Employees are sending proprietary data to AI tools your security team has never evaluated. Our feed of 16,024+ classified AI domains gives you organization-wide access control — deployed once, enforced everywhere, updated daily.
New AI tools launch weekly — requiring no installation, no procurement, and no IT involvement. Over 60% of knowledge workers already use AI tools their IT departments have never sanctioned or discovered.
An employee pastes a contract into a translation tool or routes source code through an AI debugger. No alert fires — your existing security stack doesn't see it.
Blocking a dozen well-known domains was sufficient two years ago. Today, tens of thousands of specialized AI tools span every business function — and three more launch before your list is updated.
Multi-region offices, multiple firewall vendors, decentralized IT governance, and differing departmental needs make blanket blocks untenable. Category-aware, centrally managed policy is essential.
GDPR, CCPA, and sector-specific frameworks hold you accountable for cross-border data transfers. IP disclosed to an AI tool for training cannot be recalled.
Organizations that deploy all three pillars achieve defense-in-depth coverage. Each addresses a different aspect of the AI access control problem.
Deploy at the firewall, proxy, or DNS layer to block access before data leaves the perimeter. Supports Palo Alto EDL, FortiGate, Cisco Umbrella, and Zscaler. Updates daily with zero manual intervention.
Correlate DNS, proxy, and SIEM logs against the classified feed to run a shadow AI audit. You cannot build a defensible policy without knowing which tools employees already depend on.
The 18-category taxonomy lets you block code assistants while allowing design tools. Policy maps to organizational need — not a binary allow/deny for every AI tool.
For organizations with 5,000+ endpoints across multiple offices, the recommended deployment follows a hub-and-spoke model. The central SOC maintains the master policy and publishes it to every enforcement point.
Enterprise AI blocking fails most often due to organizational resistance, not technical limitations. The rollout must balance security urgency with change management discipline across defined phases.
Deploy in audit-only mode at a single representative site. Correlate DNS/proxy logs against the feed to produce a shadow AI usage report — no traffic is blocked yet.
Share findings with the CISO, CIO, and business unit leaders to establish the factual baseline that justifies enforcement.
Move from audit to selective enforcement at the pilot site. Block high-risk categories (Chatbots, Code Assistants, Data Analytics) while monitoring lower-risk ones.
Measure help desk ticket volume, document edge cases, and build the exception workflow from real-world inputs.
Roll the tested configuration to additional sites in the same region. The employee communication plan and exception workflow should be fully operational.
Each new site receives a pre-deployment IT briefing, an employee townhall, and self-service exception request access.
Extend enforcement to all remaining sites worldwide. Apply regional variations — stricter blocking for EU sites, engineering exceptions for R&D locations.
The central SOC monitors aggregated telemetry across all sites and publishes a monthly AI access control report to the CISO.
Clear, empathetic communication reduces pushback during rollout. Adapt this template to match your organization's culture and the specific categories being restricted.
Track these five key metrics throughout the rollout to gauge effectiveness and organizational health.
The REST API integrates directly into firewalls, proxies, SOAR playbooks, and custom workflows. Below are the two most common integration patterns for security operations teams.
For firewall-native integration requiring no custom code, the API provides a plain-text domain list endpoint. Palo Alto, FortiGate, and other platforms consume it directly as an External Dynamic List.
The feed integrates natively with Palo Alto Networks EDLs, FortiGate threat feeds, Cisco Umbrella custom lists, and Zscaler URL overrides. Step-by-step guides for each platform are in our API documentation.
Winning executive sponsorship requires framing this as a risk reduction program, not a technology purchase. The business case rests on three pillars: cost of inaction, operational savings, and strategic value.
Average breach: $4.88M. AI-related breaches with regulatory exposure can exceed $10M. One prevented incident justifies years of subscription.
Manual tracking: 20-40 hours/month. Automated feed: zero curation effort. Redeploy analyst capacity to threat hunting and incident response.
Demonstrate to auditors that AI usage is inventoried, assessed, and controlled. GDPR, CCPA, HIPAA, and SOX audit readiness built in.
Frame the investment as insurance with operational co-benefits. Present a three-year TCO comparison between the automated feed and the fully burdened cost of a manual curation program — the business case typically becomes self-evident.
A blocking policy without an exception process creates shadow workarounds. A well-designed exception workflow channels legitimate demand through a governed process that maintains visibility.
Self-service portal request with tool domain, business justification, data classification, and expected duration.
Tool is looked up for category, risk level, and vendor metadata. Security analyst reviews and assigns a risk tier via risk assessment.
Approved: 90-day conditional access with DLP monitoring. Denied: documented rationale and alternative tool recommendation.
Exception approvals expire after 90 days, forcing periodic reassessment. This prevents the exception list from growing indefinitely and keeps it aligned with current business requirements.
Bring security, legal/compliance, and business unit representatives together quarterly to evaluate program effectiveness. Review these key indicators:
1. Employee submits request via self-service portal.
2. Auto-enrichment: tool is looked up in the AI tools database for category, risk level, and vendor metadata.
3. Security analyst reviews and assigns a risk tier.
4. Approved requests receive conditional access (90-day window, DLP-monitored).
5. Denied requests receive documented rationale and alternative recommendations.
Block rate: >95% of AI tool access attempts intercepted.
Exception closure: average time from request to decision <48 hours.
Incident reduction: AI-related data exposure incidents trending to zero.
Coverage ratio: % of network-discovered AI tools present in the feed (>98%).
Policy compliance: audit findings related to AI tool governance closed within SLA.
A blanket block is rarely the right policy. The 18-category taxonomy lets security teams create policies that align with organizational risk tolerance.
For a formal AI acceptable use policy, the taxonomy provides enforceable vocabulary. Instead of "do not use unauthorized AI tools," the policy states which categories are prohibited, conditional, or allowed — turning ambiguous guidance into auditable rules.
Tell us about your environment — number of endpoints, firewall vendor, compliance requirements — and we will set up a trial feed tailored to your organization.
Describe your security infrastructure and we will configure a trial feed for your firewall or proxy.