Browser Security

Definition. Browser Security is the enforcement layer. Where Browser Intelligence reads the page, Browser Security acts on what was read — client-side, under policy you control. It is the security half of the two-layer browser story.

The two layers are deliberately separate. Collection is always-on and read-only; enforcement is policy-driven and opt-in per surface. You never enforce something you can’t first see.

How Noxtica does it

Enforcement is expressed as directives delivered to the client:

• Challenge — step a session up: add a second factor or extra verification. Real customers pass it; automation usually doesn’t.
• Block — stop a session, with logging, reserved for the clearest cases.
• Tarpit — slow an abusive client down rather than cleanly blocking it.

Two operator controls make this safe to roll out:

• Per-domain policy — directives apply per domain, so each surface gets its own posture instead of one blunt global rule.
• Shadow mode — run a policy in observe-only first. Noxtica records what would have happened without acting, so you can see the impact on real traffic before anything is enforced.

The risk-action engine

Enforcement is driven by the risk-action engine — operator-configurable policies that challenge, block, or tarpit based on:

• Device risk — the score from Know Your Device.
• Agent verdicts — the allow/deny outcome from Know Your Agent.
• URL patterns — which routes the policy applies to.
• IP reputation — network-level context.

Every action is visible in a risk-actions dashboard, and shadow mode lets you validate a policy before it acts. The policies are yours: operators tune policies and thresholds with full control. Nothing enforces on your behalf without a policy you wrote.

Where it fits

Browser Security is the Security pillar. The risk-action engine is the defensible, shipped meaning of “agentic security” — software that polices the agentic web under operator-set policy. See Agentic Security for how it ties to KYA, MCP, and the assistant.

Read deeper

• Browser Intelligence — the collection layer this one acts on.
• Agentic Security — the umbrella, including the risk-action engine.
• Integration flow — how a decision lands in your application.
• Engineering principles — why the defaults are conservative.