Close the shadow-AI gap.
Customer data, contracts, and source code are routinely pasted into ChatGPT, Claude, Gemini, and Copilot. Most data-loss prevention tooling cannot see any of it. The Kirtonic extension classifies each prompt before it leaves the browser, runs it through your workspace policy, and writes each decision to your audit log.
Two-minute install
- 1
Mint an extension token in your dashboard
Sign in, open Engine → Browser extension, click Mint extension token. Copy the value. It is shown only once.
- 2
Load the extension
chrome 88+Open
chrome://extensions, toggle Developer mode on (top-right), click Load unpacked, pick the folder you extracted from the downloaded zip. The Kirtonic icon appears in your toolbar.Same extension package works in both, Edge uses Chrome's extension format. No separate download.
- 3
Paste your token and start chatting
Click the Kirtonic icon → Settings, paste your token, hit Test connection. Open ChatGPT. Every message you send now shows a live verdict pill and is logged in your workspace audit.
Sites covered today
- ChatGPTchatgpt.com / chat.openai.com
- Claudeclaude.ai
- Google Geminigemini.google.com
- Microsoft Copilotcopilot.microsoft.com
Need another site? Tell us and we will add coverage.
Two modes
Use this mode while you calibrate the policy. Each prompt is classified and logged, and the user can still send. You see exactly what your team is pasting before enforcement is turned on.
Once you are confident in the policy, enable blocking in the popup. Prompts classified as high severity are blocked at the keystroke. Prompts needing review open a confirmation dialog with the reason.
What gets sent
- The prompt you're about to send to the AI site.
- The site hostname and current page URL, so the audit shows where it happened.
- The verdict, severity, and reason, written to your workspace audit log.
- Browsing history, cookies, idle keystrokes, or anything outside the supported AI sites.
The extension reads host_permissions for the four supported sites only. It cannot see anything else. The token lives in chrome.storage.sync, encrypted by Chrome, and is never sent anywhere except your Kirtonic API base.