AI Tools Blocklist
Home AI Tools Database Taxonomy Pricing
Solutions
Enterprise IT & CISO Education Firewall Admins Shadow AI Prevention
Integrations
Palo Alto Networks FortiGate Cisco Umbrella pfSense REST API
Download Free Sample
AI Chatbot Blocking

Block AI Chatbots Across Your Organization

Every major AI chatbot has web interfaces, API endpoints, mobile apps, and browser extensions your users can reach. Block them all with our daily-updated domain lists covering 16,024+ AI-tool domains.

10+Major Chatbots
200+Chatbot Domains
16,024+Total AI Domains
DailyUpdates
Download Sample Blocklist View Pricing
The Risk

Why Organizations Block AI Chatbots

AI chatbots are the single largest vector for unauthorized data exfiltration in the modern enterprise. Unlike traditional SaaS tools, they require no procurement review — any employee can access them in seconds.

Source Code Exposure Employees paste proprietary code into ChatGPT to debug it. That code leaves your network and enters a third-party system.
Confidential Document Uploads Users upload financial spreadsheets to Claude or feed draft merger agreements to Gemini for summarization.
Training Data Risk Terms of service may permit the provider to use submitted content for model training. Your data could influence future model outputs.

Compliance Exposure by Regulation

Regulation Sector Penalty Key Risk
HIPAA Healthcare Up to $1.5M per violation category No major chatbot offers BAAs for consumer chat interfaces
SOX / GLBA / SEC Financial Services Regulatory action + fiduciary breach Fiduciary obligation to control customer financial data flows
GDPR Any (EU data subjects) Up to 4% of global revenue No valid legal basis or DPA for chatbot processing of personal data

Pasting regulated data into a chatbot constitutes a compliance violation under each of these frameworks.

The Shadow AI Problem

Unauthorized chatbot usage undermines IT governance across every dimension:

No visibility — IT has zero insight into what data was shared with the chatbot
No audit trail — no logs of prompts, responses, or uploaded files
No data classification enforcement — sensitive data can be pasted without any DLP check
No accuracy controls — AI-generated outputs go unreviewed and may be incorrect
Fastest-growing shadow IT category — outpacing even unauthorized cloud storage adoption

Controlled AI Adoption

Many organizations prefer to evaluate and approve specific AI tools through procurement rather than allowing uncontrolled access. Block all AI chatbots at the network level, then selectively allow approved tools through an exception process. This gives IT the control it needs while still enabling productive AI adoption.

Real-World Data Leakage Incidents

Samsung engineers pasted proprietary semiconductor source code into ChatGPT. An Amazon lawyer discovered employees were using ChatGPT outputs that closely mirrored confidential internal documents. A major healthcare system found clinical staff submitting patient records to AI chatbots for note summarization. In every case, the data left the organization's control before security teams even knew it was happening. Proactive blocking prevents these incidents entirely.

Domain Intelligence

Complete Domain Lists for Major AI Chatbots

Blocking a chatbot by its primary domain alone is insufficient. Each service operates across multiple domains — web interfaces, API endpoints, CDN assets, authentication services, and ancillary properties.

ChatGPT (OpenAI)

openai.com
chat.openai.com
chatgpt.com
api.openai.com
cdn.oaistatic.com
auth0.openai.com
platform.openai.com

Claude (Anthropic)

claude.ai
anthropic.com
api.anthropic.com
console.anthropic.com
docs.anthropic.com

Gemini (Google)

gemini.google.com
bard.google.com
generativelanguage.googleapis.com
aistudio.google.com
deepmind.google

DeepSeek

deepseek.com
chat.deepseek.com
api.deepseek.com
coder.deepseek.com
platform.deepseek.com

Perplexity & Copilot

perplexity.ai
api.perplexity.ai
copilot.microsoft.com
copilot.cloud.microsoft
sydney.bing.com

Character.ai, Pi & Others

character.ai
beta.character.ai
pi.ai
heypi.com
inflection.ai
meta.ai
llama.meta.com
chat.mistral.ai
mistral.ai
api.mistral.ai

Hosts File Format

Deploy this hosts-format blocklist directly to workstations or import it into DNS sinkhole solutions. Each domain resolves to 0.0.0.0 for immediate connection failure instead of timeout.

