AI Tools Blocklist
Home AI Tools Database Taxonomy Pricing
Solutions
Enterprise IT & CISO Education Firewall Admins Shadow AI Prevention
Integrations
Palo Alto Networks FortiGate Cisco Umbrella pfSense REST API
Download Free Sample
CASB Integration

Your CASB Already Sees AI Traffic.
Make It Act on It.

Feed 16,024+ classified AI-tool domains into Netskope, Microsoft Defender for Cloud Apps, or Zscaler. Transform your CASB from a passive observer into an active AI governance engine.

16,024+AI Domains Classified
18Tool Categories
3Major CASBs Supported
Download Free Sample Enterprise Pricing
CASB as Enforcement Layer

Why Your CASB Is the Right Place to Govern AI Tool Access

Firewalls, DNS filters, and endpoint agents each play a role in AI governance. None match the depth of visibility and control a CASB provides.

The CASB Difference

A CASB doesn't just see that a user connected to an AI domain. It sees session context, uploaded data, user identity, device posture, and specific actions performed. The difference: knowing an employee visited chat.openai.com vs. knowing a finance employee uploaded a 2MB spreadsheet to ChatGPT from an unmanaged device at 11pm on a Saturday.

Inline Mode vs. API Mode

Inline Mode

CASB sits as a forward/reverse proxy in the traffic path. Every HTTP request passes through for real-time inspection, DLP enforcement, and blocking before data reaches the AI tool.

Best for: Enforcement and data loss prevention.

API Mode

Connects to cloud service APIs after the fact to scan for policy violations and discover shadow IT. Cannot prevent data from reaching an AI tool — only detects that it already has.

Best for: Discovery and audit.

Deploy inline mode for enforcement and API mode for discovery. The AI Tools Blocklist provides the domain intelligence layer your CASB needs for both.

Category-based policies scale where individual domain decisions cannot:

Block all "Code Generation" tools for the finance department
Allow "Text & Language" tools with DLP content scanning enabled
Monitor "Image Generation" tools with full session logging
New domains auto-inherit their category's governance tier daily

Deep Session Visibility

Inspect the full HTTP transaction — uploaded files, submitted prompts, pasted data — not just domains and IPs. Session-level visibility is impossible at the firewall or DNS layer.

Identity-Aware Policies

Bind policies to users and groups from your IdP — not just IPs. Apply different AI access rules to engineering, legal, HR, and finance with appropriate DLP profiles.

Content Inspection at Upload

Scan file uploads and form submissions in real time. Detect PII, source code, credentials, and financial data before they leave the organization.

Inline vs. API Mode: Detailed Comparison

Aspect Inline Mode API Mode
How it worksForward/reverse proxy in the traffic pathConnects to SaaS APIs (Graph, Google Workspace, etc.)
What it seesFull request/response content, files, prompts, payloadsAPI-level activity logs within sanctioned apps
Best forBlocking access, DLP scanning, real-time enforcementShadow IT discovery, embedded AI features in SaaS
LimitationRequires agent-based traffic steering on endpointsCannot prevent data submission — only detects after the fact
AI tool coverageAll 16,024+ AI domains via blocklist integrationOnly sanctioned apps with API connectors (M365 Copilot, etc.)

Most enterprises deploy both modes simultaneously. Inline mode enforces real-time policies; API mode supplements with retrospective discovery of AI features within sanctioned SaaS platforms.

Netskope Integration

Netskope: Custom App Definitions and Real-Time Protection for AI Domains

Netskope's Cloud Confidence Index (CCI) classifies thousands of cloud apps, but the AI landscape evolves faster than any single vendor catalog. The AI Tools Blocklist bridges this gap with 16,024+ classified AI domains importable as custom app definitions.

Integration Steps

1

Import Blocklist CSV

Load domains grouped by category via Netskope's REST API as custom URL lists.

2

Create Category Policies

Map each URL list to a real-time protection policy with category-appropriate actions.

3

Automate Daily Sync

Daily feed updates push new AI tool domains to Netskope automatically — no manual intervention.

