Beta v128.14.0 — 198 MCP Tools

The World's First
AI-Native Browser.

198 tools no other browser has. Zero telemetry by default — the only outbound path is the opt-in, default-off, narrated Bella context sync. Your passwords never seen by AI. Trusted input events (isTrusted: true) for reliable AI automation.

Download for macOS — Free See 198 Tools
198 MCP Tools
1,320 Tests Passing
Zero Telemetry
12 Password Adapters
198 MCP Tools
Zero knowledge. Zero telemetry. Zero compromise.
198 MCP Tools
12 Password Adapters
Ascon-AEAD128 Encryption
MCP-First AI
isTrusted:true Events
Ed25519 Signed Updates

198 Tools.
No Other Browser Has Any of Them.

Built into the browser itself — not an extension you install, a cloud you connect to, or a policy you hope they keep. Eight domains of capability. Zero compromise.

Threat Narrator

See who tracks you in plain English. Every tracker named, counted, and explained — not just a number in a shield.

Encrypted Vault

Save anything. GPS stripped. Camera data removed. Encrypted before it touches your disk. Crypto-shred any category in an instant.

MCP-First AI

Connect Claude, Cursor, or any MCP-compatible AI to 198 native browser tools — no model download. For total network isolation, enable the optional local LLM (~1.1 GB, off by default).

Writing Style Detection

Your bank writes a certain way. Phishing pages get the visual design right but the writing wrong. We catch what URL checkers miss.

Arabic Intelligence

Six dialects. RTL override attack detection. Homoglyph identification. Mixed-script domain warnings. The only browser built for Arabic speakers.

Behavioral Lock

Your browsing rhythm becomes your encryption key. Even with stolen credentials, an attacker cannot match your keystroke timing.

Zero-Knowledge Vault

Save passwords, import from Chrome/Firefox/Safari, sync with 1Password and Bitwarden. When AI fills a login form, it never sees the password — a single-use token handles the injection. Crypto-shred any category instantly.

Per-Tab VPN Tunneling

Route any tab through Saj Loop VPN with one click. Each tab gets its own SOCKS5 tunnel — your banking tab uses a VPN while your news tab doesn't. Same exit IP across all navigation. DNS leak proof.

198 MCP Tools — Most in the World

AI agents can navigate, click, fill forms, audit security, extract data, run accessibility checks, detect dark patterns, analyse commerce flows, and capture design sessions. 8 domain categories. Each agent gets its own tab. Zero cross-session interference.

Trusted Events — isTrusted:true

Browser automation dispatched as trusted input (isTrusted: true), so AI agents can reliably drive apps that ignore synthetic events. Dispatch runs in-process through the engine's own input path — no remote debugging port, no CDP.

Bidirectional Audio / Video

AI co-browsing with full audio and video. Stream what you see. Speak commands. Receive spoken responses. The AI can hear the page, describe what it sees, and guide you — without any cloud relay.

12 Password Manager Adapters

1Password, Bitwarden, Proton Pass, Dashlane, LastPass, Keeper, KeePass, NordPass, Apple Keychain, Google Passwords, pass/gopass, and Generic CSV import. Your passwords stay in your manager. AI fills forms using a one-time token. The password is never seen.

Payment SDK Allowlist

Paddle, Stripe, PayPal, Braintree, Square, Razorpay, and 9 more — all allowlisted so checkout flows work perfectly even with aggressive tracker blocking active. Privacy and commerce, together.

Every Domain.
Every Depth.

Saj Browse organises its 198 MCP tools into eight capability domains — giving AI agents full-spectrum control over what happens in the browser and on the web.

Accessibility (D1) — 8 tools

Screen reader simulation, cognitive load index, colour blindness simulation, WCAG compliance checks, contrast analysis, focus management audit, keyboard nav testing, ARIA validation.

Security Deep (D2) — 8 tools

Supply chain audit, fingerprint exposure report, API key scanner, prompt injection detection, sub-resource integrity checks, CORS policy audit, leaked credential detection, dependency vulnerability scan.

Data Extraction (D3) — 7 tools

Entity extraction, table intelligence, schema inference, grid extraction, paginated scraping, semantic content analysis, structured data export. Turn any page into structured data, instantly.

Developer (D4) — 7 tools

Performance flame graph, bundle analyser, API mock injection, SPA route mapping, cascade trace, render bottleneck detection, network waterfall export. Debug production sites from inside the browser.

Workflow (D5) — 6 tools

Visual regression testing, journey recording, journey replay, cross-page assertion, multi-step form automation, screenshot comparison. Record once, replay across a thousand pages.

Performance (D6) — 5 tools

Real user monitoring simulation, carbon footprint estimation, render bottleneck isolation, Core Web Vitals root cause, layout shift attribution. Optimise before your users notice.

Commerce (D7) — 5 tools

Checkout flow auditor, price tracker, ad fraud detection, dark pattern scanner, payment SDK allowlist enforcement. Know what a checkout page is really doing before you pay.

AI / ML (D8) — 8 tools

AI-generated content detection, synthetic media detection, prompt leak detection, model fingerprinting, LLM output watermark scan, AI policy analyser, synthetic image detection, AI-assisted dark pattern report.

Full tool reference →

Every other browser sends your data to a cloud.
We don't even have a cloud.

Saj Browse's AI runs in an isolated process on your device with no network access. This isn't a privacy setting you can toggle — it's how the software is built. The AI component physically cannot reach the internet.

