How does the browser extension work?

The Blacksight browser extension runs locally in Chrome or Firefox. It intercepts prompts before they leave your browser, scans for sensitive data using pattern matching and ML classifiers, and blocks or redacts matches in real time. No data is sent to Blacksight servers.

What is the AI gateway device?

The Blacksight G2 gateway is a hardware appliance that sits inline on your network. It inspects all traffic to AI services at the network level, providing coverage for unmanaged devices, API calls, and any tool that bypasses browser extensions.

What types of sensitive data does Blacksight detect?

Blacksight detects PII (names, emails, SSNs, addresses), credentials (API keys, passwords, tokens), source code, financial data, health records (PHI), and custom patterns you define using regex or keyword lists.

Does Blacksight work with private/self-hosted AI models?

Yes. Blacksight monitors traffic to any HTTP-based AI endpoint — including self-hosted models behind your firewall, Azure OpenAI, AWS Bedrock, and custom internal APIs. You configure target domains in the dashboard.

What compliance standards does Blacksight help with?

Blacksight helps organizations demonstrate compliance with GDPR, HIPAA, SOC 2, PCI-DSS, and CCPA by preventing regulated data from being sent to third-party AI services and providing audit logs of all AI interactions.

Features | Blacksight AI

What does an AI DLP browser extension do? An AI DLP browser extension intercepts every prompt typed into AI web apps — ChatGPT, Claude, Gemini, and hundreds more — scanning the text locally for sensitive data like PII, API keys, and proprietary code, then blocking or redacting it before it reaches the AI service.

What is an AI gateway device? An AI gateway is a network appliance that inspects AI-bound traffic from every device on your office network — including desktop apps, CLI tools, and BYOD devices that browser extensions cannot reach — enforcing DLP policies at the network layer without requiring software on each endpoint.

Product 01 — Browser extension

Catch leaks at the keyboard, before they ever leave.

Install once via MDM or one-click. The extension intercepts every prompt typed into ChatGPT, Claude, Gemini, and 300+ other AI services. DLP scanning runs locally — verdicts in milliseconds.

How it works

Step 01

Intercept

Hooks the textarea and outbound XHR for every supported AI site. The user keeps typing — the extension stays out of the way.

Step 02

Scan locally

200+ pre-built detectors run in WebAssembly inside the page sandbox. Spots PII, secrets, proprietary code, financials in under 50ms. Add custom rules for your industry.

Step 03

Apply policy

Start with pre-built rule sets or create your own. Block, redact in-place, warn, or log — per team, per tool, per data class.

Step 04

Forward verdict

Only metadata — destination, classification, action, hashed user — goes to the dashboard. Never the prompt itself.

What's inside

DLP

Local scanning engine

200+ pre-built detectors covering SSNs, credit cards, API keys, JWTs, proprietary code, PHI, and more. Extend with custom rules for your data types.

UI

In-page warning overlay

Branded toast that explains why a prompt was blocked, with a one-click "redact and resend" path.

SITE

Adapter library

Site-specific adapters for ChatGPT, Claude, Gemini, Copilot, Perplexity, Poe — auto-updates without redeploy.

SYNC

Policy sync agent

Pulls latest org policy every 5 minutes. Works offline; replays verdicts when reconnected.

MDM

Force-install profiles

Chrome/Edge ADMX, Jamf, Intune, and Kandji manifests in your dashboard, ready to copy.

SSO

SCIM + SAML connectors

Sync users from Okta, Google Workspace, Azure AD. Map groups to policies in one click.

See it in action

Extension popup — real-time scan stats and policy status at a glance.

Blacksight blocking sensitive data from being sent to ChatGPT

A prompt containing PII is blocked before reaching ChatGPT.

Blacksight awareness banner on ChatGPT showing DLP monitoring is active

Awareness banner reminds users that AI conversations are monitored.

Blacksight automatically redacting SSNs and credit card numbers before sending to AI

Sensitive fields are automatically redacted — the prompt still sends, minus the risk.

Supported AI services

300+ AI tools detected and monitored — and growing.

Blacksight maintains a continuously updated catalog of AI services. Every destination is classified, categorized, and available for policy rules. Here are some of the tools we cover.

Chat & general AI

ChatGPT chat.openai.com
Claude claude.ai
Gemini gemini.google.com
Copilot copilot.microsoft.com
Perplexity perplexity.ai
Poe poe.com
Mistral chat.mistral.ai
DeepSeek chat.deepseek.com
Grok x.com/i/grok
HuggingChat huggingface.co/chat
Pi pi.ai
Character.ai character.ai
You.com you.com
Phind phind.com
Cohere Coral coral.cohere.com

Code & developer AI

GitHub Copilot copilot.github.com
Cursor cursor.com
Windsurf windsurf.com
Replit replit.com
Tabnine tabnine.com
Amazon Q aws.amazon.com
Sourcegraph Cody sourcegraph.com
JetBrains AI jetbrains.com
Cline cline.bot
aider aider.chat
Bolt bolt.new
v0 v0.dev
Lovable lovable.dev

Image, video & media AI

DALL-E openai.com
Midjourney midjourney.com
Stable Diffusion stability.ai
Leonardo.ai leonardo.ai
Ideogram ideogram.ai
Adobe Firefly firefly.adobe.com
Runway runwayml.com
Pika pika.art
ElevenLabs elevenlabs.io
Suno suno.com
Kling klingai.com
Luma lumalabs.ai

