AI Tools Blocklist
Home AI Tools Database Taxonomy Pricing
Solutions
Enterprise IT & CISO Education Firewall Admins Shadow AI Prevention REST API
Download Free Sample
Student Device Protection

AI Chatbot Blocklist
for Student Devices

Network-level filters stop working the moment a student device leaves campus. Our feed of 16,024+ AI domains integrates with Jamf, Intune, Mosyle, and Google Workspace to enforce restrictions on the device itself, on any network.

16,024+
AI Domains Blocked
4
MDM Platforms Supported
24/7
On & Off Campus Coverage
Download Free Sample Education Pricing
The Device Gap

Why Network Filtering Alone Fails for Student Devices

School firewalls and DNS filters only protect students while on campus. The moment a Chromebook connects to home Wi-Fi or a phone hotspot, those protections vanish.

Device-level blocking is the only way to maintain consistent AI restrictions across every network.

Take-Home Devices Are Unprotected

In 1:1 programs, students spend more hours on their device at home than at school. Without device-level restrictions, AI access is wide open off campus.

  • Every take-home device is an unprotected endpoint
  • Homework may be AI-generated without your knowledge
  • Device-level policies close this gap entirely

Phone Hotspots Bypass Everything

Students can tether a Chromebook to a personal phone and skip every network filter. IT directors report this as one of the most common bypass techniques.

  • MDM policies follow the device regardless of connectivity
  • The device itself is the only reliable enforcement point

The Long Tail of AI Chatbots

Blocking ChatGPT and Claude is not enough. Students share links to obscure AI tools on Discord, TikTok, and Reddit.

  • Character.AI, Poe, You.com, Phind, HuggingChat, and hundreds more
  • 16,024+ domains across 18 categories, updated daily
Chromebook Filtering

Chromebook AI Blocking via Google Admin Console

Chromebooks dominate K-12 device programs. Google Workspace provides built-in URL blocking that follows the device regardless of network.

Chrome URLBlocklist Policy

The URLBlocklist policy accepts domain patterns and enforces them locally on the Chromebook. It works on any network, including home Wi-Fi and hotspots.

Capacity & Coverage

  • Practical limit: ~1,000 URLBlocklist entries
  • Use Chrome policy for highest-priority AI domains
  • Pair with GoGuardian, Lightspeed, or Securly for full 16,024+ domain coverage

OU-Based Segmentation

Organizational units let you apply different blocklists to different student groups. Segmentation mirrors the reality that AI risk varies by age.

Example OU Structure

  • Elementary OUs: strictest blocking, all 18 categories
  • High School OUs: permit "Education" tools, block chatbots
  • Staff OUs: unblocked for lesson planning and PD

Google Admin Console: URLBlocklist Configuration

Navigate to Devices → Chrome → Settings → Users & browsers, select the student OU, and add AI domains to the URL Blocklist.

The JSON below shows the equivalent configuration for the Chrome Policy API.

// Google Workspace — Chrome URLBlocklist via Policy API
// Target OU: /Students or /Students/Middle-School

{
  "requests": [{
    "policyTargetKey": {
      "targetResource": "orgunits/STUDENT_OU_ID"
    },
    "policyValue": {
      "policySchema": "chrome.users.UrlBlocking",
      "value": {
        "urlBlocklist": [
          "chatgpt.com",
          "chat.openai.com",
          "claude.ai",
          "gemini.google.com",
          "copilot.microsoft.com",
          "perplexity.ai",
          "character.ai",
          "poe.com",
          "you.com",
          "quillbot.com",
          "writesonic.com",
          "jasper.ai",
          "phind.com",
          "huggingface.co/chat",
          "deepai.org"
          // ... up to ~1,000 entries
          // For 16,024+ domains, use GoGuardian/Lightspeed bulk import
        ]
      }
    },
    "updateMask": "policyValue.value.urlBlocklist"
  }]
}

Automated Daily Updates

Use a Google Apps Script or service-account script to fetch the top 1,000 domains from our API daily and push them via the Chrome Policy API. The remaining 16,024+ domains are handled by your content filter's bulk import, which has no entry limit.

MDM Integration

Deploying AI Chatbot Restrictions via MDM

MDM platforms provide the enforcement layer that follows every managed device. Our domain feed integrates with all of them through content filter payloads and configuration profiles.

Jamf Pro (iPads & Macs)

Deploys Web Content Filter payloads enforced at the OS level. Safari, Chrome, and all WebKit apps are covered.

