ScopeGuard scans browser extensions, OAuth apps, email add-ons, and IDE plugins before installation, then enforces security policy based on permissions, scopes, publisher identity, and version drift.
Trusted by security teams at modern enterprises
Every Chrome extension, Gmail add-on, GitHub app, and VS Code plugin can read browser tabs, mailboxes, source code, and customer data. Most are installed in one click — and most security teams have no inventory, no policy, and no visibility into what changed last week.
47 new browser extensions installed this quarter
12 OAuth apps granted Gmail read access without review
9 IDE plugins now reading workspace files
6 extensions silently expanded permissions in 30 days
ScopeGuard sits between your employees and every plugin marketplace, mailbox, and IDE.
Every browser extension, OAuth app, and IDE plugin passes through a security gate before it can read company data.
See exactly which Google Workspace and Microsoft 365 scopes an app requests — and which sensitive ones to block by default.
Get alerted when an installed plugin changes ownership, adds a scope, or starts contacting new domains.
Extension requests access to all websites
AI Meeting Summarizer Pro · Chrome
OAuth app requests Gmail read access
ChatMail Assistant · Google Workspace
Publisher changed last week
Prompt Saver Plus · Indie Maker LLC
New version added external data sharing
ChatMail Assistant v3.2.0
Unverified publisher requesting Drive access
Calendar Copilot · Tempora Labs
IDE plugin added workspace file read
CodePilot Helper · VS Code
Pull inventory from Chrome Enterprise, Edge, Google Workspace, Microsoft 365, GitHub, and IDE marketplaces.
Combine permissions, OAuth scopes, publisher identity, and behavior into a unified risk score.
Auto-allow, block, or route to review based on rules your security team controls.
Continuously watch for new scopes, new domains, and publisher ownership changes.