Sensitive applications never reach the client — only a secure pixel stream does.
WAF stops the attack. AAM verifies identity. DLP can mask sensitive data. But the moment a sensitive application's HTML, JavaScript, session data, and API responses reach the user's device, that data is already inside the client-side risk surface.
ZeroLeak closes this risk at the architectural level. The real web application runs inside an isolated browser environment on your network. Only a live pixel stream reaches the user's device. The application's code, data, and session information never touch the client.
The user sees the application. The data never lands on the device.
ZeroLeak keeps the sensitive web application's HTML, JavaScript, API responses, tokens, and session data inside your network. Only a live pixel stream reaches the user; keyboard and mouse input flow back through a controlled channel. The browser-based attack surface closes at the source.
Three security layers, one architectural principle
Classic web security long focused on stopping attacks aimed at the server. Today a significant share of the risk starts in the user's browser. The moment a page reaches the client, the DOM, session data, cookies, localStorage, and API responses are processed on the device. If the device isn't secure, neither is the sensitive application. ZeroLeak flips that assumption: the sensitive page never reaches the client in the first place.
DOM content, session tokens, cookies, and localStorage become visible on the client side. WAF and DLP are strong on the server side; once data reaches the browser, the control surface narrows.
AI agents can read web pages, analyze form fields, parse visible data, and automate repetitive operations. This is not a problem confined to classic bot detection.
When a user's device is compromised, browser memory, open page content, tokens, and temporary files come under risk. The enterprise application becomes dependent on endpoint security the moment it reaches the client.
Sensitive information leaks not only through HTML but also the moment it appears on screen. Screen recording, screen sharing, screenshots, and AI-based OCR tools amplify this risk.
WAF filters attacks, AAM verifies access, DLP controls sensitive fields. But at the end of that chain, the web page still lands in the user's browser. ZeroLeak fills the gap: the sensitive application is never sent to the client — only a secure visual session is.
What reaches the client?
What reaches the client?
ZeroLeak lets users work with sensitive applications — without ever delivering them to the client.
In the enterprise market, ADC, WAAP, identity-based access, and browser isolation are typically positioned as separate product families. ADC handles load balancing, WAAP protects the application, AAM manages access, and browser isolation is usually offered as a separate SaaS service. TR7 ZeroLeak removes that split. Sensitive application access, web security, identity policy, visual isolation, Anti-OCR, and forensic recording all run inside the same platform.
ZeroLeak delivers visual isolation as a native security layer of the TR7 platform — not as a separate product. The operator manages access, security, isolation, and recording policies side-by-side from the same management UI.
Many browser isolation approaches route traffic into a third-party cloud. ZeroLeak runs inside your network. Sensitive applications, session data, and recordings stay under your control.
Keeping the page off the client is step one. But what appears on screen can still be read via screenshots, screen recording, or AI vision. ZeroLeak adds a visual-protection and policy-based masking layer for that risk.
Instead of complex bandwidth-based models, ZeroLeak is licensed by concurrent-user capacity. Organizations plan a clear capacity model by counting how many users will hold isolated sessions at the same time.
ZeroLeak's distinction isn't a single feature; it's the architectural combination — ADC, AAM, WAAP, visual isolation, Anti-OCR, and forensic recording running in the same security flow.
ZeroLeak's security model rests on three core layers. First, the application itself is separated from the client. Then, sensitive on-screen regions are protected against visual leakage. Finally, the entire session becomes an auditable forensic record.
The sensitive web application runs inside an isolated browser environment on your network. The application itself never reaches the user's device — only a live pixel stream does.
What appears on screen is also a surface to protect. ZeroLeak applies policy-based protection to sensitive regions against screenshots, screen recording, and AI-based OCR.
ZeroLeak doesn't just isolate access — it makes the entire access auditable. For critical applications, the question of who did what and when has a complete retrospective answer.
ZeroLeak is not a SaaS routing service or a client agent. It is a security layer that runs inside your network and creates a separate isolated browser cell for every user session. The session starts, the cell opens; the session ends, the cell collapses. Application data never moves to the client, and the session environment never persists.
Session lifecycle
ZeroLeak delivers the most value in scenarios where device trust is weak but application data is critical. Users are granted access — but the application data is never delivered to their device.
Contractors, auditors, or external developers need remote access to sensitive banking screens. The device is not under organizational control and the risk of data leakage is high.
The user connects from their own browser into an isolated session. The core banking screen stays inside your network; only a pixel stream reaches the user's device. Every session is recorded for audit and forensic review.
A clinician or field worker wants to access patient records from their personal tablet. Health data is sensitive, and the device's security posture cannot always be guaranteed.
Patient data never lands on the tablet. The user can view and act on the data, but HTML, files, API responses, and session information never reside on the client device.
When access to government management panels, classified applications, or critical internal portals is opened over classic VPN, endpoint and screen-leak risks remain.
The console runs inside your network and the user receives only an isolated visual session. Anti-OCR is applied to sensitive regions; every action becomes an auditable record.
Suppliers, business partners, and dealers access B2B portals. The security level of those devices cannot be directly managed by your organization.
The partner portal is never delivered to the client. The user can take action, but data, files, and session information never stay on the partner device. New devices, different locations, and temporary access scenarios are handled with more control.
A user may access an enterprise application through an AI agent or automation extension acting on their behalf. These tools can read, parse, or exfiltrate page content.
An AI agent cannot see the DOM, API responses, or page code — only the pixel stream. Structured scraping risk drops, behavioral anomaly policies and forensic recording make the process traceable.
ZeroLeak capacity is planned by the number of users who hold isolated sessions at the same time. Every license tier ships the same core feature set; only the concurrent-user capacity changes.
Evaluation usage is included with every TR7 platform: 1 concurrent user, 30 minutes per day, all features unlocked. For production use, the capacity options below take over.
Every tier ships the same capability set — the only difference is the number of isolated sessions that can run at the same time.
Real capacity depends on hardware resources, application type, session duration, and forensic recording policy. As a planning average, you can assume roughly 1 GB RAM, 1 vCPU per user, and roughly 500 MB/hour of disk for forensic recording.
ZeroLeak supports data minimization, remote-access control, session recording, and auditability requirements for sensitive web application access. Because data never reaches the client, it forms a strong additional control layer in regulation-driven security architectures.
Supports technical and organizational measures for personal data security. Because sensitive data never lands on the client device, it strengthens the data-minimization principle.
Contributes to ePHI access control, audit, and integrity safeguards. Isolated sessions, forensic recording, and policy-based access work together.
Provides an additional security layer for remote access to critical systems. Management consoles and sensitive applications can be used without being delivered to the client.
Provides a strong audit layer for financial-system access — insider risk, third-party access, and transaction traceability.
Reduces the client-side attack surface for the cardholder data environment. Sensitive screens, access policy, and session recording are managed with tighter control.
ZeroLeak is available as a Premium add-on for all four TR7 bundles (Base, Geo, Secure, and Enterprise). The license model is based on concurrent-user capacity rather than bandwidth — because every user session creates a separate isolation cell with its own resource footprint.
Let's walk through a ZeroLeak demo against your own scenario: which applications should be isolated, how many concurrent users you need, how forensic recording should be retained, and how it fits into your existing TR7 architecture.