#!/usr/bin/env python3
"""Sync AI Tools Blocklist domains into Netskope as custom app definitions."""

import csv
import requests
import json

NETSKOPE_TENANT = "yourcompany.goskope.com"
API_TOKEN = "your-netskope-api-v2-token"
BLOCKLIST_CSV = "ai_tools_blocklist.csv"

HEADERS = {
    "Netskope-Api-Token": API_TOKEN,
    "Content-Type": "application/json",
}
BASE_URL = f"https://{NETSKOPE_TENANT}/api/v2"

def load_blocklist(path: str) -> dict:
    """Load AI domains grouped by category from the blocklist CSV."""
    categories = {}
    with open(path) as f:
        for row in csv.DictReader(f):
            cat = row.get("primary_category", "Unknown")
            categories.setdefault(cat, []).append({
                "domain": row["domain"].lower(),
                "tool_name": row.get("tool_name", ""),
            })
    return categories

def create_url_list(list_name: str, domains: list) -> int:
    """Create or update a Netskope URL list for a given AI category."""
    payload = {
        "name": list_name,
        "type": "exact",
        "urls": [d["domain"] for d in domains],
    }
    resp = requests.post(
        f"{BASE_URL}/policy/urllist",
        headers=HEADERS,
        json=payload,
    )
    resp.raise_for_status()
    list_id = resp.json()["id"]
    print(f"Created URL list '{list_name}' with {len(domains)} domains (ID: {list_id})")
    return list_id

def create_real_time_policy(category: str, url_list_id: int, action: str):
    """Create a real-time protection policy for an AI tool category."""
    policy = {
        "name": f"AI-Gov-{category.replace(' ', '-')}",
        "policy_type": "real_time",
        "priority": 100,
        "match_criteria": {
            "url_list": [url_list_id],
            "activities": ["upload", "post", "share"],
        },
        "action": action,
        "dlp_profile": "AI-Upload-Sensitive-Data",
        "alert": "yes",
        "log_type": "all",
    }
    resp = requests.post(
        f"{BASE_URL}/policy/realtime",
        headers=HEADERS,
        json=policy,
    )
    resp.raise_for_status()
    print(f"Policy '{policy['name']}' created — action: {action}")

# Define enforcement actions per AI tool category
CATEGORY_ACTIONS = {
    "Text Generation":   "user_alert",    # Coach users, allow with warning
    "Code Generation":   "block",         # Block — source code exfiltration risk
    "Image Generation":  "allow",         # Low data risk — allow with logging
    "Data Analytics":    "block",         # Block — dataset upload risk
    "Voice & Speech":    "block",         # Block — biometric data risk
    "AI Agents":         "block",         # Block — autonomous data access
    "Healthcare AI":     "block",         # Block — PHI/HIPAA risk
}

# Sync blocklist into Netskope
categories = load_blocklist(BLOCKLIST_CSV)
for category, domains in categories.items():
    list_name = f"AIBlocklist-{category.replace(' ', '-')}"
    list_id = create_url_list(list_name, domains)
    action = CATEGORY_ACTIONS.get(category, "user_alert")
    create_real_time_policy(category, list_id, action)

Category Enforcement Actions

Category Action Reason
Text GenerationUser AlertCoach users, allow with data sensitivity warning
Code GenerationBlockSource code exfiltration & IP exposure risk
Image GenerationAllow + LogLow data sensitivity from text-to-image prompts
Data AnalyticsBlockUsers upload entire datasets with sensitive records
Voice & SpeechBlockBiometric voice data exposure risk
AI AgentsBlockAutonomous data access beyond user intent
Healthcare AIBlockPHI/HIPAA compliance exposure

Configure the DLP profile AI-Upload-Sensitive-Data to match your organization's sensitive data patterns — credit card numbers, SSNs, API keys, and internal project names.

Steering Configuration Required

All AI-related domain traffic must be steered through Netskope's inline proxy. Without proper steering, traffic to novel AI tools bypasses the CASB entirely, and your governance policies are ineffective. The AI Tools Blocklist provides the comprehensive domain list needed for full steering coverage.