  • Supervised mode prevents profile removal
  • Students cannot install VPNs to bypass

Microsoft Intune (Windows)

Web Content Filtering and Defender SmartScreen block AI domains across Edge, Chrome, and system-level requests.

  • Enforces on school, home, or cellular networks
  • Compliance policies flag bypass attempts

Mosyle (Mixed Fleets)

Supports Apple, Android, and Windows devices from a single console. Deploy content filters and DNS-over-HTTPS configs across platforms.

  • Smart Rules auto-apply stricter blocking during school hours
  • Relax restrictions for after-school enrichment

Jamf Pro: Web Content Filter Configuration Profile

Upload this profile to Jamf Pro and scope it to your student device group.

  • AutoFilterEnabled turns on Apple's built-in content filter
  • BlacklistedURLs adds AI chatbot domains on top
<!-- Jamf Pro — Web Content Filter Payload for Student iPads -->
<!-- Profile → Restrictions → Content Filter → Limit Adult Content -->

<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array><dict>
    <key>PayloadType</key>
    <string>com.apple.webcontent-filter</string>
    <key>AutoFilterEnabled</key>
    <true/>
    <key>FilterType</key>
    <string>BuiltIn</string>
    <key>BlacklistedURLs</key>
    <array>
      <string>chatgpt.com</string>
      <string>chat.openai.com</string>
      <string>claude.ai</string>
      <string>gemini.google.com</string>
      <string>copilot.microsoft.com</string>
      <string>character.ai</string>
      <string>perplexity.ai</string>
      <string>poe.com</string>
      <string>quillbot.com</string>
      <string>you.com</string>
      <!-- Full feed: import via Jamf Pro API script -->
    </array>
  </dict></array>
</dict>
</plist>

Microsoft Intune: Web Content Filtering Policy

Deploy via the Endpoint Security blade in Intune. This PowerShell script automates the process.

It creates custom indicators from our API feed and pushes them to Microsoft Defender for Endpoint.

# Intune / Defender for Endpoint — AI Chatbot Domain Indicators
# Run via Azure Automation or a scheduled task on your management server

$apiKey = "YOUR_API_KEY"
$feedUrl = "https://feeds.aitoolsblocklist.com/v1/domains/chatbots.json"

# Fetch the latest AI chatbot domains
$headers = @{ "Authorization" = "Bearer $apiKey" }
$response = Invoke-RestMethod -Uri $feedUrl -Headers $headers
$domains = $response.domains

Write-Host "Fetched $($domains.Count) AI chatbot domains"

# Create custom indicators in Defender for Endpoint
foreach ($domain in $domains) {
    $indicator = @{
        indicatorValue  = $domain.url
        indicatorType   = "Url"
        action          = "Block"
        title           = "AI Chatbot: $($domain.name)"
        description     = "Category: $($domain.category)"
        severity        = "Medium"
        recommendedActions = "Blocked by district AI policy"
    }

    Invoke-RestMethod -Uri "https://api.securitycenter.microsoft.com/api/indicators" `
        -Method Post -Headers $defenderHeaders `
        -Body ($indicator | ConvertTo-Json) `
        -ContentType "application/json"
}

Write-Host "Updated $($domains.Count) Defender URL indicators"
Device Segmentation

Age-Appropriate Blocking by Device Group

One feed, multiple policies.

Apply different blocklist configurations to different student populations from the same 16,024+ domain feed, filtered by the 18-category taxonomy. High school AP CS students may need coding assistants, while elementary students need full blocking.

K-5

Elementary School

Block all 18 AI-tool categories with zero exceptions. No category tuning, no exception requests, no ambiguity.

All Categories Blocked
6-8

Middle School

Allow pre-approved "Education & Learning" tools under teacher supervision. General chatbots, AI writers, and image generators stay blocked.

17 Categories Blocked 1 Permitted
9-12

High School

Block text-generation and essay-writing tools while permitting AI coding tools for CS courses. Image and video generators remain blocked to prevent deepfakes.

14 Categories Blocked 4 Permitted

Automated Device Group Assignment Script

Fetches category-filtered feeds from our API and deploys them to the correct device groups. Run daily via cron to keep each group current.

