Threat Protection
Quira's threat protection goes beyond traditional blocklists and heuristics. It introduces an AI Immune System that behaviorally baselines your browser and detects anomalies in real-time, plus adversarial ML defense that protects the browser's own AI from manipulation by web content.
AI Immune System
Inspired by biological immune systems, Quira's AI defense layer continuously monitors browser behavior and autonomous detects threats — even novel zero-day attacks that no blocklist has seen. All security events from the AI Immune System feed into the Context Security Event Bus (CSEB) for programmable rule evaluation and forensic audit.
| Component | What it does | Example |
|---|---|---|
| Behavioral baselining | Learns normal patterns for each user across resource usage, network patterns, and graph access | Detects a compromised extension suddenly accessing 100x more graph data than normal |
| Extension monitoring | Continuously profiles extension behavior against their declared capabilities | Flags an extension requesting network access outside its allowlisted domains |
| Anomaly scoring | Assigns real-time threat scores to active processes, tabs, and extensions | Quarantines a tab whose JavaScript is making rapid clipboard reads |
| Self-healing | Automatically revokes compromised capability tokens and isolates affected Spaces | If an extension's threat score exceeds threshold, its tokens are revoked and the extension is suspended |
All analysis is local
The AI Immune System runs entirely on-device. Behavioral models are trained on your patterns locally and never leave the device. No browsing behavior is sent to external services for analysis.
Adversarial ML defense
Quira's AI processes web content to build the Context Graph — which means web pages can attempt to manipulate the AI. This is the browser-specific equivalent of prompt injection, and Quira defends against it with purpose-built countermeasures.
- Invisible text removal — Detect and strip hidden text (CSS hidden, zero-width characters, white-on-white) designed to pollute AI summaries
- Unicode normalization — Canonicalize all text before AI processing to prevent homograph-based entity confusion
- Entity validation — Cross-reference extracted entities against the existing Context Graph to detect implausible injections
- Embedding anomaly detection — Flag content whose embedding vectors are statistical outliers compared to the page's visible content
AI pipeline 4-layer defense
Every piece of web content that enters Quira's AI pipeline passes through four independent defense layers:
| Layer | Function | What it catches |
|---|---|---|
| L1 — Content Sanitization | Strip hidden text, normalize Unicode, remove injected instructions | Prompt injection, invisible SEO spam, adversarial text |
| L2 — Privilege Framing | Wrap all web content with explicit "untrusted source" framing before AI processes it | Content trying to impersonate system instructions |
| L3 — Output Schema Validation | AI output is validated against strict schemas — only structured data is accepted | Free-text manipulation, hallucinated entities, action injection |
| L4 — Capability Separation | The AI inference process has no capability tokens — it cannot read or write the graph directly | Even if the AI is fully compromised, it cannot exfiltrate data |
Living Security
Security in Quira is not a static configuration — it is a continuously adapting system. Living Security introduces the Security Health Score.
- Security Health Score — A real-time composite score (0-100) visible in the toolbar, reflecting current security posture: extension risk, permission sprawl, outdated blocklists, etc.
- Adaptive recommendations — When the score drops, Quira suggests specific actions: revoking unused permissions, updating blocklists, removing suspicious extensions
- Threat memory — The AI Immune System remembers past threat patterns and can recognize variations even after the original threat signature changes
Phishing detection
Quira uses a multi-signal approach to detect phishing pages:
- URL heuristics — Detects homograph attacks, excessive subdomains, and known phishing URL structures
- Local blocklist — Regularly updated list of confirmed phishing domains, checked entirely on-device
- Visual similarity — On-device ML model compares page layouts to known login pages and flags lookalikes
- Certificate age — Warns when visiting login pages on domains with certificates issued less than 7 days ago
No data leaves your device
Unlike Chrome Safe Browsing or Firefox Phishing Protection, Quira's phishing detection runs entirely on-device. No URLs or page content are sent to external servers for evaluation.
Malware URL blocking
Known malware distribution URLs are blocked at the network layer using a locally maintained blocklist updated via differential sync. Sources include URLhaus, PhishTank, and Quira's own threat intelligence feed.
Certificate validation
| Check | Description |
|---|---|
| CT log verification | Verifies the certificate appears in at least two Certificate Transparency logs |
| TOFU pinning | Trust-on-first-use: warns if a site's certificate issuer changes unexpectedly |
| CA reputation | Flags certificates from CAs with a history of mis-issuance |
| Revocation check | OCSP stapling preferred; CRL fallback with local cache |
Download scanning
Downloaded files are checked against known-bad hashes before they are saved to disk. Executable files trigger an additional warning dialog showing the file's digital signature status and source domain reputation.