Find out where AI is used in my org Beta

Surfaces used: Shadow AI Scout Modes supported: Hosted Tiers: Teams Status: Beta (endpoint agent). Backend ingest and dashboard are GA.

What you'll do

Get a map of every AI tool your workforce is actually using -- including the ones IT does not know about. Scout ingests endpoint telemetry, DNS logs, or proxy logs, classifies each tool by vendor and risk, and shows you a ranked list of what to govern first.

Why this is the right path for you

If your first question is "where is AI being used here?" and you need evidence before you can propose controls, start here.
Scout is a discovery tool. It does not block anything on its own. Once you know where AI is happening, pair Scout with the right enforcement surface:
- Browser-based AI -> browser extension
- API traffic from apps -> gateway
- Coding assistants on dev laptops -> coding hooks

When NOT to use this approach

caution

If you already know what you want to govern (e.g., "we use Claude Code and I need guardrails"), skip Scout and go straight to the relevant surface. Scout pays off when you do not have the map yet.

5-minute setup

There are three ingestion paths. Pick the one that fits your stack.

Endpoint agent (most detail)

Beta

# macOS (run on a pilot laptop)
curl -sSL https://install.controlzero.ai/scout | sh -s -- --org-id org_... --api-key cz_live_...

The agent registers with the dashboard, watches for known AI processes and browser tabs, and reports every 5 minutes.

Network / proxy log ingest

If you run a forward proxy (Zscaler, Netskope, a corporate Squid), pipe its access logs to Scout's HTTP ingest:

curl -X POST https://ingest.controlzero.ai/scout/proxy \
  -H "X-ControlZero-API-Key: cz_live_..." \
  -H "Content-Type: application/x-ndjson" \
  --data-binary @proxy-log.ndjson

DNS log ingest

Same shape, different endpoint: /scout/dns.

Verifying it's working

Dashboard -> Shadow AI should show hostnames (e.g., api.anthropic.com, claude.ai, chatgpt.com, copilot.github.com) with request counts and first-seen / last-seen timestamps.
The top of the page ranks tools by estimated risk and volume.
Click any tool to see which endpoints / users / accounts are hitting it. Export to CSV for your report.

Common follow-ups

"Now I want to block claude.ai leaks" -> Browser extension
"Now I want to govern OpenAI API calls from our apps" -> Gateway
"Now I want to govern devs using Claude Code" -> Coding hooks
"I need a compliance report on this discovery" -> Compliance reports

Reference

Surface page: Shadow AI Scout
Concepts: Feature availability
API: API reference

What you'll do​

Why this is the right path for you​

When NOT to use this approach​

5-minute setup​

Endpoint agent (most detail)​

Network / proxy log ingest​

DNS log ingest​

Verifying it's working​

Common follow-ups​

Reference​