#!/bin/bash
# /opt/scripts/device-group-sync.sh
# Sync AI blocklists for each student tier

API_KEY="YOUR_API_KEY"
BASE_URL="https://feeds.aitoolsblocklist.com/v1/domains"
OUTPUT_DIR="/var/lib/mdm-sync/blocklists"

# Elementary: all categories (full block)
curl -s -H "Authorization: Bearer $API_KEY" \
     "$BASE_URL/all.txt" \
     -o "$OUTPUT_DIR/elementary.txt"

# Middle school: exclude education-learning category
curl -s -H "Authorization: Bearer $API_KEY" \
     "$BASE_URL/all.txt?exclude=education-learning" \
     -o "$OUTPUT_DIR/middle-school.txt"

# High school: exclude education, code-dev, data-research, security
curl -s -H "Authorization: Bearer $API_KEY" \
     "$BASE_URL/all.txt?exclude=education-learning,code-development,data-research,security-detection" \
     -o "$OUTPUT_DIR/high-school.txt"

# Log domain counts per tier
for tier in elementary middle-school high-school; do
    count=$(wc -l < "$OUTPUT_DIR/$tier.txt")
    echo "[$(date)] $tier: $count domains" >> /var/log/ai-blocklist-sync.log
done

echo "[$(date)] Device group sync complete"
Testing Periods

Exam-Period Scheduling and Automated Feed Switching

Testing Windows Demand Maximum Blocking

State assessments, AP exams, SATs, and district benchmarks require all AI-tool categories blocked. Even normally-permitted categories should be restricted during exams to ensure integrity.

How It Works

Your automation script checks if today falls within a testing window

If yes, it pulls the full-block feed (all 18 categories, zero exceptions)

When testing ends, it reverts each group to its normal tier-based feed

Both feeds draw from the same 16,024+ domain database

Key Benefits

No manual toggle-flipping at 7 AM on testing day

No separate "testing blocklist" to maintain

Full coverage during testing without disrupting normal policies

Same underlying database for both modes

During Testing Windows

  • All 18 AI-tool categories blocked across all device groups
  • AI coding assistants blocked (prevents STEM exam cheating)
  • AI tutoring tools blocked (prevents real-time answer lookup)
  • Bypass monitoring set to high-alert mode
  • Testing coordinator notified of any access attempts

Outside Testing Windows

  • Tier-based blocking per device group (K-5, 6-8, 9-12)
  • Approved education tools permitted for supervised use
  • CS class devices may access coding assistants
  • Standard monitoring with weekly digest reports
  • Teacher override available for lesson-specific AI use

Automated Testing-Period Feed Switcher

Runs daily via cron. Reads testing-period date ranges from a config file and deploys the appropriate feed.

Update the config once per semester when the testing calendar is published -- no code changes needed.

#!/bin/bash
# /opt/scripts/testing-period-switch.sh
# Cron: 0 5 * * * /opt/scripts/testing-period-switch.sh

API_KEY="YOUR_API_KEY"
BASE_URL="https://feeds.aitoolsblocklist.com/v1/domains"
CONFIG="/etc/ai-blocklist/testing-periods.conf"
OUTPUT_DIR="/var/lib/mdm-sync/blocklists"
TODAY=$(date +%Y-%m-%d)
TESTING_MODE="false"

# testing-periods.conf format: START_DATE END_DATE LABEL
# 2025-03-10 2025-03-21 State_Assessment
# 2025-05-05 2025-05-16 AP_Exams
# 2025-06-02 2025-06-06 Final_Exams

while IFS=' ' read -r start end label; do
    [[ "$start" == "#"* ]] && continue
    if [[ "$TODAY" >= "$start" && "$TODAY" <= "$end" ]]; then
        TESTING_MODE="true"
        echo "[$(date)] TESTING PERIOD ACTIVE: $label ($start to $end)"
        break
    fi
done < "$CONFIG"

if [ "$TESTING_MODE" = "true" ]; then
    echo "[$(date)] Deploying FULL BLOCK to all tiers"
    for tier in elementary middle-school high-school; do
        curl -s -H "Authorization: Bearer $API_KEY" \
             "$BASE_URL/all.txt" \
             -o "$OUTPUT_DIR/$tier.txt"
    done
else
    echo "[$(date)] Deploying TIER-BASED blocking"
    # Each tier gets its normal category-filtered feed
    curl -s -H "Authorization: Bearer $API_KEY" \
         "$BASE_URL/all.txt" -o "$OUTPUT_DIR/elementary.txt"
    curl -s -H "Authorization: Bearer $API_KEY" \
         "$BASE_URL/all.txt?exclude=education-learning" \
         -o "$OUTPUT_DIR/middle-school.txt"
    curl -s -H "Authorization: Bearer $API_KEY" \
         "$BASE_URL/all.txt?exclude=education-learning,code-development,data-research,security-detection" \
         -o "$OUTPUT_DIR/high-school.txt"
fi

