> ## Documentation Index
> Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Shadow AI

> Keep secrets and customer data from leaking into ChatGPT, Claude, Gemini, and other AI tools your team already uses — checked on the device, before anything is sent.

Your team pastes code, customer records, and credentials into AI tools every
day. **Shadow AI** inspects that content **on the employee's own device, the
moment before it's sent** — and blocks, redacts, or allows it according to your
policy. Nothing sensitive leaves the machine to be checked.

It's the same PromptGuard engine, policies, and dashboard you already use for
your own apps — now watching the AI tools your employees use, too.

## How it works

Every paste, prompt, or upload to a known AI tool gets one verdict, in
milliseconds:

<CardGroup cols={2}>
  <Card title="Block — secrets" icon="ban">
    API keys, cloud credentials, and tokens never leave the device.
    <br /><code>AWS\_SECRET=…</code> → **stopped**.
  </Card>

  <Card title="Redact — PII" icon="user-shield">
    Emails, phone numbers, SSNs, and card numbers are masked **on-device**, so
    the employee still gets help and the raw value is never transmitted.
    <br /><code>[jane@acme.co](mailto:jane@acme.co)</code> → <code>\[EMAIL]</code>.
  </Card>

  <Card title="Block — attacks" icon="shield-halved">
    Prompt-injection and jailbreak payloads are caught before they're sent.
  </Card>

  <Card title="Allow — real work" icon="check">
    Everything else passes through untouched, with zero added friction.
  </Card>
</CardGroup>

Every verdict lands in your PromptGuard dashboard, tagged by **surface**
(`desktop` · `browser` · `sdk` · `proxy`) — so application traffic and employee
traffic show up in one audit trail.

## Get started

<CardGroup cols={2}>
  <Card title="Quickstart — protect one machine" icon="bolt" href="/shadow-ai/quickstart">
    Install, connect, and see your first block in about five minutes (macOS &
    Windows). One agent covers both AI **APIs** (Cursor, IDE assistants) **and**
    the AI **web apps** in the browser (ChatGPT, Claude) — no extension needed.
  </Card>

  <Card title="Roll it out to your fleet" icon="users" href="/shadow-ai/fleet-enrollment">
    Enroll many devices under one org, each with a scoped, individually
    revocable credential — and see the whole fleet in one place.
  </Card>
</CardGroup>

## One engine, every surface

Shadow AI isn't a separate product. It's additional **places we watch** feeding
the same detection engine, the same policies, and the same dashboard:

<CardGroup cols={3}>
  <Card title="Your apps" icon="server">Gateway & SDK traffic</Card>
  <Card title="Your team" icon="laptop">Desktop agent + browser</Card>
  <Card title="One dashboard" icon="chart-line">Scan · block · redact · audit</Card>
</CardGroup>

Adding a new provider or site is a one-line change — not a new product to learn
or deploy.

<Card title="Run it your way" icon="cloud" href="/shadow-ai/deployment-modes">
  Cloud, hybrid (your engine + our dashboard), or fully air-gapped — same
  dashboard, switched with a single setting.
</Card>

## Licensing

Shadow AI follows the same plan model as the rest of PromptGuard. There are
three ways to license it:

<CardGroup cols={3}>
  <Card title="Personal" icon="user">
    Included with **every plan**. Protects **one** of your own devices, metered
    against your existing request quota — no separate bill.
  </Card>

  <Card title="Fleet" icon="users">
    Available on **Scale and above**. Adds MDM enforcement, an org-wide required
    policy, multi-device [enrollment](/shadow-ai/fleet-enrollment), and a
    per-employee usage rollup.
  </Card>

  <Card title="Standalone" icon="building">
    Priced **per seat** for rolling Shadow AI out to a whole team, or using it on
    its own. Cloud, hybrid self-hosted, or air-gapped.
  </Card>
</CardGroup>

See the [pricing page](/pricing) for plan limits and how Shadow AI usage is
metered.

## What Shadow AI does — and doesn't

We'd rather be upfront than over-promise:

<AccordionGroup>
  <Accordion title="It inspects encrypted traffic via a certificate" icon="certificate">
    Detection requires reading the request, so the agent terminates TLS using a
    certificate it installs on the device — user-approved for individuals, or
    MDM-managed for enterprise fleets. Content is inspected **locally**; only the
    verdict and masked metadata are logged.
  </Accordion>

  <Accordion title="Coverage is a maintained list of AI tools" icon="list-check">
    We watch a curated, growing set of AI providers and web apps. New endpoints
    are added over time; a tool we don't yet recognize passes through untouched.
  </Accordion>

  <Accordion title="Certificate-pinned apps can't be inspected" icon="lock">
    A few apps pin their own certificate and bypass any inspection proxy. Those
    are out of scope by design — we never silently fail open on a tool we *do*
    cover.
  </Accordion>
</AccordionGroup>