Writing & content AI

Jasper jasper.ai
Copy.ai copy.ai
Writesonic writesonic.com
Notion AI notion.so
Grammarly AI grammarly.com
QuillBot quillbot.com
Rytr rytr.me
Wordtune wordtune.com
Sudowrite sudowrite.com
Moonbeam gomoonbeam.com

Business & productivity AI

Microsoft 365 Copilot microsoft.com
Google Workspace AI workspace.google.com
Salesforce Einstein salesforce.com
HubSpot AI hubspot.com
Slack AI slack.com
Zoom AI zoom.us
Otter.ai otter.ai
Fireflies.ai fireflies.ai
Beautiful.ai beautiful.ai
Gamma gamma.app

Research & data AI

Elicit elicit.com
Consensus consensus.app
Semantic Scholar semanticscholar.org
Wolfram Alpha wolframalpha.com
Scite scite.ai
Connected Papers connectedpapers.com
Julius julius.ai
ChatPDF chatpdf.com
Docugami docugami.com

Product 02 — AI Gateway

One appliance. Every device on your network. Every AI tool.

A 1U or desktop appliance that sits between your office network and the internet, inspecting AI-bound traffic only. Catches what browser extensions can't — desktop apps, CLIs, BYOD devices, and anything SSO can't reach.

Gateway G1 · Plug in, route AI traffic, enforce policy in under 15 minutes · From $999

What it catches

Desktop apps Native ChatGPT, Claude, and Copilot apps that bypass browser-based controls. ~/Applications

CLI agents Cursor, Cline, aider, and other terminal-based assistants making LLM calls from a shell. $ curl api.openai.com

BYOD phones & tablets Personal devices on your office Wi-Fi using ChatGPT mobile, Claude iOS, Gemini Android. DHCP managed

Unmanaged contractors Visiting devices, vendors, and agency machines you never installed software on. guest VLAN

IDE plugins VS Code Copilot, JetBrains AI Assistant, Cursor agent — anything calling an LLM API from within an editor. https://api.*

Shadow AI tools SaaS AI services no one cleared with IT — surfaced by destination domain, even if you've never heard of them. 300+ catalog

3-step setup

01

Plug it in

Power and ethernet. The Gateway acquires DHCP, calls home, and registers with your dashboard.

$ blacksight register --org acme

02

Connect to your network

One setting change in your router. The Gateway automatically sees AI-bound traffic from every device on your network — no software to install, nothing to configure per-device.

$ blacksight status: connected

03

Enforce

Policies you've already defined for the extension apply automatically. Real-time verdicts in the dashboard.

$ status: 142 devices · 0 alerts

Gateway pricing

Gateway G1 — Mini

Office desktop

Small offices and remote sites up to 50 devices.

$999

one-time · includes 1 yr management

Devices supportedup to 50
Throughput1 Gbps
Form factordesktop
Warranty2 years

Order G1

Gateway G2 — Pro

Multi-floor / HQ

Mid-sized companies up to 500 devices. Includes 2 units for redundant failover.

$1,799

one-time · 2 units · includes 1 yr management

Devices supportedup to 500
Units included2 (HA pair)
Throughput10 Gbps
Form factor1U rack
Warranty3 years

Order G2

Gateway — Enterprise

Custom deployment

Unlimited devices, multi-site, custom SLAs, and dedicated support.

Custom

tailored to your infrastructure

Devices supportedunlimited
Sitesunlimited
Throughputcustom
Replacementnext-business-day
Supportdedicated engineer

Talk to sales

Product 03 — Dashboard

The mission control for AI usage across your org.

A single web app that unifies activity, policy, alerts, audit logs, and user management — across every extension and every gateway.

Activity overview

Real-time stream of every prompt across your org. Filter by user, tool, severity, or policy outcome.

Policy builder

Visual rules editor with pre-built templates for common industries. Match by data class, destination, user group; choose block / redact / warn / log.

Real-time alerts

Slack, email, PagerDuty, or webhook for critical leaks. Triage and resolve from the alert.

Compliance reports

Pre-built SOC 2, HIPAA, GDPR, ISO 27001 templates. Schedule, export, share with auditors.

Users & groups

SCIM-synced from Okta, Google, Azure AD. Map groups to policies; track per-user risk scores.

Shadow AI catalog

Every AI service touched by your org, ranked by traffic. Sanction, block, or watchlist with one click.

Data classification

200+ pre-built detectors plus a custom rule builder. Add regexes, keyword lists, or ML classifiers for industry-specific data — no engineering needed.

Audit log

Tamper-evident, signed log of every admin action and every policy decision. Exportable to your SIEM.

Public API

REST + webhooks for everything in the dashboard. Stream verdicts to your SIEM, ticketing, or data lake.

Privacy architecture

We're a security company. We don't see your data.

Every byte of prompt content stays inside your perimeter. The dashboard receives only verdicts and metadata — what was matched (by class), where it was going, what we did about it.

Your employee

browser / device

→

prompt

Local DLP

extension or gateway

→

verdict only

Blacksight

dashboard / audit

What we never receive

Prompt content (full or partial)
AI-service responses
File contents, code, or attachments
Customer data or PII
Any plaintext flagged by your detectors

What we do receive

Detector class hits (e.g. "ssn × 2")
Destination domain & tool name
Hashed user ID + group membership
Policy outcome (block / redact / log)
Timestamp, byte count, latency

SOC 2 Type II GDPR HIPAA-ready ISO 27001 CCPA EU data residency

Built to catch every prompt — without ever reading it.