See which AI tools your employees use. Control what data leaves the company.
AI Guardian discovers every generative AI platform in use across the organization, classifies the sensitive data each prompt or file would expose, and enforces policy on the host before the data reaches the AI vendor. Built for CTOs, CISOs, and CEOs that need a clear answer to one regulatory question: what regulated data has been sent to ChatGPT, Copilot, Gemini, Claude, and the rest.
Generative AI is already inside the company. The DPO and the regulator will ask what left.
Employees paste customer records, source code, medical notes, contracts, and API keys into ChatGPT, Copilot, Gemini, Claude, Perplexity, and a long tail of less obvious tools. Network logs cannot prove what was sent. CASB and DLP gateways assume traffic that AI Guardian was designed for a different decade.
AI Guardian sits where the data actually leaves the host: a managed browser extension paired with the WASViking agent. It identifies the AI platform, classifies the content against regulated categories, and applies the organization's policy before the prompt or file reaches the vendor.
event: ai_prompt_pasted
platform : ChatGPT (unsanctioned)
website_risk : unsanctioned
classes : pii, cpf
evidence : •••.•••.•••-09
severity : high
score : 50 / 100
policy decision: block
rule : Block PII paste
reasons : vendor_not_approved, pii_exposure
prompt never reached the AI vendor
Discover. Classify. Enforce. Prove.
AI Guardian is built around the four questions a CISO is asked the morning after an incident. Each question maps to one capability of the platform, in the same tenant as the rest of WASViking®.
Discover AI Applications
One row per AI platform in use across the organization. ChatGPT, Claude, Gemini, Copilot, Perplexity, Poe, DeepSeek, Grok, Mistral, HuggingFace Chat, and any vendor your team adds to the catalog. Users, alerts, uploads, sanctioned status, severity mix, and trend per window.
Classify the data
Deterministic detection of PII (CPF, CNPJ, SSN, email, phone, credit card with Luhn), PHI (clinical vocabulary corroborated by patient identifiers), secrets (AWS, GitHub, private keys, provider tokens), source code, and internal context (production markers, internal hostnames, SQL dumps).
Enforce policy on the host
Rules built by the admin in the portal. The agent enforces the strongest match before the paste, the file, or the prompt reaches the AI vendor. Block, Warn, Audit, or Allow. Conditions on website category, data class, severity, AI platform, browser, and target users.
Prove it to the regulator
Every event is recorded with masked evidence, the rule that fired, the policy version, the device, and the user. Aligned with LGPD Article 6, GDPR Articles 5 and 32, and HIPAA 164.312 audit controls. Exportable from the tenant.
A rule a manager can write, an engine that enforces it.
Rules read like a sentence. When the website category is generative AI, the data class includes PII or PHI, and the platform is not on the approved list, block the action and show the employee why. The strongest match across enabled rules wins.
- Events: prompt submit, paste, file upload, or any
- Conditions: website category, data class, severity, AI platform, browser
- Targets: all users or a list of OS usernames
- Actions: Block, Warn, Audit, Allow, with a message shown to the employee
- Priority and Enabled flags, edits without an agent restart
POST /v1/decide
{
"event": "ai_prompt_pasted",
"platform": "ChatGPT",
"website_risk": "unsanctioned",
"classes": ["pii", "cpf"]
}
{
"decision": "block",
"rule_name": "Block PII paste",
"reasons": [
"vendor_not_approved",
"pii_exposure"
],
"message": "Pasting sensitive data to AI tools is prohibited by company policy."
}
The categories your DPO and your auditor already use.
Classification is the contract. AI Guardian does not flag a generic "sensitive" label and call it done. Each category has a defined detector, a checksum or structural gate to suppress false positives, and a masked evidence sample that lets a reviewer confirm a true positive without storing the raw value.
PII (LGPD, GDPR)
CPF and CNPJ gated by official check digits, SSN, email, phone, credit card with Luhn validation. Punctuated and bare digit forms. Masked evidence preserves the format: •••.•••.•••-09.
PHI (HIPAA, LGPD dados sensíveis)
Bilingual clinical vocabulary, patient identifiers, MRN and CNS, ICD-10 corroborated by clinical context. A lone medical term is informational only. PHI is promoted when a patient identifier or PII co-occurs with a clinical signal.
