Detect Shadow AI
Leaks in Minutes.
Ghost-Model audits your network telemetry locally to identify unauthorized LLM usage and data exfiltration. Map your log file to the container and reclaim your data sovereignty.
EPlace your telemetry file (txt/log) in a folder and rename it to logs.txt.
Open your terminal in that folder and Copy the Launch Command.
Run the Ghost-Scanner and confirm your email to Sync Results.
Local Audit Command
docker run -it --rm \ -v $(pwd)/logs.txt:/app/network_logs.txt \ getghostarchitect/ghost-model
Note: Ensure you are in the same directory as your logs.txt before running.
Ghost-Node: Awaiting Telemetry
Run the Docker command above. Once the scan is complete, click the unique link generated in your terminal to sync results.
Hardened AI Audit FAQ
HHOW ARE MY LOGS HANDLED?
Ghost-Model operates under a Zero-Knowledge protocol. You provide the telemetry (network logs) via a local Docker volume. The engine parses the data locally to identify signatures of unauthorized AI domains. No raw log data is ever transmitted; only an encrypted manifest of detected AI assets is synchronized via AES-128 (Fernet).
WHAT DOES THE SCAN DETECT?
The forensic engine matches network traffic against our proprietary Ghost-Database, which tracks over 40+ Shadow AI providers. We detect everything from General Purpose LLMs (ChatGPT, DeepSeek) to Coding Assistants (Cursor, Copilot) and Meeting Recorders (Otter.ai), categorizing them by their specific risk to your data sovereignty.
HOW IS "DATA EXFILTRATION" CALCULATED?
Our engine parses outbound payload signatures (bytes/MB/GB) associated with each detected AI domain. We quantify exactly how much telemetry is being sent to untrusted providers, delivering a clear metric of your Sovereign Risk Exposure in real-time.
WHAT HAPPENS AFTER PAYMENT?
You will receive the Shadow AI Forensic Audit via PDF. This document identifies the exact unauthorized AI tools in use and the volume of data leaked to each. You pay for the intelligence to identify the breach of sovereignty; your team then uses the report to implement the necessary DNS blocks or security policies.