Every major AI chatbot has web interfaces, API endpoints, mobile apps, and browser extensions your users can reach. Block them all with our daily-updated domain lists covering 16,024+ AI-tool domains.
AI chatbots are the single largest vector for unauthorized data exfiltration in the modern enterprise. Unlike traditional SaaS tools, they require no procurement review — any employee can access them in seconds.
| Regulation | Sector | Penalty | Key Risk |
|---|---|---|---|
| HIPAA | Healthcare | Up to $1.5M per violation category | No major chatbot offers BAAs for consumer chat interfaces |
| SOX / GLBA / SEC | Financial Services | Regulatory action + fiduciary breach | Fiduciary obligation to control customer financial data flows |
| GDPR | Any (EU data subjects) | Up to 4% of global revenue | No valid legal basis or DPA for chatbot processing of personal data |
Pasting regulated data into a chatbot constitutes a compliance violation under each of these frameworks.
Unauthorized chatbot usage undermines IT governance across every dimension:
Many organizations prefer to evaluate and approve specific AI tools through procurement rather than allowing uncontrolled access. Block all AI chatbots at the network level, then selectively allow approved tools through an exception process. This gives IT the control it needs while still enabling productive AI adoption.
Samsung engineers pasted proprietary semiconductor source code into ChatGPT. An Amazon lawyer discovered employees were using ChatGPT outputs that closely mirrored confidential internal documents. A major healthcare system found clinical staff submitting patient records to AI chatbots for note summarization. In every case, the data left the organization's control before security teams even knew it was happening. Proactive blocking prevents these incidents entirely.
Blocking a chatbot by its primary domain alone is insufficient. Each service operates across multiple domains — web interfaces, API endpoints, CDN assets, authentication services, and ancillary properties.
openai.com
chat.openai.com
chatgpt.com
api.openai.com
cdn.oaistatic.com
auth0.openai.com
platform.openai.com
claude.ai
anthropic.com
api.anthropic.com
console.anthropic.com
docs.anthropic.com
gemini.google.com
bard.google.com
generativelanguage.googleapis.com
aistudio.google.com
deepmind.google
deepseek.com
chat.deepseek.com
api.deepseek.com
coder.deepseek.com
platform.deepseek.com
perplexity.ai
api.perplexity.ai
copilot.microsoft.com
copilot.cloud.microsoft
sydney.bing.com
character.ai
beta.character.ai
pi.ai
heypi.com
inflection.ai
meta.ai
llama.meta.com
chat.mistral.ai
mistral.ai
api.mistral.ai
Deploy this hosts-format blocklist directly to workstations or import it into DNS sinkhole solutions. Each domain resolves to 0.0.0.0 for immediate connection failure instead of timeout.
# AI Chatbot Blocklist — Hosts File Format # Source: aitoolsblocklist.com | Updated daily # ChatGPT (OpenAI) 0.0.0.0 openai.com 0.0.0.0 chat.openai.com 0.0.0.0 chatgpt.com 0.0.0.0 api.openai.com 0.0.0.0 cdn.oaistatic.com 0.0.0.0 auth0.openai.com 0.0.0.0 platform.openai.com # Claude (Anthropic) 0.0.0.0 claude.ai 0.0.0.0 anthropic.com 0.0.0.0 api.anthropic.com 0.0.0.0 console.anthropic.com # Gemini (Google) 0.0.0.0 gemini.google.com 0.0.0.0 bard.google.com 0.0.0.0 generativelanguage.googleapis.com 0.0.0.0 aistudio.google.com # DeepSeek 0.0.0.0 deepseek.com 0.0.0.0 chat.deepseek.com 0.0.0.0 api.deepseek.com # Perplexity 0.0.0.0 perplexity.ai 0.0.0.0 api.perplexity.ai # Microsoft Copilot 0.0.0.0 copilot.microsoft.com 0.0.0.0 copilot.cloud.microsoft # Character.ai / Pi / Meta AI / Mistral 0.0.0.0 character.ai 0.0.0.0 beta.character.ai 0.0.0.0 pi.ai 0.0.0.0 heypi.com 0.0.0.0 inflection.ai 0.0.0.0 meta.ai 0.0.0.0 llama.meta.com 0.0.0.0 chat.mistral.ai 0.0.0.0 mistral.ai 0.0.0.0 api.mistral.ai
For BIND, Unbound, or commercial DNS resolvers with RPZ support, use this zone file format. RPZ supports wildcard entries that catch subdomains automatically — critical for vendors that frequently add new subdomains without announcement.