# AI Chatbot Blocklist — Hosts File Format
# Source: aitoolsblocklist.com | Updated daily

# ChatGPT (OpenAI)
0.0.0.0  openai.com
0.0.0.0  chat.openai.com
0.0.0.0  chatgpt.com
0.0.0.0  api.openai.com
0.0.0.0  cdn.oaistatic.com
0.0.0.0  auth0.openai.com
0.0.0.0  platform.openai.com

# Claude (Anthropic)
0.0.0.0  claude.ai
0.0.0.0  anthropic.com
0.0.0.0  api.anthropic.com
0.0.0.0  console.anthropic.com

# Gemini (Google)
0.0.0.0  gemini.google.com
0.0.0.0  bard.google.com
0.0.0.0  generativelanguage.googleapis.com
0.0.0.0  aistudio.google.com

# DeepSeek
0.0.0.0  deepseek.com
0.0.0.0  chat.deepseek.com
0.0.0.0  api.deepseek.com

# Perplexity
0.0.0.0  perplexity.ai
0.0.0.0  api.perplexity.ai

# Microsoft Copilot
0.0.0.0  copilot.microsoft.com
0.0.0.0  copilot.cloud.microsoft

# Character.ai / Pi / Meta AI / Mistral
0.0.0.0  character.ai
0.0.0.0  beta.character.ai
0.0.0.0  pi.ai
0.0.0.0  heypi.com
0.0.0.0  inflection.ai
0.0.0.0  meta.ai
0.0.0.0  llama.meta.com
0.0.0.0  chat.mistral.ai
0.0.0.0  mistral.ai
0.0.0.0  api.mistral.ai

DNS Response Policy Zone (RPZ) Format

For BIND, Unbound, or commercial DNS resolvers with RPZ support, use this zone file format. RPZ supports wildcard entries that catch subdomains automatically — critical for vendors that frequently add new subdomains without announcement.

; AI Chatbot RPZ Zone File
; Add to your RPZ zone and reload BIND/Unbound

; ChatGPT — wildcard catches all subdomains
openai.com             CNAME .
*.openai.com            CNAME .
chatgpt.com             CNAME .
*.chatgpt.com           CNAME .
cdn.oaistatic.com       CNAME .

; Claude
claude.ai               CNAME .
*.claude.ai             CNAME .
anthropic.com           CNAME .
*.anthropic.com         CNAME .

; Gemini
gemini.google.com       CNAME .
bard.google.com         CNAME .
generativelanguage.googleapis.com  CNAME .
aistudio.google.com     CNAME .

; DeepSeek
deepseek.com            CNAME .
*.deepseek.com          CNAME .

; Perplexity / Copilot / Character.ai / Pi / Meta / Mistral
perplexity.ai           CNAME .
*.perplexity.ai         CNAME .
copilot.microsoft.com   CNAME .
character.ai            CNAME .
*.character.ai          CNAME .
pi.ai                   CNAME .
heypi.com               CNAME .
meta.ai                 CNAME .
chat.mistral.ai         CNAME .
*.mistral.ai            CNAME .
Attack Surface

Blocking API Endpoints vs Web Interfaces

Most administrators start by blocking web interfaces — the URLs users type in their browsers. This handles visible usage but leaves API endpoints wide open.

Web Interface Blocking

Blocks browser-based access to chat.openai.com, claude.ai, and similar URLs. Handles the most common access method for non-technical users.

The API Gap

An employee who finds the web UI blocked can install a Python package, set an API key, and access the same model through api.openai.com — a completely different domain.

Domain Mapping by Chatbot Service

Chatbot Web Interface API Endpoint CDN / Auth
ChatGPT chat.openai.com, chatgpt.com api.openai.com cdn.oaistatic.com, auth0.openai.com
Claude claude.ai api.anthropic.com console.anthropic.com
Gemini gemini.google.com generativelanguage.googleapis.com aistudio.google.com
DeepSeek chat.deepseek.com api.deepseek.com platform.deepseek.com

Gemini's API lives on generativelanguage.googleapis.com — a subdomain of the shared Google infrastructure domain. Blocking all of googleapis.com would break legitimate Google services, so you must target the specific AI subdomain.

CDN Domains ChatGPT loads JavaScript and CSS from cdn.oaistatic.com. Blocking the main domain alone leaves partial functionality or confusing errors.
Authentication Domains Login flows use separate domains like auth0.openai.com. A complete block requires covering primary, API, CDN, and auth domains.

Web Interfaces

Block these first — the most common access method. Covers chatgpt.com, claude.ai, gemini.google.com, and similar browser-based chat UIs.

API Endpoints

Developers and power users access models via api.openai.com and api.anthropic.com. These must be blocked independently from web UIs.

CDN & Auth Domains

Supporting infrastructure for assets, authentication, and streaming. Without blocking these, partial functionality may remain accessible.

Automatic Domain Tracking

Our AI Tools Blocklist tracks all domains for each chatbot service — web interfaces, APIs, CDNs, authentication endpoints, and developer platforms. When a vendor adds a new subdomain or migrates to a different CDN, our daily scanning pipeline detects the change and updates the feed automatically.

Endpoint Controls

Mobile App and Browser Extension Blocking

Every major AI chatbot now ships a mobile app. Mobile apps bypass web-based blocking because they connect directly to API endpoints, not through a browser.

