Anti-AI-Agent defense · v1.0
Stop bots. Stop AI agents. Let humans through.
NeuroGuard is a 12 KB JavaScript widget that uses cognitive challenges and behavioral telemetry to block spam bots, scrapers, scalpers, and autonomous LLM agents — while keeping your real users in flow.
12 KB
gzipped widget
<150 ms
token verify
4
challenge types
0
dependencies
Live demo
A real form, protected in real time.
Submit the form on the right. The widget collects behavioral telemetry, asks for a cognitive challenge if needed, and issues a single-use token that the server verifies. No CAPTCHA, no friction for humans.
- Token bound to your browser fingerprint + IP hash
- Single-use, expires in 120 seconds
- Server-side verification via
/api/v1/verify
Contact form
Protected by
shield.js · loading widget…Capabilities
Built for the agent era.
CAPTCHAs are dead. LLM agents solve them. NeuroGuard uses cognition + behavior instead.
Cognitive challenges
Odd-one-out, category-select, absurd-logic, and slider-drag puzzles that trick LLM agents but are trivial for humans.
Behavioral scoring
Mouse-directional variance, scroll cadence, key timing, and WebGL fingerprints build a 0–100 trust score.
12 KB widget
Zero dependencies. Vanilla ES2020 IIFE. Lightweight payload, no layout shift, graceful degradation if blocked.
Server-side verification
Single-use, time-boxed tokens verified by your backend via POST /api/v1/verify before any write.
Real-time analytics
Per-site dashboards with traffic, threats, blocked IPs, AI-agent detection rate, and quota usage.
GDPR-safe
No cookies, no raw IP storage. IPs are salted SHA-256 hashes with daily rotation. GDPR-compliant by design.
Integration
Live in four steps.
01
Embed the widget
Add one <script> tag with your siteKey. The widget auto-protects all forms on the page.
02
Collect telemetry
On submit, the widget gathers behavioral + environment signals and POSTs to /api/v1/token.
03
Challenge if needed
If the server returns needChallenge, the widget shows a cognitive modal and re-POSTs the answer.
04
Verify server-side
Your backend POSTs the resulting token to /api/v1/verify before accepting the submission.
Threat landscape
The bots got smarter. So did we.
Autonomous LLM agents can click, type, scroll, and solve visual puzzles. They cannot (yet) reason about absurd logic, category ambiguity, or odd-one-out judgment the way humans can. That is the gap NeuroGuard exploits.
OpenAI OperatorBrowser agent
Anthropic Computer UseBrowser agent
Devin (Cognition)SWE agent
MultiOnBrowser agent
Agent-detection signals
Combined into a 0–100 score; threshold is configurable per site.
navigator.webdriver === true
Linear mouse path (directional variance ≈ 0)
Zero scroll velocity variance
Headless WebGL renderer string (SwiftShader)
Instantaneous challenge solve (<800 ms)
Plugins/mimeTypes length mismatch (stealth)
Pricing
Pay only for what you verify.
Soft quota caps on all paid plans — we never break your forms. Upgrade anytime for more capacity.
Free
For side projects & evaluation
$0/ mo
- 1 site
- 10K verifications / mo
- All challenge types
- Community support
Pro
PopularFor production apps & SMBs
$19/ mo
- 25 sites
- 500K verifications / mo
- Real-time analytics
- Webhook alerts
- Email support
Enterprise
For high-volume platforms
$99/ mo
- Unlimited sites
- Unlimited verifications
- 99.95% SLA
- Audit logs
- Priority support
Code
Two snippets. That's it.
1. Embed the widget
<!-- Add once, anywhere in your <body> -->
<script
src="https://cdn.neuroguard.pro/shield.js"
data-site-key="ng_pk_your_site_key"
data-auto="true"
defer
></script>
<!-- Any <form> on the page is now protected. -->
<form action="/api/your-endpoint" method="POST">
<input name="email" type="email" required />
<textarea name="message" required></textarea>
<button type="submit">Send</button>
</form>2. Verify the token server-side
// Your backend — verify the token BEFORE acting on the submission.
export async function POST(req: Request) {
const { neuroguard_token } = await req.json();
const res = await fetch("https://api.neuroguard.pro/api/v1/verify", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
siteKey: process.env.NEUROGUARD_SITE_KEY,
secretKey: process.env.NEUROGUARD_SECRET_KEY,
token: neuroguard_token,
userAgent: req.headers.get("user-agent") || "",
ip: req.headers.get("x-forwarded-for") || "",
}),
});
const data = await res.json();
if (!data.valid) {
return Response.json({ error: "BLOCKED" }, { status: 403 });
}
// data.label: "HUMAN" | "BOT" | "AI_AGENT"
// data.score: 0..100
// data.challengePassed: boolean
return Response.json({ ok: true, label: data.label });
}