; AI Chatbot RPZ Zone File ; Add to your RPZ zone and reload BIND/Unbound ; ChatGPT — wildcard catches all subdomains openai.com CNAME . *.openai.com CNAME . chatgpt.com CNAME . *.chatgpt.com CNAME . cdn.oaistatic.com CNAME . ; Claude claude.ai CNAME . *.claude.ai CNAME . anthropic.com CNAME . *.anthropic.com CNAME . ; Gemini gemini.google.com CNAME . bard.google.com CNAME . generativelanguage.googleapis.com CNAME . aistudio.google.com CNAME . ; DeepSeek deepseek.com CNAME . *.deepseek.com CNAME . ; Perplexity / Copilot / Character.ai / Pi / Meta / Mistral perplexity.ai CNAME . *.perplexity.ai CNAME . copilot.microsoft.com CNAME . character.ai CNAME . *.character.ai CNAME . pi.ai CNAME . heypi.com CNAME . meta.ai CNAME . chat.mistral.ai CNAME . *.mistral.ai CNAME .
Most administrators start by blocking web interfaces — the URLs users type in their browsers. This handles visible usage but leaves API endpoints wide open.
Blocks browser-based access to chat.openai.com, claude.ai, and similar URLs. Handles the most common access method for non-technical users.
An employee who finds the web UI blocked can install a Python package, set an API key, and access the same model through api.openai.com — a completely different domain.
| Chatbot | Web Interface | API Endpoint | CDN / Auth |
|---|---|---|---|
| ChatGPT | chat.openai.com, chatgpt.com | api.openai.com | cdn.oaistatic.com, auth0.openai.com |
| Claude | claude.ai | api.anthropic.com | console.anthropic.com |
| Gemini | gemini.google.com | generativelanguage.googleapis.com | aistudio.google.com |
| DeepSeek | chat.deepseek.com | api.deepseek.com | platform.deepseek.com |
Gemini's API lives on generativelanguage.googleapis.com — a subdomain of the shared Google infrastructure domain. Blocking all of googleapis.com would break legitimate Google services, so you must target the specific AI subdomain.
Block these first — the most common access method. Covers chatgpt.com, claude.ai, gemini.google.com, and similar browser-based chat UIs.
Developers and power users access models via api.openai.com and api.anthropic.com. These must be blocked independently from web UIs.
Supporting infrastructure for assets, authentication, and streaming. Without blocking these, partial functionality may remain accessible.
Our AI Tools Blocklist tracks all domains for each chatbot service — web interfaces, APIs, CDNs, authentication endpoints, and developer platforms. When a vendor adds a new subdomain or migrates to a different CDN, our daily scanning pipeline detects the change and updates the feed automatically.
Every major AI chatbot now ships a mobile app. Mobile apps bypass web-based blocking because they connect directly to API endpoints, not through a browser.
Combine DNS-level blocking with MDM policies that prevent installation of specific apps on managed devices.
HubsSidebarEnabled), not the extension blocklist.
# Windows Group Policy: Block AI chatbot browser extensions # Deploy via GPO or Intune configuration profile # Chrome — ExtensionInstallBlocklist (Registry) HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlocklist "1" = "obdikmjfinmclgklelghjpigpheblkol" # ChatGPT extension "2" = "jgeljgmpcnhpfacijbdnillaoelpmank" # Claude extension "3" = "efbjaemollihicpgegoailnlhmpakfhb" # Perplexity extension # Edge — same registry path, different key HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist "1" = "obdikmjfinmclgklelghjpigpheblkol" # Edge — Disable built-in Copilot sidebar HKLM\SOFTWARE\Policies\Microsoft\Edge "HubsSidebarEnabled" = dword:00000000 "CopilotPageContext" = dword:00000000 "CopilotCDPPageContext" = dword:00000000
For maximum security, use ExtensionInstallAllowlist to permit only approved extensions and deny everything else. This is more secure than blocklisting individual extensions but requires more administrative effort to maintain.
