Why we built a sovereign sandbox browser, and why it is coming to your phone
Most data leaks happen at the point of use, inside the browser, where trackers, extensions and cloud sync move personal data off the device.
Where does most personal data actually leak?
Most data leaks do not happen in some distant server breach. They happen at the point of use, in the browser, on the device in your hand. Trackers, third party extensions and background cloud sync quietly move personal data off the machine while a person just reads a page or fills a form. That is the honest reason we built a sovereign sandbox browser: to isolate a session, keep data on the device the user controls, and cut the number of silent exits data has. We are now extending it to mobile so the same protection travels with people rather than staying locked to a desktop.
This is a product piece, so let us be plain about what it does and what it does not. A sandbox browser reduces tracking and keeps working data local. It does not make a phone unhackable, and no browser can. What it does is close the everyday leaks that regulated organisations, and ordinary users, lose data through without ever noticing.
What is a sovereign sandbox browser?
It is a browser session that runs inside a controlled boundary. The session is isolated from the rest of the system, so a page, a script or an extension cannot reach across into other data on the device. Working data stays on the hardware the user owns. There is no default cloud sync shipping history, form fills and identifiers to a vendor you did not choose.
Sovereign is the operative word. In Mickai terms it means the operator owns and runs the software inside their own walls, offline where they need to be, on hardware they control. The browser is one studio in that wider Sovereign Intelligence Operating System, sitting alongside roughly 60 studios and 50 brains that replace the usual cloud and SaaS stack. The point of every one of them is the same: the organisation, not a third party, decides where data lives.
Why is the browser the weak point?
Because it is the one place almost every task passes through. Email, banking, health portals, internal tools, document review, all of it runs in a browser tab now. That makes the browser the richest single collection point on any device.
Three mechanisms do most of the quiet damage. Trackers embedded in pages profile behaviour across sites. Extensions, often installed for one small convenience, can read and exfiltrate page content with permissions users rarely revisit. Cloud sync, switched on by default in most mainstream browsers, copies history, credentials and autofill data to servers outside the user's control. None of these are exotic attacks. They are the normal, advertised behaviour of ordinary software, which is exactly why they slip past people.
Isolating the session addresses all three at the point they act. A sandboxed session limits what a tracker can correlate, contains what an extension can reach, and keeps working data on the device instead of syncing it away by default.
Why bring it to mobile now?
Because that is where people spend most of their day, and where the leaks are hardest to see. On a phone there is no comfortable view of what extensions are doing, sync is aggressive and often on by default, and app to browser handoffs blur where data goes. The protection that matters on a laptop matters more on a handset, and until now it mostly did not travel there.
Extending the sovereign sandbox to mobile means the same isolation and the same local first handling follow the user onto their phone. For a clinician, an analyst or a case worker moving between desk and field, the boundary does not drop the moment they leave the office. That continuity is the real reason we are doing it, not a feature checkbox.
How is this different from private or incognito mode?
Incognito mostly stops your own device from remembering the session. It does not stop trackers, it does not contain extensions, and it does not change what the network and the browser vendor can see. It is local forgetfulness, not isolation.
A sovereign sandbox is about containment and ownership. The session is walled off from the rest of the system, and the data stays on hardware the operator controls rather than defaulting to a vendor cloud. For a regulated organisation the difference is decisive, because "we did not keep local history" is not the same as "the data never left our control".
Does this make a device secure on its own?
No, and we will not pretend otherwise. A sandbox browser protects data at the point of use and reduces tracking. It does not patch the operating system, defeat a targeted attacker who already owns the device, or replace endpoint security, staff training and good policy. Anyone selling a browser as total immunity is overclaiming.
What it does is remove a large class of everyday exposure that most controls miss, because most controls watch the network and the server and ignore the tab where the data is actually used. We treat Mickai as an ally to the people scoring their own risk, not a magic bullet that lets them stop scoring it.
How does the sandbox browser fit the wider Mickai system?
It shares the sovereign spine that runs through everything we build. Consequential actions across the platform are sealed into a post quantum signed audit ledger using ML-DSA-65, so an organisation can show what happened rather than assert it. The architecture is protected by 104 filed UK patent applications and 2,340 formal claims, under trade mark UK00004373277. The browser inherits the same principle the brains and studios run on: keep data on the operator's hardware, keep a record they can prove, and do not route control through someone else's cloud.
It is worth being clear that this is built and live, not a roadmap slide. The mobile extension carries an existing capability onto a new surface rather than promising something that does not exist yet.
What Mickai does about it
We keep the leak point, the browser, inside the operator's control instead of outside it. The sovereign sandbox browser isolates the session, keeps working data on the device the user owns, and cuts the default channels that move personal data off the machine. Bringing it to mobile means that protection follows people wherever they work. It will not make any device invulnerable, and we will keep saying so. What it will do is close the quiet, everyday leaks that happen exactly where the work gets done.
“Most personal data leaks at the point of use, inside the browser, through trackers, extensions and default cloud sync.”
Frequently asked questions
What is a sovereign sandbox browser?
It is a browser session that runs inside a controlled boundary, isolated from the rest of the device, with working data kept on hardware the user owns and no default cloud sync shipping data to an outside vendor. It reduces tracking and keeps data at the point of use under the operator's control.
How is it different from incognito or private mode?
Incognito mainly stops your own device from remembering the session. It does not contain extensions, stop trackers, or change what the browser vendor sees. A sovereign sandbox is about containment and ownership: the session is walled off and the data stays on hardware you control.
Does the sandbox browser make my phone unhackable?
No. It protects data at the point of use and reduces tracking, but it does not patch the operating system, stop a targeted attacker who already controls the device, or replace endpoint security and policy. It closes a large class of everyday leaks, not every risk.
Why extend it to mobile?
Because most people spend most of their day on a phone, where sync is aggressive and often on by default and where it is hardest to see what extensions and apps are doing. Extending the sandbox means the same isolation and local first handling travel with the user.
Where does most personal data actually leak?
Often at the point of use in the browser, through trackers embedded in pages, third party extensions with broad permissions, and cloud sync that copies history and credentials off the device by default. These are normal software behaviours, which is why they go unnoticed.
How does the browser fit the wider Mickai system?
It shares the sovereign spine of the Sovereign Intelligence Operating System: data stays on the operator's hardware and consequential actions are sealed into a post quantum signed audit ledger using ML-DSA-65. It is one studio among roughly 60, built and live rather than planned.




