Aegis learns what normal looks like for everyone — posting rhythm, favorite channels, link habits. A two-year regular suddenly spraying links into channels they've never touched isn't a mood. It's a stolen token, and it lights up instantly.
Three layers deep: 44,000+ confirmed phishing domains refreshed hourly, lookalike unmasking that reads dіѕсоrd-n1tro as discord-nitro, and the "free nitro" playbook every campaign follows — so brand-new scam domains get caught in their first hours.
A join spike flips raid mode automatically: invites and DMs pause through Discord's own security actions, day-old accounts wait at the door, and every detector runs hot until the wave passes. Even a hijacked moderator gets caught by the audit-log watch.
A day-old throwaway gets banned and wiped in one call. Your friend of two years gets contained and rescued — spam purged, roles stripped, and a DM with the real fix: a password reset that kills the stolen token, then 2FA. When they're secured, /aegis release brings them home.
One command. Every server gets its own config, thresholds, and quarantine role.
Aegis reads messages in-flight to catch scams, then lets them go. Nothing anyone writes is ever stored.
Message text is never written to a database or a log file. Not the spam, not the chatter — none of it.
What it keeps: one-way hashes, counts, timestamps, and channel usage. Enough to spot a hijacked account — useless for reading anyone's history.
Read exactly what we store → The full list fits on one page, with a real email for deletion requests.
Free · two-minute setup · quarantines attackers, rescues friends
+ Add Aegis to Discord