What is network-layer proctoring?

Network-layer proctoring enforces what a candidate device can reach during an assessment at the operating-system network stack, not inside a browser or through a screen recording. Application-layer tools (lockdown browsers) only control a single window; screen-layer tools (camera proctoring) only observe what the lens can see. Network-layer enforcement blocks the actual path between the candidate's device and any unauthorized AI service, remote-access helper, or second device — regardless of what process is making the request or what it is named.

How does Aiseptor work?

When a candidate joins a session, the Aiseptor agent establishes a short-lived encrypted tunnel from their device to the Aiseptor Gateway. A default-deny access list is enforced at the OS level: only domains explicitly allowed by the exam policy can be reached. Every access attempt is logged and scored by the IntegrityEngine. When the session ends, the enclave destructs and the device is restored to its original state — no persistent install, no kernel driver.

Can proctoring software detect renamed processes?

Detection-based proctoring cannot reliably detect renamed or recompiled processes. Any attacker can rename Cluely.exe to Terminal.exe, or recompile an open-source overlay with a new binary name, and defeat process-name signatures in minutes. Aiseptor does not rely on process names. It blocks the outbound network path to the AI service the tool depends on — so whether the binary is called Cluely, Terminal, or anything else, the request fails.

What is an ephemeral security enclave?

An ephemeral security enclave is a temporary, session-scoped boundary around a candidate's device that exists only for the duration of an assessment. Aiseptor deploys the enclave in roughly 30 seconds at session start and destructs it in about 10 seconds at session end. There is no persistent service, no kernel driver, and no residual configuration on the device afterwards. This is the key architectural difference from lockdown browsers and always-on endpoint agents.

How does Aiseptor prevent AI cheating in coding interviews?

Aiseptor prevents AI cheating in technical and coding interviews by blocking the network path to AI services rather than trying to detect specific tools. Invisible overlays (Cluely, OpenCluely, Parakeet), on-device LLMs (Ollama, LM Studio, local GGUF models), remote-access helpers (AnyDesk, TeamViewer), and second-device AI pivots all depend on a network path that Aiseptor closes by default. Only domains explicitly whitelisted for the interview — documentation, the coding platform itself — are reachable.

← Back to home

How it works

Network-layer enforcement, without a kernel driver on the candidate's machine.

Aiseptor is an ephemeral user-space security enclave. When a candidate joins a session, a short-lived encrypted tunnel is established from their device and a default-deny access policy is enforced at the operating-system level — so the network path to unauthorized AI services, remote-access helpers, and second-device pivots is closed before any tool can use it. When the session ends, the enclave destructs and the device is restored.

Book a partnership call See the API

~30s

Enclave deploy time

~10s

Session destruct

Kernel drivers on device

The core insight

Detection loses every generation. Prevention doesn't care what the tool is called.

Every detection-based proctoring system is a signature database in a race against a global open-source community. When a new cheating tool appears, vendors add a process name, a window title, a screenshot hash. Within days, that tool is recompiled with a different binary name, a different window class, or a different rendering trick — and the signature is worthless. This is not a bug in any single product. It is the architectural ceiling of detection itself.

The numbers bear this out. Proctored technical assessments, the category with the most detection investment, still report fraud rates that have doubled year-over-year. Detection is visibly failing on the exact assessments it is paid to defend.

Aiseptor inverts the problem. Instead of trying to identify the tool, we close the network path the tool depends on. An invisible overlay that cannot reach an AI inference endpoint is a useless overlay. A remote-access helper that cannot reach a control server is a useless helper. A local LLM that cannot reach a model-loading service is idle. We don't need to know the tool's name — we only need to know the destination it's trying to reach, and the default answer is no.

35%

Candidates on proctored assessments attempted fraud in 2025 — up from 16% the year before, despite detection investment

Source: CodeSignal, 2026

48%

Technical candidates flagged for AI assistance across 19,368 live interviews — flagged, not stopped

Source: Fabric, 2026

The security stack

Three layers. Aiseptor owns the middle one.

Every assessment security stack has three layers. The top and bottom layers have established vendors. The middle layer — device and network — is where 2026-era cheating actually happens, and is the layer no incumbent was built to defend.

Aiseptor's stance — Complement

Physical / behavioural

Who owns it today

Proctorio, ProctorU, Honorlock, Talview

What it can stop

Room anomalies, a second person in frame, obvious phone use, gaze drift, physical impersonation

What it cannot stop

Anything off-camera, anything invisible to the lens, anything running on the device itself

Aiseptor's stance — Own

Device + network

Who owns it today

Previously unowned — where Aiseptor sits

What it can stop

Invisible AI overlays, on-device LLMs, remote-access helpers, second-device AI pivots, process rename / recompile, DNS-based evasion

What it cannot stop

Physical impersonation (pair with proctoring), pen-and-paper notes (pair with physical proctoring)

Aiseptor operates exclusively in this layer

Aiseptor's stance — Replace

Application / browser

Who owns it today

Respondus LockDown Browser, Safe Exam Browser

What it can stop

Other tabs in the same browser, clipboard paste into the assessment window, basic screen keys

What it cannot stop

Anything running outside the browser — every invisible overlay and helper lives here

The architecture

The architecture.

Three participants: the candidate device, the Aiseptor Gateway, and the platform backend. The device talks only to the gateway. The gateway decides what reaches the open internet. The platform receives a signed verdict at session end.