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps: Session Policies and Conditional Access

MCAS integrates natively with Entra ID Conditional Access, Defender for Endpoint, and the Microsoft 365 security stack. For Microsoft-centric organizations, it provides the most friction-free path to CASB-based AI governance.

How MCAS Discovers AI Tools

Cloud Discovery (Log Collection)

Analyzes firewall and proxy traffic logs to identify cloud apps in use, user counts, and data upload volumes.

Defender for Endpoint Signals

Network telemetry from managed endpoints captures AI tool access even when traffic bypasses the proxy.

AI Tools Blocklist Enrichment

Tag every AI-related app with custom risk scores and governance tags. Newly launched AI tools are immediately identified and tagged as "unsanctioned."

# MCAS API: Tag AI tools in Cloud App Catalog and create governance policies
# Requires: MCAS API token with manage permissions

$McasUrl = "https://yourcompany.portal.cloudappsecurity.com"
$ApiToken = "your-mcas-api-token"
$Headers = @{
    "Authorization" = "Token $ApiToken"
    "Content-Type"  = "application/json"
}

# Step 1: Import AI Tools Blocklist and tag apps in the catalog
$blocklist = Import-Csv "ai_tools_blocklist.csv"
$tagMap = @{
    "Text Generation"   = "AI-TextGen-Unsanctioned"
    "Code Generation"   = "AI-CodeGen-Blocked"
    "Image Generation"  = "AI-ImageGen-Monitor"
    "Data Analytics"    = "AI-Analytics-Blocked"
    "AI Agents"         = "AI-Agents-Blocked"
    "Voice & Speech"    = "AI-Voice-Blocked"
}

foreach ($entry in $blocklist) {
    $tag = $tagMap[$entry.primary_category]
    if (-not $tag) { $tag = "AI-Tool-Unclassified" }

    # Search for the app in the MCAS catalog by domain
    $searchBody = @{
        filters = @{
            domain = @{ eq = @($entry.domain) }
        }
    } | ConvertTo-Json -Depth 5

    $apps = Invoke-RestMethod "$McasUrl/api/v1/discovery/discovered_apps/" `
        -Method POST -Headers $Headers -Body $searchBody

    foreach ($app in $apps.data) {
        # Mark as unsanctioned and apply category tag
        $tagBody = @{
            filters = @{ appId = @{ eq = @($app.appId) } }
            appTags = @($tag)
            sanctioned = $false
        } | ConvertTo-Json -Depth 5

        Invoke-RestMethod "$McasUrl/api/v1/discovery/discovered_apps/bulk/" `
            -Method POST -Headers $Headers -Body $tagBody
    }
}

# Step 2: Create an App Discovery Policy for new AI tools
$discoveryPolicy = @{
    name        = "New AI Tool Detected"
    description = "Alert when a previously unseen AI tool is accessed"
    policyType  = "discovery"
    severity    = "MEDIUM"
    enabled     = $true
    filters     = @{
        tag     = @{ eq = @("AI-Tool-Unclassified", "AI-TextGen-Unsanctioned") }
        userCount = @{ gte = 1 }
    }
    alertActions = @{
        sendAlert    = $true
        alertRecipients = @("[email protected]")
        markUnsanctioned = $true
    }
} | ConvertTo-Json -Depth 5

Invoke-RestMethod "$McasUrl/api/v1/policies/" `
    -Method POST -Headers $Headers -Body $discoveryPolicy

# Step 3: Create a Session Policy for sanctioned AI tools
# (Requires Conditional Access App Control configured in Azure AD)
$sessionPolicy = @{
    name        = "AI Tool Upload Inspection"
    description = "Scan all file uploads to sanctioned AI tools for sensitive content"
    policyType  = "session"
    sessionControlType = "controlFileUpload"
    severity    = "HIGH"
    enabled     = $true
    filters     = @{
        app     = @{ eq = @("ChatGPT", "Microsoft Copilot", "Claude") }
        activity = @{ eq = @("upload") }
    }
    contentInspection = @{
        enabled = $true
        dlpProfiles = @("PII-Detection", "Source-Code-Detection", "Financial-Data")
    }
    actions     = @{
        blockUpload = $true
        notifyUser  = "This upload was blocked because it contains sensitive data."
        alert       = $true
    }
} | ConvertTo-Json -Depth 5

Invoke-RestMethod "$McasUrl/api/v1/policies/" `
    -Method POST -Headers $Headers -Body $sessionPolicy

Write-Host "AI governance policies deployed to MCAS successfully."