ChatGPT — available on iOS and Android with direct API access
Claude — mobile apps on both iOS and Android platforms
Gemini — integrated into the Google app on both platforms
Copilot — built into the Microsoft 365 mobile suite

Combine DNS-level blocking with MDM policies that prevent installation of specific apps on managed devices.

MDM Blocking by Platform

1
iOS — Apple Business Manager + MDM Use Jamf, Intune, or Mosyle to create an app restriction profile. Block App Store identifiers: ChatGPT (id6448311069), Claude (id6473753684), and Gemini.
2
Android — Android Enterprise Use managed Google Play configuration to exclude specific app package names from the allowed list. Prevents installation regardless of network configuration.

Browser Extension Threats

ChatGPT & Third-Party Extensions The ChatGPT browser extension and dozens of third-party AI assistants on the Chrome Web Store provide chatbot access from within the browser — without navigating to a blocked website.
Copilot Sidebar in Edge The built-in Copilot sidebar is not a traditional extension. It must be disabled via a separate Group Policy setting (HubsSidebarEnabled), not the extension blocklist.
Extension API Calls Even with chatgpt.com blocked at the network level, a browser extension can interact with the model through its sidebar interface using its own network calls to API endpoints.
# Windows Group Policy: Block AI chatbot browser extensions
# Deploy via GPO or Intune configuration profile

# Chrome — ExtensionInstallBlocklist (Registry)
HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlocklist
  "1" = "obdikmjfinmclgklelghjpigpheblkol"  # ChatGPT extension
  "2" = "jgeljgmpcnhpfacijbdnillaoelpmank"  # Claude extension
  "3" = "efbjaemollihicpgegoailnlhmpakfhb"  # Perplexity extension

# Edge — same registry path, different key
HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist
  "1" = "obdikmjfinmclgklelghjpigpheblkol"

# Edge — Disable built-in Copilot sidebar
HKLM\SOFTWARE\Policies\Microsoft\Edge
  "HubsSidebarEnabled" = dword:00000000
  "CopilotPageContext" = dword:00000000
  "CopilotCDPPageContext" = dword:00000000

Allowlist-Only Model

For maximum security, use ExtensionInstallAllowlist to permit only approved extensions and deny everything else. This is more secure than blocklisting individual extensions but requires more administrative effort to maintain.

DNS Layer

DNS-Level Chatbot Blocking

DNS-level blocking is the most effective single layer of defense against AI chatbot access. Every device on the network is affected regardless of the application used.

Blocks desktops, laptops, tablets, phones, and IoT devices simultaneously
Works for web browsers, mobile apps, desktop clients, CLI tools, and VS Code extensions
Blocks the DNS query before any network connection is established
Application-agnostic — no per-app configuration required

DNS Sinkhole Integration

Pi-hole Supports custom blocklists in hosts-file and DNSBL formats. Add our feed URL as a blocklist source and Pi-hole fetches the updated list on its configured schedule.
AdGuard Home Supports the same formats as Pi-hole and additionally supports DNS-over-HTTPS and DNS-over-TLS upstream configurations that coexist with local blocklists.
# Pi-hole / dnsmasq: Block AI chatbot domains
# Add to /etc/dnsmasq.d/ai-chatbots.conf

# ChatGPT
address=/openai.com/0.0.0.0
address=/chatgpt.com/0.0.0.0
address=/oaistatic.com/0.0.0.0

# Claude
address=/claude.ai/0.0.0.0
address=/anthropic.com/0.0.0.0

# Gemini
address=/gemini.google.com/0.0.0.0
address=/bard.google.com/0.0.0.0
address=/generativelanguage.googleapis.com/0.0.0.0

# DeepSeek / Perplexity / Copilot / Others
address=/deepseek.com/0.0.0.0
address=/perplexity.ai/0.0.0.0
address=/copilot.microsoft.com/0.0.0.0
address=/character.ai/0.0.0.0
address=/pi.ai/0.0.0.0
address=/heypi.com/0.0.0.0
address=/meta.ai/0.0.0.0
address=/mistral.ai/0.0.0.0

# Restart dnsmasq to apply
# sudo systemctl restart dnsmasq

# Pi-hole: alternatively, add our feed URL as a blocklist source
# Settings → Blocklists → Add URL:
# https://feeds.aitoolsblocklist.com/v1/hosts/chatbots?key=YOUR_API_KEY

Enterprise DNS Platforms

Windows DNS, Active Directory-integrated DNS, Infoblox, and BlueCat typically support RPZ or DNS firewall feeds rather than hosts-file blocklists. Our feed is available in RPZ format — load it as a zone file and apply it as a policy layer. RPZ supports wildcard entries, so a single rule for *.openai.com catches every current and future subdomain.

