Discover which unauthorised AI platforms your employees are connecting to. Upload your firewall/network traffic logs and instantly receive a comprehensive risk scoresheet and procurement action plan.
Zero-Knowledge Security: Your network telemetry never leaves your device. All parsing, categorising, and scoring are processed locally in your browser.
"We ran our audit in under 5 minutes and immediately identified 3 departments sending data to consumer ChatGPT. The PDF went straight to our CISO."
"The zero-knowledge guarantee was the deciding factor. No other tool let us audit without uploading logs to a third-party server."
"Found v0.dev being used by our entire engineering team for prototyping. The procurement recommendations saved us weeks of research."
Your network logs are completely safe because they never leave your computer. All parsing, filtering, and risk assessments are computed directly in your browser's local sandbox using client-side JavaScript. No file is ever uploaded to our servers, and no traffic telemetry is cached or collected by us.
We support standard CSV files containing network connection logs. Your CSV should include column headers for timestamps, source IPs, employee departments, destination domains (fully qualified hosts), and bytes sent. Standard exports from Palo Alto, Fortinet, Meraki, Sophos, pfSense, and WatchGuard are fully compatible. Check our step-by-step Tutorial tab for specific export steps.
Our actively maintained Threat Intel database covers 30+ major AI platforms. This includes general assistants (ChatGPT, Claude, Gemini, Poe, Character.ai), developer code assistants (GitHub Copilot, Cursor, Codeium), design and creative generators (Midjourney, Stable Diffusion/Stability.ai, Runway, Leonardo, Suno), transcription tools (Otter.ai, Fireflies.ai), and productivity platforms (Notion AI, Grammarly, Jasper, Copy.ai).
Yes, you can run multiple local analyses per session, but to share or generate separate reports you will need to complete an audit payment for each unique domain mapping, or contact support for a Team Bundle.
Absolutely not. All intermediate traffic logs and classification states are held temporarily in your browser's session storage. As soon as you close the tab, log out, or clear your session, all processed data is permanently destroyed.
When you click "Share Report," we compress the high-level metadata (domains, risk levels, and department stats) into an encrypted URL hash (#report=...). Your raw connection logs are never stored. This hash is fully client-side; when someone loads your link, their browser decompresses and displays the report locally.
Yes! We offer a 30-day money-back guarantee. If you are not fully satisfied with the depth and clarity of the risk discovery scoresheet, simply email us at support@shadowai.app for a full refund, no questions asked.
Your corporate network logs remain strictly sandboxed in your browser. All sorting, filtering, and aggregation happen client-side.
We have no databases, backend analytics, or remote logging. Closing the browser tab destroys all processed data instantly.
Shared reports are compressed into URL parameters using LZ-String. The server only hosts the static page, not your data.
Shadow AI Discovery Report generated on —
Threat Intel Active: v2.4.1 (Updated May 2026)This score aggregates detected connections to unauthorized AI endpoints. Higher scores represent increased likelihood of data exfiltration and compliance violations.
Ready-to-send summary for internal emails, reports, or Slack pitches
| Timestamp | Destination Domain | Department | Source IP | Data Sent |
|---|
Individual connection event logs containing employee internal IP addresses and exact database event timestamps have been excluded from this shareable link to protect organisation privacy in compliance with **GDPR (Art. 25/32)** and **HIPAA Security Rule (§164.312)** regulations.
Vetted enterprise-grade alternatives for risk remediation