What you’re testing. Shadow AI runs on your Mac and inspects the traffic
going to AI tools (Claude, ChatGPT, and others) on your device, before
anything is sent. When it sees a secret or sensitive data, it blocks or
masks it. It’s the real product, so it inspects your system-wide AI
traffic while it’s on — and it’s fully reversible (turn it off, or uninstall,
any time).
Before you start
A Mac on macOS 12 or newer
A PromptGuard account
A Scale-plan account to sign in with. Don’t have one?
Talk to us.
Step 1 — Install
Download the app
Go to promptguard.co/download and
click Download for macOS. It’s a signed, notarized Apple build
(
PromptGuard.Shadow_<version>_universal.dmg), so macOS opens it without
warnings.Drag to Applications
Double-click the
.dmg, then drag PromptGuard Shadow into your
Applications folder.Step 2 — Sign in
Connect this device
Click the menu-bar shield, then Connect this device. Your browser
opens to the PromptGuard sign-in page.
Step 3 — Turn on protection
Approve the certificate — once
macOS will ask you to approve a secure-inspection certificate and prompt
for your Mac password. This is expected and required: it’s how the agent
reads encrypted AI traffic to inspect it. Every tool of this kind (corporate
VPNs, DLP) asks for it. You’ll only be asked once.
Step 4 — Try to leak a secret (the fun part)
This is what you’re really here to test. Open claude.ai and paste each of these into a new chat, one at a time. Watch what happens.| Paste this into Claude | What should happen |
|---|---|
What is the capital of France? | Allowed — Claude answers normally. Protection is invisible for safe prompts. |
Add this contact: Bob Smith, phone 415-555-0142 | Redacted — the phone number is masked before it reaches Claude. |
Here is my AWS key AKIAIOSFODNN7EXAMPLE, help me debug | Blocked — the key never leaves your machine. |
My OpenAI key is sk-proj-abc123def456ghi789 please use it | Blocked — the API key is caught. |
Try your own realistic examples too — a fake password, a customer email, a
snippet of code with a hard-coded token. The more real-world prompts you throw
at it, the more useful your feedback.
Step 5 — See every decision
Click the menu-bar shield → Activity. You’ll see a live log of every inspected request: what tool it was going to, the decision (allowed / redacted / blocked), why, and a masked preview (the raw secret is never stored or shown). This is the audit trail an admin would see across a whole fleet.What good looks like
- Safe prompts pass through instantly — you shouldn’t feel the agent.
- Secrets (API keys, tokens, passwords) get blocked; PII (phones, emails) gets redacted.
- The Activity log shows each catch with a clear reason.
- Claude keeps working normally the whole time.
Giving feedback
We want the rough edges. As you test, please note and send back:False negatives
Something sensitive that got through un-caught. The most valuable
feedback — tell us exactly what you typed and where.
False positives
A safe prompt that got blocked or mangled when it shouldn’t have been.
Friction
Anything confusing, slow, or annoying — install, sign-in, the cert prompt,
the popover, performance.
Breakage
Any AI tool or website that stopped working, or connectivity issues while
protection was on.
Turning it off & uninstalling
You’re always in control:Pause anytime
Click the shield → Turn off protection. AI traffic flows normally again;
the app stays installed.
Good to know
Will this slow down my Mac or break other apps?
Will this slow down my Mac or break other apps?
No. The agent only inspects traffic to the AI tools it monitors; everything
else — email, Slack, streaming, your VPN — goes straight through untouched.
Safe AI prompts pass instantly.
I see a certificate warning in a browser tab
I see a certificate warning in a browser tab
If you turned on protection while a tab was mid-load, refresh the tab. If a
warning persists on an AI site, that’s worth reporting — include the site.
Google / some sites feel occasionally flaky
Google / some sites feel occasionally flaky
A few tools use a newer transport (HTTP/3 over QUIC) that this beta tier
doesn’t fully carry yet; the browser falls back automatically, but you may
see a brief hiccup. Known limitation — the deeper coverage tier is in
progress. Report it if a site is unusable.
Is my data being sent anywhere?
Is my data being sent anywhere?
Prompt contents are inspected on your device. Only a masked preview
(never the raw secret) is stored locally for the Activity log. See
Privacy & data handling.
Hit a wall?
The troubleshooting guide covers the common install and connectivity issues —
or just email support@promptguard.co and we’ll jump on it.