Packetman saysAI governance is one of the most requested features from security and compliance teams right now — and DataStun delivers it without any content inspection, no proxy, no man-in-the-middle. Here's how: when your employees use ChatGPT, Claude, Copilot, Cursor, or any of 50-plus AI services, those sessions create outbound TLS flows to known AI vendor IP ranges. Our agent captures the metadata — bytes uploaded, bytes downloaded, the destination, the process that opened the connection — and we attribute each session to a specific executable and machine. The result is a cross-fleet view of AI adoption: which tools, which teams, how much data is flowing, trending over time. You know your organization's AI footprint without reading anyone's prompts. The hard limit is metadata only — TLS hides the content and we don't try to break it.Every DataStun agent already sees DNS resolutions, the executable behind every TCP session, and the byte counts each direction. Curate the AI providers (Anthropic, OpenAI, Microsoft Copilot, GitHub Copilot, Google Gemini, xAI Grok, Perplexity, Cursor, Mistral, Cohere, Hugging Face, Ollama, DeepSeek, Meta AI, and the long tail) and that data turns into a fleet-wide governance dashboard with one load-bearing number per provider: bytes uploaded.
Metadata only. We never see the prompts, the responses, the attached files. We see how many bytes left for which provider, from which app, on which machine. That's the corporate governance question, answered without breaking the privacy story.
Hover Iris for the 30-second pitch.
AI adoption has outpaced corporate AI policy at every company we've talked to. Three things every organization needs to know, that nobody can answer today without metadata visibility:
Not which tools you bought a license for — which tools your people are actually using. Free-tier ChatGPT accounts on personal browsers, Claude desktop installed without IT, Cursor with personal API keys. The real adoption picture is rarely the sanctioned-tool list.
Bytes uploaded is the number that matters. Whether it's prompts, attached PDFs, code snippets, voice clips, or embeddings inputs — data that left your perimeter for an AI vendor is data you no longer control. We can't tell you what was sent (TLS hides that), but we can tell you exactly how much, to whom, by which app, on which day.
Anthropic's official Claude desktop is signed by Anthropic, PBC. OpenAI's ChatGPT app is signed by OpenAI. An unsigned claude.exe in %TEMP% uploading to api.anthropic.com is a different conversation. Every row in the AI Governance dashboard shows you the publisher Windows verifies, alongside the executable name and full path on disk.
One tab in your tenant dashboard. Six summary cards, a 30-day trend chart, three ranked tables. Everything keys off the agent's existing metadata stream — no new collectors, no DPI, no proxy.
Total AI traffic in bytes. Bytes uploaded — the data-egress signal. Bytes downloaded (AI responses received). Distinct AI services your fleet reached. Distinct devices. Distinct applications. The "AI adoption denominator" is one click away — divide distinct devices by total active agents to see fleet penetration.
Daily stacked bars: uploads on top, downloads below. Hover any day for exact numbers. The shape tells you whether AI use is steady, growing, or spiking. Adoption climbing is normal. A sudden upload-only spike to a single provider is the day to ask questions.
Hostname, flow count, devices reached, apps that touched it, bytes up, bytes down. Sorted by total bytes — the providers your fleet relies on most. Compare api.anthropic.com vs api.openai.com vs gemini.google.com to see where your organization actually invests.
Process name, full image path on disk, and the publisher Windows verifies. Native AI clients (claude.exe signed Anthropic PBC, ChatGPT.exe signed OpenAI) show alongside browser sessions (chrome.exe, msedge.exe routing through OAuth login flows) and developer tools (cursor.exe, code.exe via GitHub Copilot). An unsigned executable uploading to an AI provider is the row that earns a closer look.
Per-machine breakdown. Click a row to drill into that device's AI sub-tab and see exactly which providers, which apps, and which days. Useful for answering "is this Bob's individual usage or is the whole engineering team on Cursor now?"
Anthropic, OpenAI, Microsoft Copilot, GitHub Copilot, Google AI / Gemini, xAI Grok, Perplexity, Mistral, Cohere, Hugging Face, Ollama, Cursor, DeepSeek, Meta AI, Groq, Together AI, Replicate, Stability AI, ElevenLabs, Read AI, Midjourney, Runway, Glean, Character.AI, Poe, Inflection Pi — and growing. Adding a vendor is one row in our catalog; the parent-domain match means seeding openai.com automatically covers every *.openai.com subdomain.
The honest framing matters. AI Governance is a volume-and-attribution view, not a Data Loss Prevention product. Knowing what we don't see is part of the trust story.
api.anthropic.com).exe path on disk)If you need content-level analysis — "which user pasted this specific document into ChatGPT?" — that's a Data Loss Prevention product. We're not it. We're the metadata layer underneath, and the layer most organizations are missing today.
Packetman saysThe AI governance dashboard answers the questions that compliance teams, CISOs, and legal are starting to ask. Which AI tools are actually being used versus what's approved? Is sensitive data — measured by upload volume to AI endpoints — concentrated on specific machines or roles? Are employees using personal AI accounts from work devices, where the data leaves under personal terms of service rather than enterprise agreements? Is AI usage trending up faster than your procurement process can track? DataStun gives you the measurement layer to answer these with data, not policy assumptions. Available on Business and Enterprise tiers — because the cross-fleet rollup is what makes it meaningful.Real questions our customers ask, with the dashboard surface that answers each one.
Filter Top AI Services for deepseek.com. If it's in the list, you see how many flows, how many devices, how much data uploaded, when last seen. If it's not, the question is answered.
Top Devices, sort by bytes_total filtered to cursor.com. Cross-reference device hostnames against your team mapping. Five lines of evidence behind the next license-budget conversation.
The Top AI Services table, OpenAI row, bytes_up column, 30-day window. One number, defensible, ready for a board slide. Trend chart shows whether it's growing.
Top AI Services, sort by Last Seen ascending. Anything that appeared this week that you don't recognize is the question to chase. The catalog covers the 50+ known providers; if a niche AI tool is in active use, it'll surface here.
Top Apps Reaching AI — the Signer column shows the publisher Windows verifies. Anthropic, PBC is the real Claude. An unsigned binary or a publisher you don't recognize uploading to an AI provider is the row to investigate.
Distinct devices number, tracked over time. Trend chart shows the bytes-uploaded curve. Together they answer "are we at 10% AI adoption or 80%?" with measurement instead of survey responses.
Phase 1 ships visibility today. Two follow-ons we're scoping with early customers:
Tenant admins mark each AI vendor as Approved (no alert), Restricted (alert on first detection per device), or Forbidden (alert on every detection plus optional automatic blocklist push). Connects the AI dashboard to your existing alerting + SIEM exports.
Auto-generated digest emailed to tenant admins every Monday morning: top 5 providers by upload volume this week, new providers detected, devices crossing AI-usage thresholds, week-over-week adoption deltas. The board update writes itself.
The AI Governance dashboard is part of every paid tier from Business up — Business, Enterprise, and MSSP. The data lights up on the next telemetry batch after you enroll your first agent. No setup, no configuration, no separate SKU. Individual and Tribe tiers see their own agents’ AI activity in the Outgoing IPs tab; the cross-fleet AI Governance dashboard is what you get from Business up.
Part of the Security lane · alongside Exposed Services and the executable-reputation cluster.