Aguardic logoAguardic
Start Free Trial
Shadow AI Discovery

Find every AI tool already in use across your org — and what to do about each one.

Tell us what AI tools you know about, optionally drop in a network log or OAuth grant export, and we'll match each one against a curated catalog of 100+ AI tools. You get a Word report with BAA coverage, framework exposure (HIPAA, EU AI Act, GDPR…), risk level, and the specific Aguardic policy pack that governs each tool.

Every recommended pack is a real Aguardic marketplace pack. Activate it once and the policy enforces continuously against the tool's inputs and outputs.

Processed in memory
Raw uploads never stored
Not shared with third parties
1

Tell us what you know about

Free-text list of AI tools your team uses. Browser, embedded SaaS, dev tools, voice — anything.

2

We match against the catalog

100+ curated AI tools with BAA status, framework coverage, and policy mappings. Unmatched inputs are flagged separately.

3

Get the governance plan

Editable Word report. Per-tool BAA, framework exposure, risk level, and the specific Aguardic policy pack to enable.

One per line, or comma-separated. Include browser tools (ChatGPT, Claude, Gemini), embedded SaaS AI (Notion AI, Glean), dev tools (Copilot, Cursor), voice (Otter, Fireflies) — whatever you know about. We'll catch the unknowns.

Drop a network log export (Cisco Umbrella, Cloudflare Zero Trust, NextDNS, Pi-hole) or an OAuth grant export (Google Workspace OAuth report, Microsoft 365 enterprise apps). Files are parsed in memory and never stored.

Network log

Hostnames the matcher will dedupe against the catalog

CSV / TSV · 5MB max · parsed in memory

How do I export this from my DNS / proxy tool?

  • Cisco Umbrella

    Reporting → Activity Search → set time range → Filter by category Generative AI / Cloud → Download CSV.

  • Cloudflare Zero Trust (Gateway)

    Zero Trust dashboard → Logs → Gateway → DNS or HTTP → filter category Generative AI → Export.

  • NextDNS

    Logs tab → toggle on Logs → filter by domain / category → Export logs (CSV).

  • Pi-hole

    Tools → Query Log → set time range → Export. Or query the FTL database directly: SELECT domain, count(*) FROM queries GROUP BY domain.

  • Generic CSV

    Any export with a hostname/domain column works. Header names like `host`, `hostname`, `domain`, `fqdn`, `query_name` are auto-detected.

OAuth grants

App names from Google Workspace / M365 grant exports

CSV / TSV · 5MB max · parsed in memory

How do I export this from my IdP?

  • Google Workspace

    Admin Console → Security → Access and data control → API controls → Manage Third-Party App Access → Apps with access to Google data → Download CSV. Or: Reporting → Audit and Investigation → Token audit log → Export CSV.

  • Microsoft 365 / Entra ID

    Entra admin center → Identity → Applications → Enterprise applications → All applications → ⋯ menu → Download (CSV).

  • Okta

    Admin Console → Applications → Applications → click the export icon (top right) → Download CSV of all applications and their assignments.

  • Auth0

    Dashboard → Applications → list → export. Or: Monitoring → Logs → query type: `scoco` (consent grant) → export results.

  • Generic CSV

    Any export with an app-name column works. Header names like `app`, `application name`, `display name`, `oauth client` are auto-detected.

Drives risk scoring per tool and the framework-exposure column on each finding.

Pick all that apply. We use this to weight unmatched inputs and recommend the right enforcement layer per channel.

1-2 sentences on the most common use cases. Used to tailor the report's narrative section.

Used to personalize your Word document.

Free. Your Word report will be ready in 10–30 seconds.

Shadow AI Discovery — Find Every AI Tool in Use & Map Each to a Policy Pack | Aguardic - Aguardic