← Template libraryMode on clone: log
Shadow AImediumv1.0.0 · System
Shadow AI Request Detection
Flags requests routed to AI services not in the approved registry. Helps catch shadow AI before it becomes a compliance gap.
📘Clone & start observing
Creates a Guideline policy. Observation only — nothing is blocked until you promote to Strict.
Defaults to template name. Customise to distinguish multiple instances of the same template.
Leave empty to apply broadly via the template's default data-classification / risk-tier filters.
Rationale
Employees often use unapproved AI tools (ChatGPT.com, Claude.ai, etc.). This policy detects egress to known LLM endpoints from unmanaged contexts.
Example violation
Browser extension detects paste to chat.openai.com from an internal HR documentTriggers (1)
- contextInspect destination URL/endpoint
Detectors (1)
- keyword_listendpoint-allowlistCompare endpoint against approved list
Actions (2)
- flagFlag for security team review
- logRecord shadow AI usage event
Tunable parameters (2)
Approved AI endpoints
basickeywords
Domains/patterns considered approved.
Default: ["api.openai.com","api.anthropic.com","*.openai.azure.com"]
Block unknown endpoints
advancedboolean
Set to true for hard prevention. Default flags only.
Default: false
Template defaults (suggested target after promotion)
Suggested mode
flag
Risk tiers
—
Data classifications
—
Departments
—
Cloned policies start in Guideline mode. Use the promotion wizard to flip to Strict once you trust the false-positive rate.