What the Script Does

1

Tag & Mark Unsanctioned

Imports the blocklist and tags each app in the MCAS catalog with a category-specific label. Marks all as unsanctioned to trigger governance workflows.

2

Discovery Policy

Fires when a new or unclassified AI tool appears in network traffic. Alerts the SOC and auto-marks the app as unsanctioned.

3

Session Policy (DLP)

Inspects all file uploads to sanctioned AI tools (ChatGPT, Copilot, Claude) against DLP profiles for PII, source code, and financial data.

The Session Policy requires Azure AD Conditional Access App Control, which routes sessions through the MCAS reverse proxy. For organizations already using Conditional Access for M365, extending it to AI tools is a configuration change — not an architecture change.

Conditional Access Integration for AI Tools

Combine Conditional Access with MCAS session controls to enforce layered access policies for AI tools.

A typical AI governance conditional access policy requires all of:

User is a member of the "AI-Approved-Users" security group
Device is Intune-compliant (patched, encrypted, EDR active)
Sign-in risk level is Low (no anomalies detected)
Session is routed through MCAS for DLP content inspection

Users who don't meet all four conditions are denied access entirely. This enables nuanced policies: allow GitHub Copilot from a managed device on the corporate network, but block from personal devices or unfamiliar locations.

Zscaler Integration

Zscaler: Cloud Application Control and SSL Inspection for AI Domains

Zscaler Internet Access (ZIA) provides inline CASB through its cloud proxy architecture. The AI Tools Blocklist integrates through custom URL categories and cloud application control policies.

Key Zscaler capabilities for AI governance:

Import the full blocklist as categorized custom URL lists across all 18 categories
Custom categories available in firewall rules, URL filtering, DLP, and app control policies
Granular activity controls for major AI tools (login, upload, download, API calls)
Pairs with existing Zscaler AI blocking configuration
SSL Inspection Is Mandatory

Without SSL inspection, Zscaler sees only the domain name (from the SNI field) but cannot inspect uploaded content. DLP policies won't scan AI tool submissions, and activity controls can't distinguish browsing from data exfiltration. Add all AI tool URL categories to the SSL inspection include list with zero exceptions.

Granular Activity Controls

Browse-only access

Allow browsing ChatGPT but block file uploads and paste operations.

Subnet-based API access

Allow API access to Claude from the engineering subnet but block web interface from all others.

Download controls

Allow AI tool interaction but block download of generated content that may contain hallucinated data.

The AI Tools Blocklist covers the long tail of AI tools that Zscaler's built-in catalog does not recognize. Combined with Zscaler's native activity controls for major platforms, this provides comprehensive AI governance.

URL Filtering for AI Domains

Map each of the 18 AI tool categories to a separate Zscaler URL category. Block, allow with caution, or monitor based on your risk appetite.

SSL Inspection Enforcement

Enable mandatory SSL decryption for all AI tool URL categories. Ensure AI domains never fall into bypass or exempt categories.

Tiered Governance Model

Sanctioned, Tolerated, and Blocked: A Three-Tier AI App Governance Model

Blanket bans drive adoption underground. Effective governance uses a tiered model that recognizes productivity benefits while managing data risks.

The AI Tools Blocklist's 18-category taxonomy maps directly to this model. New domains auto-inherit their category's governance tier daily.

Sanctioned

Vetted, contracted, and fully governed. DLP inline scanning on all uploads. Session controls enforced. Activity logging enabled. Conditional access policies require managed device + compliant posture. Vendor DPA and exit strategy in place.

Tolerated

Permitted with monitoring. User coaching alerts on access. DLP blocks sensitive data uploads. Full session logging for audit trail. No vendor agreement — not approved for confidential data. Quarterly review for promotion to sanctioned or demotion to blocked.

