Shadow AI Scout

Scout is a lightweight agent that discovers unauthorized AI usage across your infrastructure. It is not a SIEM, not an antivirus, and not a network monitor. It is purpose-built to answer one question: what AI is running in your environment?

Scout detects AI API traffic, locally installed AI applications, and exposed AI credentials. It reports findings to your Control Zero dashboard without reading file contents, capturing prompts, or transmitting credentials.

Installation

Scout installs with a single command. It registers with your Control Zero account and starts scanning immediately.

curl -sSL https://get.controlzero.ai/scout | sh -s -- --api-key YOUR_KEY

Supported Platforms

Platform	Architecture
Linux	x86_64
Linux	ARM64
macOS	x86_64
macOS	ARM64

What the installer does

Downloads the Scout binary for your platform.
Verifies the binary checksum.
Registers the agent with your Control Zero account.
Installs Scout as a background service (systemd on Linux, launchd on macOS).
Starts the first scan.

Configuration

Scout stores its configuration at ~/.config/cz-scout/settings.toml. You can edit this file to customize scan behavior.

# Control Zero API key (set during installation)
api_key = "cz_live_your_key_here"

# How often to run scans (in seconds). Default: 300 (5 minutes).
scan_interval = 300

# Which scan modules to enable.
[modules]
ai_traffic = true        # Detect outbound AI API connections
ai_applications = true   # Detect locally installed AI tools
api_key_exposure = true  # Detect leaked AI credentials in config files

# Directories to scan for API key exposure.
# Scout checks file names and metadata only. It does not read file contents.
[scan_paths]
include = ["~", "/etc", "/opt"]
exclude = ["~/Library", "~/.cache", "/opt/homebrew/Cellar"]

# Enforcement settings (disabled by default).
[enforcement]
enabled = false
mode = "dns"             # Options: "dns", "firewall", "both"

Configuration options

Key	Type	Default	Description
`api_key`	string	(required)	Your Control Zero API key
`scan_interval`	integer	`300`	Seconds between scans
`modules.ai_traffic`	boolean	`true`	Enable AI API traffic detection
`modules.ai_applications`	boolean	`true`	Enable AI application detection
`modules.api_key_exposure`	boolean	`true`	Enable credential exposure scanning
`enforcement.enabled`	boolean	`false`	Enable enforcement mode
`enforcement.mode`	string	`"dns"`	Enforcement method: `dns`, `firewall`, or `both`

What Scout Detects

AI API Traffic

Scout monitors outbound network connections and identifies traffic to known AI provider endpoints:

OpenAI (api.openai.com)
Anthropic (api.anthropic.com)
Cohere (api.cohere.ai)
Mistral (api.mistral.ai)
Google AI (generativelanguage.googleapis.com)
Replicate (api.replicate.com)
HuggingFace (api-inference.huggingface.co)
And 10+ additional providers

For each connection, Scout reports the destination, originating process, connection frequency, and timestamp.

AI Applications

Scout detects locally installed AI tools by checking for known process names and application directories:

Local inference: Ollama, LM Studio, LocalAI, llama.cpp
AI coding assistants: Cursor, GitHub Copilot, Continue, Cody
Desktop clients: Claude Desktop, ChatGPT Desktop
Development tools: Jupyter with AI extensions, VS Code with AI plugins

API Key Exposure

Scout scans for AI provider credentials in common configuration locations. It detects key patterns for OpenAI, Anthropic, Cohere, HuggingFace, Google AI, and other providers.

Scout checks:

Environment files (.env, .env.local, .env.production)
Configuration files (config.toml, config.yaml, settings.json)
Shell profiles (.bashrc, .zshrc, .profile)
Source code in project directories

Scout reports only the key type and file location. The actual key value is never transmitted.

Enforcement Mode

Enforcement is opt-in and disabled by default. When enabled, Scout can block outbound connections to unauthorized AI services.

DNS-Level Blocking

Scout configures local DNS resolution to block domains associated with unauthorized AI providers. Allowed providers are defined in your Control Zero dashboard.

[enforcement]
enabled = true
mode = "dns"

Firewall Rules

Scout creates per-process firewall rules that restrict which applications can reach AI endpoints. This allows fine-grained control: approve Cursor but block ChatGPT Desktop, for example.

[enforcement]
enabled = true
mode = "firewall"

Combined Mode

Use both DNS blocking and firewall rules together for defense in depth.

[enforcement]
enabled = true
mode = "both"

Defining Allowed Services

Allowed AI services are managed in your Control Zero dashboard under the Shadow AI section. Scout pulls the allow list automatically on each scan cycle.

Privacy Guarantees

Scout is designed to discover AI usage without introducing new privacy or security risks.

No file content reading. Scout checks file names and metadata for credential patterns. It never reads the actual contents of your files.
No credential transmission. When a leaked key is found, Scout reports the key type (e.g., "OpenAI API key") and file path. The key value itself stays on the machine.
No prompt or response capture. Scout identifies AI traffic by connection metadata (destination host, port, process). It does not inspect request or response payloads.
Encrypted communication. All data sent from Scout to Control Zero uses TLS encryption.
Minimal permissions. Scout requires network monitoring access and read access to file metadata. It does not require root on most configurations.

Managing Scout

Check status

cz-scout status

Run a manual scan

cz-scout scan --now

View local findings

cz-scout findings

Update Scout

cz-scout update

Uninstall

cz-scout uninstall

This stops the background service, removes the binary, and deregisters the agent from your Control Zero account. Local configuration files at ~/.config/cz-scout/ are preserved for reference.

Troubleshooting

Scout is not reporting findings

Verify the API key is correct: cz-scout status should show "connected."
Check that at least one scan module is enabled in ~/.config/cz-scout/settings.toml.
Run a manual scan with cz-scout scan --now and check for errors in the output.

Scout cannot connect to Control Zero

Verify outbound HTTPS access to api.controlzero.ai on port 443.
If behind a corporate proxy, set the HTTPS_PROXY environment variable before starting Scout.
Check firewall rules that may block outbound connections from the Scout process.

Enforcement mode is not blocking traffic

Confirm that enforcement.enabled = true in your settings file.
DNS blocking requires Scout to manage the local DNS resolver. Verify with cz-scout status.
Firewall mode may require elevated permissions on some systems. Check the Scout logs at ~/.config/cz-scout/logs/.

High resource usage

Scout is designed to be lightweight. If you observe unexpected resource consumption:

Increase the scan_interval to reduce scan frequency.
Narrow scan_paths.include to only the directories you need to monitor.
Disable scan modules you do not need.

Next Steps

Control Zero Introduction for an overview of the full platform.
Quick Start to set up policy enforcement for your AI agents.
Pricing for plan details and limits.

Installation​

Supported Platforms​

What the installer does​

Configuration​

Configuration options​

What Scout Detects​

AI API Traffic​

AI Applications​

API Key Exposure​

Enforcement Mode​

DNS-Level Blocking​

Firewall Rules​

Combined Mode​

Defining Allowed Services​

Privacy Guarantees​

Managing Scout​

Check status​

Run a manual scan​

View local findings​

Update Scout​

Uninstall​

Troubleshooting​

Scout is not reporting findings​

Scout cannot connect to Control Zero​

Enforcement mode is not blocking traffic​

High resource usage​

Next Steps​