Why DNS Beats Firewall and Proxy Blocking

Firewall Limitation Only blocks traffic that traverses the firewall. Users on VPN split-tunnel configurations who route DNS queries through a different resolver are unaffected.
Proxy Limitation Only blocks traffic that flows through the proxy. Many AI desktop clients and CLI tools ignore system proxy settings entirely.
DNS Advantage When all devices must use your internal resolvers, DNS blocking provides a universal layer that is difficult to circumvent without deliberate effort.
Bypass Detection

Detecting and Preventing Bypass Attempts

Determined users will try to circumvent chatbot blocking. The most common techniques are DNS-over-HTTPS (DoH), VPN/proxy services, alternative DNS resolvers, and AI chatbot aggregator sites.

DNS-over-HTTPS (DoH) Mitigation

1
Block DoH Resolver IPs at Firewall Block outbound access to known DoH resolver IPs (1.1.1.1, 8.8.8.8, 9.9.9.9, 208.67.222.222) on TCP port 443.
2
Disable DoH in Chrome via Group Policy Set the DnsOverHttpsMode policy to off to prevent encrypted DNS queries that bypass your internal resolvers.
3
Disable DoH in Firefox Set network.trr.mode to 5 (disabled) via the Enterprise Policy engine to force standard DNS resolution.

VPN & Proxy Mitigation

Block outbound connections to known VPN provider IP ranges at the firewall
Block known commercial proxy services and web-based proxy tools
Monitor for sustained TLS connections to unclassified IP addresses — often VPN tunnels
Use EDR tools to detect VPN client software installed on managed endpoints

Block DNS-over-HTTPS

Disable DoH in browsers via Group Policy. Block outbound connections to known DoH resolver IPs (1.1.1.1, 8.8.8.8, 9.9.9.9, 208.67.222.222) at the firewall. Force all DNS queries through your internal resolvers where the chatbot blocklist is enforced.

Monitor for VPN/Proxy Use

Block known VPN provider IP ranges and commercial proxy services at the firewall. Use EDR to detect VPN client software on managed endpoints. Monitor for sustained TLS connections to unclassified IP addresses that may indicate tunnel traffic.

Catch Aggregator Sites

Hundreds of third-party websites proxy AI chatbot APIs behind their own domains — offering "free ChatGPT" or "unblocked AI chat." Our blocklist includes these aggregator and proxy domains in addition to the primary chatbot domains, covering a bypass vector that manual lists always miss.

Log and Alert

Configure your DNS sinkhole and firewall to log all blocked AI chatbot queries. Forward these logs to your SIEM and set alerts for users with high block counts — they may be actively searching for bypass methods. Correlate with EDR telemetry for a complete picture.

Most Overlooked Bypass: Aggregator Sites

A user who finds chatgpt.com blocked can search for "free ChatGPT online" and find dozens of proxy sites within seconds. These sites appear and disappear daily, making manual tracking impractical. Our daily scanning of 300,000+ newly registered domains automatically detects and classifies these proxy and aggregator domains.

Staying Current

Beyond Manual Lists: Continuous Coverage

The static blocklist you build today will be incomplete within a week. New AI chatbots launch constantly, and existing ones add domains without announcement.

How Fast Things Change

DeepSeek went from obscurity to one of the most-used chatbots in weeks. The ChatGPT ecosystem expanded from three domains in early 2023 to more than a dozen in 2026. Each new domain is a gap in any static blocklist.

Automated Pipeline Capabilities

Daily Domain Scanning Our pipeline scans 300,000+ newly registered and updated domains every day against a classifier trained on a 102-million-domain corpus.
24-Hour Detection When a new chatbot launches or an existing one adds a domain, the classifier detects, verifies, and adds it to the feed — typically within 24 hours.
Simultaneous Format Updates Every supported format — hosts file, RPZ zone, JSON API, CSV export, firewall EDL — updates simultaneously. Your blocking infrastructure stays current regardless of integration method.

What 200+ Chatbot Domains Cover

Dedicated chatbot services and their primary web interfaces
API endpoints, CDN domains, and authentication services
Hundreds of aggregator and proxy sites that wrap chatbot APIs behind third-party domains
The long tail that no manually curated list can cover — where most bypass attempts succeed
Zero ongoing maintenance — always comprehensive, always current

Feed Coverage by the Numbers

16,024+
Total AI domains tracked
200+
Chatbot-specific domains
300K
Domains scanned daily
18
AI tool categories

Ready to Block AI Chatbots?

Download the free sample to test in your environment today. Or tell us your blocking requirements and we will provide a comprehensive chatbot domain feed within 24 hours.

Download Free Sample View Plans

Get Your AI Chatbot Blocklist

Tell us about your environment and blocking requirements. We will provide a comprehensive chatbot domain list within 24 hours.