Blocked

All access denied at the CASB. Users redirected to internal AI tool request portal. Default tier for all unassessed domains. Automatic classification via AI Tools Blocklist category mapping. Assessed tools that fail security review remain permanently blocked.

DLP Content Inspection for AI Tool Uploads

DLP scanning is the most critical control for sanctioned and tolerated tiers. The risk shifts from unauthorized access to unauthorized data submission.

AI-specific DLP profiles should detect:

Source code patterns — function definitions, import statements, class declarations
API keys & credentials — AWS keys, Azure connection strings, GitHub tokens, DB credentials
Internal identifiers — employee IDs, project code names, customer account numbers
Financial data — revenue figures, margin calculations, financial statement line items
Standard PII — credit card numbers, Social Security numbers, personal records
Bulk text submissions — anything over 5,000 characters likely represents a pasted document or code file

Graduated DLP Response Actions

Content Detected Action Alert Level
Internal project nameUser coaching notificationInformational
Credit card / SSNBlock submission + SOC alertHigh
Source code + embedded API keysBlock + alert + escalate as credential exposureCritical

This graduated response avoids alert fatigue while ensuring high-risk data submissions are stopped immediately. See our AI data handling policy guide for detailed DLP profile configuration.

Session Controls and Tenant Restrictions

Available CASB session controls:

Clipboard restrictions — prevent copy-paste of AI output into internal systems without review
Download blocking — prevent downloading AI-generated files that may contain hallucinated data
Watermarking — inject tracking identifiers into content viewed through the CASB proxy
Session time limits — auto-terminate AI tool sessions after a defined period

Tenant restrictions ensure employees use your enterprise AI tenant (where DPAs apply) — not personal accounts where data may be used for model training.

MCAS

Session policies check the tenant identifier in authentication tokens. Integrates with Entra ID Conditional Access App Control.

Netskope

Tenant restrictions configured through Steering Configuration with HTTP header injection rules for AI tool domains.

Zscaler

Custom header insertion rules in URL filtering policies restrict access to approved organizational tenants only.

Shadow IT Discovery

Shadow AI Discovery: Using CASB Telemetry to Find What You Cannot See

Employees don't submit procurement requests to use a free AI chatbot. They open a browser tab and start working. CASB telemetry enriched with the AI Tools Blocklist is the most effective mechanism for discovering shadow AI at scale.

How CASB Shadow AI Discovery Works

1
Ingest traffic

CASB analyzes inline proxy traffic or ingests logs from firewalls, proxies, and DNS servers.

2
Correlate against blocklist

Match observed domains against 16,024+ AI-specific domains. Without the blocklist, obscure AI tools appear as "uncategorized web traffic."

3
Alert on new AI tools

Generate automated alerts including category classification, users who accessed it, data volume uploaded, and recommended governance action.

4
Auto-enforce default tier

New AI tools enter the Blocked tier by default. CASB enforces the block while the security team assesses for promotion to Tolerated or Sanctioned.

Continuous Discovery

Correlate all web traffic against the daily-updated blocklist. New AI domains trigger SOC alerts with category, risk score, and recommended governance tier. Integrate with your shadow AI detection program.

Usage Analytics

CASB telemetry reveals data volume uploaded, session frequency, peak usage times, and which departments adopt AI tools fastest. A tool used by one employee is a different risk than one embedded in a team's daily workflow.

Daily update cadence ensures even the newest AI tools are captured within 24 hours. No AI tool operates in a governance vacuum — every tool is either assessed and governed, or blocked pending assessment.

Start with a Retrospective Analysis

Run your existing CASB or proxy logs against the full AI Tools Blocklist. Most organizations discover employees use 5–10x more AI tools than leadership expects. This baseline provides the urgency needed to fund a CASB-based AI governance program. Automate via the AI Tools Blocklist API.

Deploy CASB-Based AI Governance in Your Environment

Tell us which CASB platform you use. Our team will help you design and deploy a complete AI governance architecture.

Request a CASB Integration Consultation

Tell us which CASB platform you use and how you want to govern AI tool access across your organization.