Skip to main content
We’d rather be upfront than over-promise. Here’s what Shadow AI does not do today, and how to work around each one where you can.

Certificate-pinned apps

Some native desktop apps pin their own certificate and reject any certificate they didn’t ship with — including the agent’s CA. Those apps bypass the inspection proxy entirely and are out of scope by design. We never silently fail open on a tool we do cover — pinned apps simply aren’t inspected at all, rather than being inspected unreliably. There is no device-side workaround; coverage there depends on the app vendor.

QUIC / HTTP-3

The agent intercepts HTTP/HTTPS through a local proxy. QUIC / HTTP-3 runs over UDP and can route around an HTTP proxy, so that traffic can reach an AI vendor without inspection. Chrome and some Google properties (including Gemini) prefer QUIC. Mitigation: disable QUIC via browser policy (for Chrome, the QuicAllowed=false enterprise policy). The browser then falls back to HTTPS over the proxy and inspection resumes. See Troubleshooting.

Image OCR not yet supported

The agent extracts and inspects text — including from PDF, DOCX, XLSX, and plain-text files. It does not yet run OCR on images, so text embedded in an uploaded image (a screenshot of a credential, for example) is not detected. Image OCR is on the roadmap.

Coverage is a host allowlist

Shadow AI works from a maintained host allowlist of known AI vendors — it inspects traffic to those hosts and leaves everything else untouched. This bounds what’s inspected (and what it costs), but it means a vendor we don’t yet recognize passes through without a verdict. The current allowlist covers:
  • ChatGPT / OpenAI
  • Claude / Anthropic
  • Google Gemini
  • Perplexity
  • Mistral
  • Cohere
  • Microsoft Copilot
  • GitHub Copilot
  • Cursor
  • DeepSeek
  • Grok (x.ai)
  • Poe
  • HuggingChat
  • Meta AI

Requesting a vendor

Adding a vendor to the allowlist is a small config change on our side — not a new build for you to deploy. To request one, email support@promptguard.co with the vendor and the hostnames its app or API uses.

Platform availability

PlatformStatus
macOSGenerally available (signed + notarized)
WindowsIn development — private preview
LinuxIn development — private preview

Next steps

Troubleshooting

Diagnose interception gaps and engine reachability.

Privacy & data handling

What’s inspected, logged, and what leaves the device.