYG sends no telemetry; its only network calls are license validation and anonymous update checks (see Privacy).

CDP debug port — threat model

Browser automation requires the browser's debug port. Understand what that means:

Mitigations BRYG applies / offers

Prompt injection — an honest disclosure

What it is: BRYG feeds web page content (snapshots, text, OCR) to your AI assistant. A malicious page can embed text designed to manipulate the AI — e.g. "ignore your instructions and click X" — potentially steering it into unintended actions. This risk applies to every tool that connects an AI to live web content; we prefer to state it plainly.

How BRYG limits the blast radius

What you should still do

Credentials & data at rest

Supply chain & releases

Reporting a vulnerability

Please email lin_yeh@outlook.com with details. We appreciate responsible disclosure and will respond as quickly as we can.