When you ask the AI to analyse a page, it reads the DOM in memory, processes it locally, and returns a result. Nothing leaves your machine. There is no request, no response, no log.

Page Summarisation Phishing Detection Tracker Analysis Privacy Scoring

Built for AI Agents — 198 Tools

Saj Browse ships an MCP (Model Context Protocol) server that lets AI assistants like Claude, Cursor, and Windsurf control the browser programmatically. 198 tools across 8 domains — navigation, trusted input, security auditing, accessibility, data extraction, developer diagnostics, performance, commerce, and AI/ML analysis. Per-session tab isolation means multiple agents work simultaneously without any interference. Bidirectional audio and video let the AI hear the page and speak responses back.

Navigate & Screenshot Trusted Click & Type Security Audits Zero-Knowledge Auth VPN Control Bidirectional Audio/Video Design Capture (DIMC) Commerce Audits
Architecture — Isolation Model
Your Device
Nothing leaves this boundary
Saj AI Process
Isolated sandbox — reads DOM, returns result, zero sockets
Network boundary — no outbound connections permitted
Internet / Cloud Services
No data reaches here. By design.

Privacy Browsers, Ranked Honestly.

We didn't invent the category. We completed it.

Feature Saj Browse Chrome Firefox Brave Tor Browser
Built-in ad/tracker blocking YES
On-device AI assistant YES
Writing style phishing detection YES
Arabic phishing protection (6 dialects) YES
Encrypted vault with crypto-shred YES
Behavioral authentication YES
Built-in E2E messaging YES
Zero telemetry YES Partial
Per-category key isolation YES
Zero-knowledge password fill YES
Per-tab VPN tunneling YES
MCP agent protocol (198 tools) YES
Trusted events (isTrusted:true automation) YES
Bidirectional audio/video AI co-browsing YES
12 password manager adapters YES Import only Import only
Payment SDK allowlist (checkout compatible) YES Partial
Passkey/WebAuthn vault YES

They Tried 47 Things.
All Blocked.

This is what you'd see clicking the Saj Browse shield on a typical news website. Every tracker explained, not anonymised.

Threat Narrator — example-news.com
47 attempts blocked this session
Facebook (Meta)
Tried to build a cross-site profile worth $50–200/year to advertisers. Blocked before pixel fired.
x12
Criteo
Retargeting ads designed to follow you from this site to every other site you visit today.
x6
Hotjar
Session recording and heatmap tracking — would have captured every mouse movement and scroll.
x3
Unknown origin
4 unidentified scripts with no declared purpose. Blocked by default — unknown always means blocked.
x4
12 hostile 6 commercial 3 analytics 4 unknown

Part of Something Bigger.

Saj Browse is one piece of a sovereign technology ecosystem. Every product shares the same principle: your data belongs to you.

Privacy Shouldn't Cost a Fortune.

The most important protections are free — because security that only wealthy people can afford isn't security at all.

Free
$0
Core privacy for everyone
  • 4-layer tracker blocking
  • WebRTC disabled + fingerprint resistance
  • Encrypted vault (5 credentials)
  • HTTPS-only + encrypted DNS (DoH)
  • Metadata stripping on save
  • Ed25519 signed auto-updates
  • 14-day Pro trial included
Download Free
Personal
$4.99/mo
Full vault + VPN for one device
  • Everything in Free
  • Unlimited password vault
  • Per-tab VPN tunneling (Saj Loop)
  • On-device AI sidebar
  • Browser password import
  • Manager sync (1Password, Bitwarden, etc.)
  • 1 device
Start Personal

Start browsing privately today.

No account required. No telemetry. No catch. Verify every download against the signed release manifest before running it.

Recommended for your platform
macOS
DMG — 112 MB, signed + notarized (arm64)
Download Now — v128.14.0
Linux x86_64 — tar.gz Windows x86_64 (coming soon)
Verify your download
minisign -Vm saj-browse-128.14.0-linux-x86_64.tar.gz -P RWQ7ISRBueOe57Vw/pQNWx/9L9gtVVqdmeW+gXL95aGW9xMpY4gEl4AF
Public key: RWQ7ISRBueOe57Vw/pQNWx/9L9gtVVqdmeW+gXL95aGW9xMpY4gEl4AF

Connect your AI in two steps.

Once Saj Browse is open, it automatically starts an MCP server at http://localhost:57822/mcp — copy that URL and paste it into any MCP-compatible AI.

http://localhost:57822/mcp
Claude Desktop & Claude Code
Run this command once in your terminal. Claude Code adds the server to its config automatically — no file editing required.
claude mcp add --transport http saj-browse http://localhost:57822/mcp
Or: Claude Desktop → Settings → Developer → Edit Config → add "url": "http://localhost:57822/mcp" under mcpServers.
Cursor, Windsurf & others
Copy the server URL above, then open your AI's MCP settings and paste it in. Most editors have a GUI for this — no config files needed.
1Copy the URL above
2Open your AI → Settings → MCP Servers → Add → paste
http://localhost:57822/mcp Works with any MCP-compatible tool running on the same machine
Full JSON config for Claude Desktop

Add this to ~/Library/Application Support/Claude/claude_desktop_config.json then restart Claude Desktop:

{"mcpServers":{"saj-browse":{"url":"http://localhost:57822/mcp"}}}

Saj Browse must be running for the MCP server to respond. The proxy starts automatically when you open the browser.