Stage 01

Candidate device

The Aiseptor agent creates the ephemeral enclave in user-space. An encrypted tunnel carries all device traffic; a default-deny access list blocks everything not explicitly permitted by the exam policy. No kernel driver. No persistent install. The agent removes itself when the session ends.

Stage 02

Aiseptor Gateway

The gateway is where enforcement happens. Allowed domains go through; everything else is dropped. The IntegrityEngine observes every access attempt, classifies threat signals in real time, and assembles a cryptographically signed audit trail. Aegis composes the final integrity verdict.

Stage 03

Platform backend

When the session ends, your platform receives a signed webhook: Aegis status, fired signals, and a link to the full audit report. Your scoring engine and UI remain untouched. The candidate experience is your branding; Aiseptor handles the device and network beneath it.

Threat coverage

What Aiseptor prevents.

Eight categories covering the attack surface lockdown browsers and camera proctoring cannot reach. Prevention described by outcome, not mechanism — your engineers can request the mechanism detail under NDA on a deep-dive call.

Threat category	Example tools / tactics	How Aiseptor prevents it
Invisible AI overlays	Cluely, OpenCluely, Parakeet, custom Electron overlays	The network path to the overlay's AI inference endpoint is blocked by default. An overlay with nothing to query is inert, regardless of how it renders on screen.
Remote access tools	AnyDesk, TeamViewer, Chrome Remote Desktop, commodity RATs	Remote control relays are blocked at the enclave boundary. A remote operator cannot reach the candidate device and a local RAT cannot phone home.
On-device LLMs	Ollama, LM Studio, local GGUF / safetensors models	ThreatSense detects active local inference at the device layer and raises an integrity signal, while model-hosting and update endpoints are blocked at the network layer.
Second-device AI	Phone running ChatGPT below the camera frame, tablet with Claude	The second device is not the target — its tether is. Tethered AI apps depend on the primary device's connection for some flows, and physical-layer proctoring partners flag out-of-frame activity.
VM stacking	Hardened anti-detection VMs, nested virtualization, sandboxes	DeviceGuard surfaces VM and virtualization signals (hypervisor artifacts, synthetic display devices) and raises an integrity signal that forces manual review.
Screen-share pivots	Discord screen share, Zoom helper sessions, Teams casting	Conferencing endpoints outside the allowed-domain policy are blocked, and any active capture paths are flagged as integrity signals in the session audit.
DoH / DoT bypass	Browser-level DNS-over-HTTPS, Firefox trusted recursive resolvers	Name resolution is pinned to the Aiseptor policy resolver. Browser DoH, DoT, and encrypted-SNI evasion attempts cannot bypass the enclave's allowed-domain list.
Process rename / recompile	Renaming Cluely.exe to Terminal.exe, custom-compiled overlays	Aiseptor does not rely on process names. The outbound destination is what's controlled, so a tool with any binary name still fails to reach its backend.

Privacy

What we never touch.

Aiseptor is built around network-layer signals, not content surveillance. The enclave only needs to know where the device is trying to go — not what the candidate is typing, saying, or looking at. Candidates and their legal teams can verify this on their own machines.

Never touched

No webcam. No microphone.
No keystrokes. No clipboard contents.
No personal files. No screen recordings.
No data retained beyond 24 hours (default).

What we do collect

DNS queries made during the session (to enforce the allowed-domain policy).
Process names observed on the device for the session window.
HMAC-signed session telemetry events for the audit trail.
Session metadata: join time, duration, integrity signals fired.

Read the full trust & privacy policy

Competitive reality

Three approaches. Only one works against 2026 attackers.

The incumbent approaches were designed before invisible overlays and on-device LLMs existed. They still work for what they were designed to do — they simply don't reach the modern attacker.

Application-layer

Respondus LockDown Browser, Safe Exam Browser

What it tries to do

Lock the candidate inside a single browser window, disable copy/paste, disable other tabs.

Known bypass

Anything running outside the browser. An invisible overlay draws on top; a helper process on the same device reaches the internet freely. Kernel-mode and user-mode bypass toolkits are publicly documented.

Screen / behavioural layer

Proctorio, ProctorU, Honorlock, Talview

What it tries to do

Camera observation, gaze tracking, human review, room scans — valuable for physical impersonation and out-of-frame anomalies.

Known bypass

Anything invisible to the camera and anything running on the device itself. A phone below the frame and an on-screen overlay that the lens cannot distinguish from the assessment UI both remain out of reach.

Network layer

Aiseptor

What it tries to do

Control what the candidate device can reach on the network. Default-deny at the OS level. Signed integrity audit per session.

Where it needs help

Physical impersonation and pen-and-paper assistance — which is why Aiseptor is designed to complement physical proctoring, not replace it.

Physical and behavioural proctoring are complementary to Aiseptor — Phase 2 partnerships are open. Lockdown browsers are a lower-tier substitute that Aiseptor's network-layer enforcement replaces.

Want to inspect the agent on your own machine?

Technical due diligence is welcomed. Platform CTOs and security leads can request sandbox credentials, read the architecture whitepaper, or schedule a 60-minute engineering deep-dive with our founding engineers. Bring Wireshark. Bring Activity Monitor. Bring the hardest attacker you know.

Book a partnership call For platforms