DNS-level blocking is the most effective single layer of defense against AI chatbot access. Every device on the network is affected regardless of the application used.
# Pi-hole / dnsmasq: Block AI chatbot domains # Add to /etc/dnsmasq.d/ai-chatbots.conf # ChatGPT address=/openai.com/0.0.0.0 address=/chatgpt.com/0.0.0.0 address=/oaistatic.com/0.0.0.0 # Claude address=/claude.ai/0.0.0.0 address=/anthropic.com/0.0.0.0 # Gemini address=/gemini.google.com/0.0.0.0 address=/bard.google.com/0.0.0.0 address=/generativelanguage.googleapis.com/0.0.0.0 # DeepSeek / Perplexity / Copilot / Others address=/deepseek.com/0.0.0.0 address=/perplexity.ai/0.0.0.0 address=/copilot.microsoft.com/0.0.0.0 address=/character.ai/0.0.0.0 address=/pi.ai/0.0.0.0 address=/heypi.com/0.0.0.0 address=/meta.ai/0.0.0.0 address=/mistral.ai/0.0.0.0 # Restart dnsmasq to apply # sudo systemctl restart dnsmasq # Pi-hole: alternatively, add our feed URL as a blocklist source # Settings → Blocklists → Add URL: # https://feeds.aitoolsblocklist.com/v1/hosts/chatbots?key=YOUR_API_KEY
Windows DNS, Active Directory-integrated DNS, Infoblox, and BlueCat typically support RPZ or DNS firewall feeds rather than hosts-file blocklists. Our feed is available in RPZ format — load it as a zone file and apply it as a policy layer. RPZ supports wildcard entries, so a single rule for *.openai.com catches every current and future subdomain.
Determined users will try to circumvent chatbot blocking. The most common techniques are DNS-over-HTTPS (DoH), VPN/proxy services, alternative DNS resolvers, and AI chatbot aggregator sites.
DnsOverHttpsMode policy to off to prevent encrypted DNS queries that bypass your internal resolvers.
network.trr.mode to 5 (disabled) via the Enterprise Policy engine to force standard DNS resolution.
Disable DoH in browsers via Group Policy. Block outbound connections to known DoH resolver IPs (1.1.1.1, 8.8.8.8, 9.9.9.9, 208.67.222.222) at the firewall. Force all DNS queries through your internal resolvers where the chatbot blocklist is enforced.
Block known VPN provider IP ranges and commercial proxy services at the firewall. Use EDR to detect VPN client software on managed endpoints. Monitor for sustained TLS connections to unclassified IP addresses that may indicate tunnel traffic.
Hundreds of third-party websites proxy AI chatbot APIs behind their own domains — offering "free ChatGPT" or "unblocked AI chat." Our blocklist includes these aggregator and proxy domains in addition to the primary chatbot domains, covering a bypass vector that manual lists always miss.
Configure your DNS sinkhole and firewall to log all blocked AI chatbot queries. Forward these logs to your SIEM and set alerts for users with high block counts — they may be actively searching for bypass methods. Correlate with EDR telemetry for a complete picture.
A user who finds chatgpt.com blocked can search for "free ChatGPT online" and find dozens of proxy sites within seconds. These sites appear and disappear daily, making manual tracking impractical. Our daily scanning of 300,000+ newly registered domains automatically detects and classifies these proxy and aggregator domains.
The static blocklist you build today will be incomplete within a week. New AI chatbots launch constantly, and existing ones add domains without announcement.
DeepSeek went from obscurity to one of the most-used chatbots in weeks. The ChatGPT ecosystem expanded from three domains in early 2023 to more than a dozen in 2026. Each new domain is a gap in any static blocklist.
Download the free sample to test in your environment today. Or tell us your blocking requirements and we will provide a comprehensive chatbot domain feed within 24 hours.
Tell us about your environment and blocking requirements. We will provide a comprehensive chatbot domain list within 24 hours.