Secrets and tokens
AWS keys, GitHub tokens, JWT, provider prefixes (sk-, ghp_, xox, glpat), private keys, and credential assignments gated by entropy and placeholder filters. Raw secret values never reach WASViking, only a SHA-256 fingerprint and masked preview.
Source code
Fence, import, and definition signals with a structural gate so prose is not flagged. Pasting a production module to an unsanctioned AI tool triggers the rule that protects intellectual property.
Internal context
Organization lexicon, internal hostnames (RFC1918 and .corp / .internal / .local), and SQL objects from dumps. Amplifiers like "production" or "confidential" co-occurring with regulated data raise the policy decision to block.
Healthcare records
Designed for organizations handling medical records: clinics, hospitals, plan operators, and healthcare ISVs. Detects exposure of patient charts, prescriptions, and exam results before they are pasted or uploaded to a general-purpose AI tool.
A control the regulator recognizes. Not a generic "AI risk" claim.
AI Guardian is built so the legal team, the DPO, and the external auditor can map the control to the exact article they care about. The product supports compliance with the frameworks below. Certification of the company is reported separately under Trust.
LGPD
Article 6 principles: finality, adequacy, necessity, and security. AI Guardian provides the technical control that demonstrates ANPD-aligned governance over the use of generative AI on personal and sensitive data, with auditable evidence per event.
GDPR
Article 5 lawfulness and minimization, Article 32 security of processing. Cross-border transfer to AI vendors becomes a policy-controlled action, not an undocumented practice. Data subject requests can be answered with the event log.
HIPAA
164.312 audit controls and 164.308 administrative safeguards. PHI exposure to non-BAA AI vendors is detected and blocked at the source. The event log supports incident response and the HHS breach notification analysis.
PCI DSS v4.0
Requirements 3 and 4 on cardholder data protection. Luhn-validated card numbers pasted into AI tools are detected and blocked, removing one of the most common shadow leakage paths from cardholder data environments.
ISO 27001 and SOC 2
A.5 information security policies, A.8 asset management, A.12 operations, and SOC 2 CC6 logical access. AI Guardian is a measurable preventive and detective control with a defined owner and a verifiable event trail.
Sectoral guidance (BR)
Aligned with BACEN Resolutions 4893 and 4658 on cybersecurity and the use of cloud services in the financial system. Useful for the operational risk register and for third-party AI vendor governance.
Metadata-first. The raw prompt is never stored.
The product positioning is the privacy contract. Raw prompt text, file contents, and personal identifiers are processed in memory on the employee host and collapsed before persistence. Only classification labels, a SHA-256 fingerprint, character and token counts, masked evidence samples, and a pseudonymized user reference reach the tenant.
This is by design, not by default. AI Guardian is not a man-in-the-middle proxy. It does not inspect TLS, capture packets, record the screen, or log keystrokes. The decision happens on the host, the evidence stays masked, the audit trail is auditable.
Event record, after redaction
A canonical event in the tenant. The raw content stays on the host. The evidence is masked. The decision is auditable.
"event": "ai_prompt_pasted",
"platform": "ChatGPT",
"website_risk": "unsanctioned",
"classes": ["pii", "cpf"],
"evidence": ["•••.•••.•••-09"],
"sha256": "aca996d54477df36",
"chars": 14,
"user_ref": "u_3832cacb37b40c6b",
"policy": {
"action": "block",
"rule": "Block PII paste",
"version": "default/v1"
}
}
Managed rollout, force-installed, with a master password for removal.
AI Guardian is rolled out by the agent. The browser extension is installed via the Chromium managed policy, paired with the WASViking agent on the host, and bound to the tenant. Uninstall is gated by an organization master password validated online, so an employee cannot quietly disable the control.
Managed force-install
ExtensionInstallForcelist for Chrome, Edge, and Brave, generated by the agent and applied via your existing MDM, Intune, or configuration management. No employee opt-in step.
Per-org enablement
The feature is licensed per monitored device. The portal toggle is authoritative on the server, so a contracted organization can turn AI Guardian on or off without redeploying agents.
Tamper-resistant uninstall
The agent refuses to uninstall AI Guardian without the organization master password, validated online against the tenant. The hash never reaches the host. Refusal returns a clean exit code for your automation.