> ## Documentation Index
> Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Test It Yourself

> Install Shadow AI, turn it on, and try to leak a secret to Claude — the complete hands-on walkthrough, start to finish, about 15 minutes.

This is the complete hands-on walkthrough: install the agent, turn on
protection, and confirm it catches sensitive data before it ever reaches an AI
tool. No command line, no security background — if you can install a Mac app,
you can do this.

<Note>
  **What you're testing.** Shadow AI runs on your Mac and inspects the traffic
  going to AI tools (Claude, ChatGPT, and others) **on your device, before
  anything is sent.** When it sees a secret or sensitive data, it blocks or
  masks it. It's the real product, so it inspects your **system-wide** AI
  traffic while it's on — and it's fully reversible (turn it off, or uninstall,
  any time).
</Note>

## Before you start

<CardGroup cols={2}>
  <Card title="A Mac on macOS 12 or newer" icon="apple" />

  <Card title="A PromptGuard account" icon="user">
    A Scale-plan account to sign in with. Don't have one?
    [Talk to us](mailto:support@promptguard.co).
  </Card>
</CardGroup>

You'll need about **15 minutes** and your account password once (to approve the
secure-inspection certificate — more on that below).

## Step 1 — Install

<Steps>
  <Step title="Download the app">
    Go to **[promptguard.co/download](https://promptguard.co/download)** and
    click **Download for macOS**. It's a **signed, notarized** Apple build
    (`PromptGuard.Shadow_<version>_universal.dmg`), so macOS opens it without
    warnings.
  </Step>

  <Step title="Drag to Applications">
    Double-click the `.dmg`, then drag **PromptGuard Shadow** into your
    **Applications** folder.
  </Step>

  <Step title="Launch it">
    Open **PromptGuard Shadow** from Applications. A **shield icon** appears in
    your menu bar (top-right of the screen) — that's the whole app. Click it to
    open the popover.
  </Step>
</Steps>

## Step 2 — Sign in

<Steps>
  <Step title="Connect this device">
    Click the menu-bar **shield**, then **Connect this device**. Your browser
    opens to the PromptGuard sign-in page.
  </Step>

  <Step title="Sign in with your work account">
    Log in with the beta account you were given. The browser hands you back to
    the app automatically — nothing to copy or paste.
  </Step>
</Steps>

## Step 3 — Turn on protection

<Steps>
  <Step title="Click “Turn on protection”">
    In the shield popover, click **Turn on protection**.
  </Step>

  <Step title="Approve the certificate — once">
    macOS will ask you to approve a **secure-inspection certificate** and prompt
    for your Mac password. This is expected and required: it's how the agent
    reads encrypted AI traffic to inspect it. Every tool of this kind (corporate
    VPNs, DLP) asks for it. You'll only be asked **once**.

    <Warning>
      This certificate lets the agent inspect **only** the AI tools it monitors
      (Claude, ChatGPT, etc.) — everything else on your Mac is untouched.
      Uninstalling removes the certificate completely.
    </Warning>
  </Step>

  <Step title="Confirm it's on">
    The popover should now read **“You're protected.”** Leave it running in the
    background and go use Claude as you normally would.
  </Step>
</Steps>

## Step 4 — Try to leak a secret (the fun part)

This is what you're really here to test. Open **[claude.ai](https://claude.ai)**
and paste each of these into a new chat, one at a time. Watch what happens.

| Paste this into Claude                                      | What should happen                                                               |
| ----------------------------------------------------------- | -------------------------------------------------------------------------------- |
| `What is the capital of France?`                            | **Allowed** — Claude answers normally. Protection is invisible for safe prompts. |
| `Add this contact: Bob Smith, phone 415-555-0142`           | **Redacted** — the phone number is masked before it reaches Claude.              |
| `Here is my AWS key AKIAIOSFODNN7EXAMPLE, help me debug`    | **Blocked** — the key never leaves your machine.                                 |
| `My OpenAI key is sk-proj-abc123def456ghi789 please use it` | **Blocked** — the API key is caught.                                             |

<Note>
  Try your own realistic examples too — a fake password, a customer email, a
  snippet of code with a hard-coded token. The more real-world prompts you throw
  at it, the more useful your feedback.
</Note>

## Step 5 — See every decision

Click the menu-bar **shield → Activity**. You'll see a live log of every
inspected request: what tool it was going to, the decision (**allowed /
redacted / blocked**), *why*, and a **masked** preview (the raw secret is never
stored or shown). This is the audit trail an admin would see across a whole
fleet.

## What good looks like

* Safe prompts pass through instantly — you shouldn't *feel* the agent.
* Secrets (API keys, tokens, passwords) get **blocked**; PII (phones, emails)
  gets **redacted**.
* The **Activity** log shows each catch with a clear reason.
* Claude keeps working normally the whole time.

## Giving feedback

We want the rough edges. As you test, please note and send back:

<CardGroup cols={2}>
  <Card title="False negatives" icon="triangle-exclamation">
    Something sensitive that **got through** un-caught. The most valuable
    feedback — tell us exactly what you typed and where.
  </Card>

  <Card title="False positives" icon="ban">
    A **safe** prompt that got blocked or mangled when it shouldn't have been.
  </Card>

  <Card title="Friction" icon="face-frown">
    Anything confusing, slow, or annoying — install, sign-in, the cert prompt,
    the popover, performance.
  </Card>

  <Card title="Breakage" icon="bug">
    Any AI tool or website that stopped working, or connectivity issues while
    protection was on.
  </Card>
</CardGroup>

Send it to **[support@promptguard.co](mailto:support@promptguard.co)** — a
screenshot of the **Activity** row (which is already masked, so it's safe to
share) plus what you typed is perfect.

## Turning it off & uninstalling

You're always in control:

<Steps>
  <Step title="Pause anytime">
    Click the shield → **Turn off protection**. AI traffic flows normally again;
    the app stays installed.
  </Step>

  <Step title="Remove completely">
    Shield → **Uninstall** (or the app's menu). This clears the system proxy on
    every network, **removes the inspection certificate**, and deletes local
    data — leaving nothing behind. Then drag the app to the Trash.
  </Step>
</Steps>

## Good to know

<AccordionGroup>
  <Accordion title="Will this slow down my Mac or break other apps?">
    No. The agent only inspects traffic to the AI tools it monitors; everything
    else — email, Slack, streaming, your VPN — goes straight through untouched.
    Safe AI prompts pass instantly.
  </Accordion>

  <Accordion title="I see a certificate warning in a browser tab">
    If you turned on protection while a tab was mid-load, refresh the tab. If a
    warning persists on an AI site, that's worth reporting — include the site.
  </Accordion>

  <Accordion title="Google / some sites feel occasionally flaky">
    A few tools use a newer transport (HTTP/3 over QUIC) that this beta tier
    doesn't fully carry yet; the browser falls back automatically, but you may
    see a brief hiccup. Known limitation — the deeper coverage tier is in
    progress. Report it if a site is unusable.
  </Accordion>

  <Accordion title="Is my data being sent anywhere?">
    Prompt contents are inspected **on your device**. Only a **masked** preview
    (never the raw secret) is stored locally for the Activity log. See
    [Privacy & data handling](/shadow-ai/privacy-data-handling).
  </Accordion>
</AccordionGroup>

<Card title="Hit a wall?" icon="life-ring" href="/shadow-ai/troubleshooting">
  The troubleshooting guide covers the common install and connectivity issues —
  or just email [support@promptguard.co](mailto:support@promptguard.co) and we'll jump on it.
</Card>
