ShadowScope
Python · Qwen / Claude · PostgreSQLDocker · Ollama · FastAPI
Finds the AI running inside a company that nobody approved, then reads the prompts to tell you which of it is actually dangerous.
A 2026 survey of 300 CISOs found zero with full visibility into AI use across their organization. Every governance framework assumes an inventory nobody can produce. So I built the seeing part first.
Fingerprinting narrows 4,238 events to 107 worth reading. Then a model reads the actual prompt, because no regex separates "help me phrase this budget variance" from "here are our unannounced Q3 numbers." Same department, same service, same plain text. Only meaning divides them.
Runs on local models. For a tool whose job is finding data that left the building, "this tool sends nothing out" is the first question a CISO asks.