Employees are submitting customer records, credentials, and confidential documents into AI tools, leaving your organization liable.
ShadowLock is the shadow AI detection platform for MSPs and IT teams: the visibility to see it and the controls to stop it.
ChatGPT, Claude, Gemini accessed via personal accounts: no enterprise contract, no DPA, no audit trail.
Sidebar assistants and email rewriters that read content across every site employees visit, including clipboard data.
Copilot and AI writing features inside approved SaaS apps, activated without any security review.
Claude Desktop, ChatGPT app, Ollama, and LM Studio running entirely outside browser-based controls.
GitHub Copilot, Cursor, and similar tools with broad file access. Proprietary code and credentials directly at risk.
Otter.ai, Fireflies, and similar tools recording and processing internal calls, clinical discussions, and client meetings.
Patient data pasted into public AI tools without a BAA in place triggers HIPAA exposure. No breach required.
Customer PII processed through unapproved vendors with no DPA, no lawful basis, and no compliant transfer mechanism.
Source code, contracts, and product plans submitted to public AI. Failing to control access can weaken trade secret protections.
When a client has an AI-related incident and you had endpoint scope, the gap between "not our job" and "you should have known" is where claims live.
Personal-account AI tools run under consumer terms: no DPA, no BAA, no incident notice obligation. The protection you assumed doesn't exist.
Without prior visibility you can't answer which tool, which account, or what data was involved, breaking triage, notifications, and defensibility.
ShadowLock covers the full AI surface: browser, desktop app, and cloud tool, without enterprise-level deployment complexity or dedicated security engineering.
Deployed silently to Windows endpoints via your existing RMM. Monitors AI activity, scans browser extensions, and detects local AI apps. Zero user interaction.
Self-configures once the agent is installed. Intercepts paste events and file uploads before they reach AI tools, classifies sensitive data, and enforces your policies with clear user-facing messages.
Connects to each customer's Microsoft 365 tenant via Microsoft Graph and scans for AI apps that have been granted OAuth access: Copilot plugins, third-party AI add-ins, and other AI service principals. New connections trigger a critical alert automatically, with no endpoint required.
Detects navigation to known AI domains and enforces your access policy before anything is pasted. Domain list stays current automatically.
Stops paste events and file uploads before content reaches the AI tool. PII, credentials, SSNs, and card data classified entirely within the browser.
Flags known AI sidebars and writing tools, plus unknown extensions with high-risk permissions that can read sensitive content on every page.
Surfaces AI exposure that browser controls never reach: offline tools, local LLMs, and developer-facing apps running outside any web policy.
Detects personal-account AI sessions on managed devices: the blind spot that enterprise controls and web proxies never reach.
Cross-org risk view, alert workflows, device inventory, and policy management: everything an MSP needs to govern AI risk across all customers from one place.
Set allow, warn, and block policies per AI tool, per organization, and per user. Changes propagate to every online endpoint within minutes.
| AI Tool | Surface | Action |
|---|---|---|
| ChatGPT | Paste | ๐ซ Block |
| ChatGPT | File Upload | ๐ซ Block |
| Claude | Site Access | โ ๏ธ Warn |
| Gemini | Personal Acct | ๐ซ Block |
| Perplexity | Site Access | โ Allow |
| Ollama | Desktop App | โ ๏ธ Warn |
AI adoption is outpacing governance in almost every organization. Three things make waiting more expensive than acting.
The average organization already has 8 AI apps in active use. Most of it is happening without approval or any governance framework.
Employees on managed devices using AI through personal accounts are completely outside your policies, your logging, and every enterprise control. It looks like personal browsing. The data exposure is not.
Security questionnaires, cyber insurance renewals, and compliance reviews now include AI governance questions. "We didn't have visibility" doesn't reduce liability. It creates it.
Cross-organization view of every client's AI exposure. Push policy changes to hundreds of endpoints and generate customer-ready reports, before an incident forces the conversation.
See which AI tools employees are using, what data they're pasting, and which extensions are risky. Configure allow/warn/block without a complex rule engine. Alerts that matter, not thousands of low-signal events.
Risk signals, not content. Sensitive data is classified locally and never transmitted. You get the evidence to act, without capturing what employees type or read.
Sensitive data is never sent to the backend. Only the data type and a reference are logged. You know something sensitive was pasted, but not what it said.
Upload events log the filename, type, and size. File contents are never read or stored, by design and not just by policy.
Keystroke logging is explicitly out of scope, technically and legally. ShadowLock monitors AI interaction events, not what employees write.
All agent-to-backend communication is encrypted. EU deployments support EEA data residency requirements.
Default 90-day event retention, configurable per organization. Data lifecycle controls built in from day one.
Partners confirm employee disclosure compliance before onboarding each organization. Consent is enforced in the deployment workflow, not just the documentation.
Pay per managed device. Volume discounts apply automatically. The more devices you monitor, the lower your per-device rate.
Drag the slider to see your monthly rate at any scale.
| Devices | Rate |
|---|---|
| 1โ99 devices | $1.00/device |
| 100โ249 devices | $0.95/device |
| 250โ499 devices | $0.90/device |
| 500โ999 devices | $0.85/device |
| 1000+ devices | $0.80/device |
No charge until your trial ends. Cancel anytime.
One plan, full feature set. Every customer gets all capabilities. No feature tiers.
Guide
The plain-English guide to shadow AI: what it is, why every modern IT team has it, and how to detect it.
How-to
A practical guide to detecting ChatGPT and other AI tool usage on company endpoints: what to look for and how to act on it.
Compliance
How unapproved AI tools quietly break SOC 2 compliance, and what auditors are starting to check.
Deploy ShadowLock in minutes via your existing RMM. Get visibility across every AI tool in your customer environments, before an incident, an audit, or a client question forces the conversation.
14-day free trial ยท Cancel anytime