The coverage
Every AI workspace beyond the browser.
Your team uses AI in places the browser can't see. This tier covers those workspaces with the same protection model.
Four workspaces this tier covers
01
Desktop AI agents
02
IDE assistants
03
MCP tool calls
04
Clipboard movement
Desktop AI agents
Claude Desktop, ChatGPT Desktop, native AI applications. The standalone apps employees install outside the browser.
IDE assistants
Cursor, Claude Code, GitHub Copilot in the IDE, Continue. Coding assistants that work inside the developer's editor, not through a browser tab.
MCP tool calls
Bidirectional traffic between AI agents and the tools they connect to via Model Context Protocol. The traffic the agent generates on the user's behalf, not the user's typed prompts.
Clipboard movement
Data copied from one application and pasted into an AI tool, or copied from an AI output and pasted somewhere it shouldn't go. The pathway many sensitive data leaks actually use.
What you get from this tier specifically:
01
Visibility into agent tool calls
When an agent reads a file, calls an API, or commits code, the action is logged and policy-evaluated. Browser tools can't see this; the action happens inside a native app or IDE process.
02
Runtime control across native AI applications
Desktop AI apps and IDE assistants get the same policy enforcement as web AI tools: prompt classification, data anonymization, allow/guide/redirect/block actions at the moment of use.
03
Clipboard policy enforcement
Movement of sensitive data between AI tools and other applications is monitored and controlled. Catches the leaks that happen by paste, not by upload.
Architecture
One on-device service. Every workspace. No cloud round-trip.
A single on-device service (a daemon, technically) coordinates protection. Same SLM architecture as AI in Browser.
AI Workspaces
01
Desktop AI
Claude, ChatGPT
02
IDE assistants
Cursor, Copilot
03
MCP tool calls
Agent traffic
04
Clipboard
Paste flows
MagicMirror On-Device Service
One service. Every workspace. Local SLMs. On-device.
Four Products
See it
Risk Monitoring
Control it
Policy Enforcement
Protect it
Data Protection (Marv)
Measure it
Insights
Products
The MagicMirror AI Security Platform.
Four products, one platform. Coverage across every web AI tool and local agent your employees use.
AI Risk Monitoring
In the browser
Every web AI tool, account, and prompt across Chrome, Edge, Brave, and Arc.
In local agents
Desktop AI agent usage, IDE assistant activity, MCP tool calls, and clipboard movement between AI tools and other applications.
AI Risk Monitoring
Together
full visibility across every AI workspace your team uses.
AI Policy Enforcement
In the browser
Allow, guide, redirect, or block actions on any web AI tool. Policies enforced at the moment of use.
In local agents
Same enforcement inside native AI applications and IDE assistants. Policies apply consistently across workspaces.
AI Policy Enforcement
Together
policy you can't bypass by switching workspaces.
AI Data Protection (Marv)
In the browser
Last-mile protection for PII, PCI, PHI, and IP. Marv inspects and anonymizes data before it leaves the browser.
In local agents
Same protection for desktop AI app prompts, MCP tool calls, and clipboard moves. The data paths that never touch a browser tab.
AI Data Protection (Marv)
Together
sensitive data is protected at the moment of use, in every workspace.
AI Insights
In the browser
Productivity, proficiency, and adoption metrics for web AI tools. Which teams use what, where the high-value workflows are.
In local agents
Same metrics extended to desktop AI agents, IDE assistants, and MCP-connected tools. The full picture of AI usage across the org.
AI Insights
Together
real ROI data, not just usage data from one surface.
Two tiers. One platform.
Browser and Local Agents cover different layers.
Most organizations need both. The extension handles web AI tools. The on-device service handles the rest. One policy model.
Tier 1
MagicMirror AI in Browser
Browser-Native AI Security.
On-device protection for every web AI tool your employees use. Browser extension across Chrome, Edge, Brave, and Arc.
Tier 2
MagicMirror AI for Local Agents
Local-First AI Security.
On-device runtime control across desktop AI agents, IDE assistants, MCP tool calls, and clipboard movement.
You are here
Common questions
AI for Local Agents FAQ.
What's the on-device service's footprint?
The on-device service runs as a user-space process for most workspaces. Specific surfaces (clipboard monitoring, certain MCP scenarios) may require elevated privileges, which we document in the architecture white paper. The footprint is intentionally smaller than EDR, both in terms of memory and CPU.
Can we distribute via MDM?
Yes. MDM is the recommended distribution path. Supported across Microsoft Intune, Jamf, Kandji, and similar platforms. Standalone installers are available for environments where MDM isn't applicable.
How does this coexist with our EDR?
EDR sees process-level activity, malware behavior, and post-breach signals. The MagicMirror on-device service sees AI-specific activity at the workspaces where AI happens: prompts, tool calls, clipboard moves, agent actions. Different layer, different problem. We coexist with major EDR vendors and validate that during the pilot.
What happens if the on-device service stops running?
It's designed to be fail-safe. If the service stops, configurable fail-open or fail-closed behavior applies per workspace. Our recommended configuration is fail-closed for highly sensitive workspaces (Data Protection, MCP) and fail-open with logging for low-risk workspaces (clipboard).
Local-First AI Security, on your environment.
Get started
Schedule a demo with our security experts. We'll walk through the local AI workspaces your team uses and how MagicMirror would protect them.
Questions? sales@magicmirror.team
