How to block ChatGPT and unsanctioned AI tools for employees
Blocking AI at the firewall misses anyone on a personal account or off the network. ShadowLock blocks ChatGPT, Gemini, Claude, Copilot, and the long tail of AI tools at the endpoint and browser — so the block holds everywhere, and you can still allow the AI you approve.
How do you block ChatGPT for employees?
You block ChatGPT for employees by enforcing it on the endpoint and browser rather than only at the network. ShadowLock force-installs a managed browser extension via Chrome and Edge policy and runs a Windows agent that disables the desktop app, so ChatGPT is blocked on a corporate account, a personal account, on-network, or at home. From there you allow the AI you approve, block the rest, and optionally block sensitive pastes into the tools you do allow.
of shadow AI use happens on personal accounts, which network-layer blocking can’t see.
Why a firewall rule isn’t enough
DNS filters and firewalls block AI domains for managed devices on the corporate network. Employees route around them with a personal account, a phone hotspot, or a home laptop — and embedded AI like Gemini in Chrome or Copilot in Edge never touches a blockable domain at all.
ShadowLock enforces at the layers where the work actually happens: the browser and the Windows endpoint. See how it compares to DNS filtering and Microsoft Purview, or read about browser AI lockdown.
Block the tools, not just the URLs.
ChatGPT first, then every other AI tool — across browser and desktop.
Block ChatGPT
The most-used shadow AI tool, and the one employees reach for first. ShadowLock blocks ChatGPT in any browser via the managed extension and disables the desktop app on Windows via NTFS ACLs — regardless of whether someone is signed in with a corporate or personal account. You can block it outright or allow it while blocking sensitive pastes.
Block Gemini & Google AI Mode
Gemini is built into Chrome and Google Workspace, and AI Mode now appears in Google Search. Browser AI Lockdown disables Gemini in Chrome by enterprise policy and blocks Google's AI Mode in search, so "block ChatGPT" doesn't just push everyone to the AI already in their browser.
Block Claude, Copilot & Perplexity
Claude, Microsoft Copilot, Perplexity, and the long tail of niche tools are all covered by the same catalogue, updated continuously. Copilot in Edge and Leo in Brave are disabled at the browser layer; standalone tools are blocked by URL and by desktop binary.
Allow the AI you approve, block the rest
Most teams don't want a total ban — they want sanctioned tools allowed and everything else blocked. Set an allow-list of approved AI tools at the partner, org, or device level; everything outside it is blocked or audited per policy. The block page is customizable so employees know what to use instead.
Blocking AI tools FAQ
Why do employers block ChatGPT?
Employers block ChatGPT and similar tools because anything pasted into a public AI tool can leave the company's control — source code, customer records, financial data, and PHI can be retained or used to train the model. Blocking unsanctioned AI tools (or controlling what data reaches them) closes that leak while still letting teams use approved, governed AI.
Can you block ChatGPT company-wide?
Yes. ShadowLock blocks ChatGPT across every managed endpoint at once: the browser extension force-installs via Chrome and Edge enterprise policies, and the Windows agent disables the desktop app via NTFS ACLs. Because enforcement is at the endpoint and browser — not the network — it works whether the employee is on a corporate account, a personal account, on the office network, or at home.
How do I block ChatGPT for employees but still allow approved AI?
Set an allow-list of the AI tools you sanction and block everything else. ShadowLock lets you allow, for example, an enterprise ChatGPT or Copilot deployment while blocking the consumer versions and every other tool, and it can additionally block sensitive data from being pasted into the tools you do allow.
What companies block ChatGPT?
Many banks, healthcare systems, law firms, and large enterprises restrict consumer ChatGPT, and the practice is spreading to SMBs as cyber-insurance questionnaires and compliance audits begin asking about AI controls. The trend is less about banning AI outright and more about steering employees to a governed tool while blocking ungoverned ones.
Does blocking ChatGPT just push usage to personal devices?
It can, if blocking is the whole strategy. That is why ShadowLock pairs blocking with a sanctioned alternative and on-device data classification: employees get an approved tool to use, and attempts to route sensitive data elsewhere are still caught on the managed endpoint and browser. A block-only approach without an approved path tends to drive workarounds.
How ShadowLock compares for blocking AI
The tools teams evaluate to block ChatGPT and AI apps — side by side.
Blocks AI domains over DNS. We also read the prompt and cover M365.
Blocks app installs. We classify what gets pasted in.
Blocks inside the E5 stack. We need no E5 license.
Isolates risky URLs. We are purpose-built for shadow AI.
Block ChatGPT everywhere it shows up
Free 14-day trial. Enforcement live within an hour of agent and extension rollout.