# Trigger MDM profile refresh (example: Jamf Pro API)
curl -s -X POST "https://your-jamf.jamfcloud.com/api/v1/mdm/renew-profile" \
     -H "Authorization: Bearer $JAMF_TOKEN"

echo "[$(date)] Feed deployment complete. Testing mode: $TESTING_MODE"
Monitoring

Detecting and Preventing Student Bypass Attempts

Why Monitoring Matters

Blocking domains is half the equation. Visibility is the other half -- knowing who is attempting bypasses and which new AI tools generate the most traffic.

This intelligence feeds directly into policy refinement and helps identify students who need guidance on academic integrity.

Category-Aware Logs

Our feed classifies every domain into 18 functional categories. Your block logs show what kind of AI tool a student sought -- chatbot, essay writer, image generator, or code assistant.

A student hitting "Text & Language" domains during a writing assignment is a different signal than a CS student hitting "Code & Development" during a lab.

Common Bypass Techniques

Phone Hotspot Tethering

Students tether to a personal phone to skip network filters. MDM policies prevent this because the blocklist enforces on the device, not the network.

Web Proxies & VPNs

On managed Chromebooks, disable unapproved extensions. On iPads, Supervised mode prevents VPN installation without MDM authorization.

Alternative AI Domains

When ChatGPT is blocked, students find alternatives via social media. Our feed covers 16,024+ domains including obscure tools, mirror sites, and new launches -- updated within 24 hours.

Alert Configuration Best Practices

Threshold Alerts

Alert when a student exceeds 10 blocked AI requests within one hour. This pattern usually indicates active bypass attempts, not incidental clicks.

Testing-Period Escalation

During exams, lower the threshold to 3 attempts and add the testing coordinator to notifications. Any AI access during a proctored exam is a potential integrity violation.

Weekly Digest Reports

Generate summaries by building, grade level, and device group. Share with principals and curriculum directors to inform policy decisions and instructional planning.

Comprehensive Coverage

Why 16,024+ Domains Matters

The Manual Approach Falls Short

Most IT teams start with 20-50 hand-curated AI domains. This covers roughly 15-20% of actual student AI usage.

The remaining 80% happens on tools no human curator has time to discover, evaluate, and add to a spreadsheet.

Automated Classification Pipeline

Our pipeline scans 102M+ domains using ML classifiers and behavioral analysis. It identifies AI tools from network patterns, DNS records, certificate metadata, and content analysis.

No reliance on human awareness -- systematic identification across the entire web, updated daily.

The Long Tail Is Where Cheating Lives

Students who find ChatGPT blocked will search "free AI chatbot no login" or find recommendations on TikTok. They discover essay rewriters, homework solvers, and photo-to-answer tools that most IT teams have never heard of.

102M

Domains Scanned

16,024+

AI Tools Classified

18

Functional Categories

Daily

Feed Updates

Explore the Full Database Download Free Sample CSV

The sample includes representative domains from every category -- enough to validate integration with your MDM and content filter before committing.

Deployment Checklist

Student Device Blocklist Deployment in 6 Steps

1

Inventory Your Device Fleet

Catalog every managed device type and the MDM managing each. Confirm every device is enrolled with a current management profile.

Unenrolled devices are invisible to your deployment.

2

Define Device Group Policies

Decide which AI-tool categories to block for each student tier. Document exceptions, approvals, and implementation details.

3

Deploy MDM Profiles

Use the platform-specific configs above -- Jamf for iPads, Intune for Windows, Google Admin for Chromebooks. Start with a 50-100 device pilot.

4

Configure Automated Updates

Set up daily feed sync to pull the latest domains from our API. New AI tools launch every day -- without automation, your blocklist decays immediately.

5

Set Up Testing-Period Schedules

Enter testing dates into testing-periods.conf. The automated switcher handles the rest -- update the config once per semester.

6

Enable Monitoring & Reporting

Configure block-log alerts and weekly digests. Use category breakdowns to refine your policy -- add exceptions without opening the floodgates.

Protect Every Student Device, Every Network

Download the free sample to test integration with your MDM platform, or request a trial feed configured for your device fleet and testing calendar.

Download Free Sample Explore the Database

Request a Student Device Blocklist Trial

Tell us about your device fleet — MDM platform, device types, student count, and grade levels — and we will configure a trial feed matched to your deployment.