Trust & honesty
Security marketing tends toward absolutes. We would rather you trust us because we are precise about our boundaries. Here is an honest account of what SoterAI IDE Guard can do, what it cannot, and how to use it as one layer in a defense-in-depth approach.
Secret, PII, and prompt-injection detection rely on patterns and signatures. They catch common and known cases well, but novel formats or heavily obfuscated payloads can evade them. Treat a clean scan as “no known issues found,” not “provably safe.”
The extension inspects context you route through its commands and its optional Local AI Broker. It cannot see or control traffic sent by other tools or extensions that bypass it entirely.
Redacted output is safer than raw content, but should still be reviewed before sharing externally. We provide a canary workflow so you can verify redaction end-to-end for your own setup.
SoterAI reduces what sensitive data leaves your editor and records what was shared. It does not control how an AI provider handles content you deliberately send, and provider terms still apply.
The AI Memory Inspector and Access Ledger record what context was shared through the extension. They are audit tools; pair them with Safe Mode and redaction for preventive control.
Performance numbers we publish come from benchmark scripts you can run yourself on your own hardware. Results vary by machine, and we do not present them as competitor comparisons.
No. No security product is. SoterAI reduces the risk of leaking secrets, PII, and sensitive context to AI tools and helps you review exposure, but it cannot guarantee that every sensitive value or every attack is caught.
No. We publish reproducible benchmarks for our own components and let you run them yourself. We do not make comparative “fastest” claims.
Detection is heuristic. SoterAI raises the cost and lowers the probability of accidental leakage and prompt injection; it is one layer in a defense-in-depth strategy, not a substitute for least privilege, code review, and isolation.