The full picture. No sales call required.

320+ AI tools detected

Covers 92% of the top-100 enterprise AI tools used in browsers today. The catalogue refreshes automatically. No Chrome Web Store release required when new tools appear.

Catalogue updates within 6 hours

On-device prompt classification

Detects credentials, PII, source code, customer data, and legal language before they leave the browser. The raw prompt text never leaves the device. Runs in 10+ languages.

No text reaches the Northbeams backend

Image and PDF upload scanning

Screenshots with API keys. PDFs with customer records. Every file upload scanned for sensitive content in-browser before the upload completes. OCR runs on-device by default.

Zero-retention cloud OCR opt-in for Sentinel+

Desktop app and CLI detection

Catches AI apps that live outside the browser. Watches outbound connections and process names. Metadata only. No keystroke logging, no screen capture, no prompt content.

Claude Desktop, ChatGPT Desktop, Cursor, Granola, Claude Code, Aider

24-hour AI Discovery Report

Within 24 hours of install, your dashboard shows every AI tool in use, its risk classification, active user count, and estimated dollar exposure. Ready to share with leadership.

Jailbreak and prompt-injection detection

Alerts when someone attempts to bypass a system prompt or inject a command through user input. Logged, flagged, and surfaced in the dashboard before any instruction is followed.

MCP Gateway: argument classification

Sits in the path between your coding agents (Claude Desktop, Cursor, Claude Code) and MCP servers. Classifies every tool-call argument on-device. Credentials and PII caught before the server call goes out.

10 catalogued MCP servers with per-tool policies

Candidate AI tool discovery

Unknown AI-keyword hostnames and .ai-TLD domains are automatically surfaced as candidate tools for admin review. Your catalogue grows with your team's usage, not just ours.

Aggregate tool inventory

Workspace-level counts: how many tools, how many events, how many severity-level detections. Enough to understand the scope. No per-user data at this tier.

Per-user attribution

Which user used which tool, when, across which surface, and what category triggered. Full history. Drilldown from org-level to individual event in one click.

LLM cost and token dashboard

Not just what your team uses. What it costs. Token counts and dollar estimates per user, per model, per day. Bring real numbers to the budget conversation instead of guesses.

Live alert feed

Real-time event stream across all four surfaces. See detections as they happen. Filter by surface, severity, user, or tool. Built for security teams that watch their dashboard during incidents.

Behavioral anomaly detection

Surfaces users whose AI usage patterns are statistically unusual. Volume spikes, new tool appearances, off-hours access, concentration of high-severity events. Patterns, not surveillance.

Git commit attribution

Links AI coding sessions to the git commits they produced. Know which code was written with Cursor, Claude Code, or Aider. Built for security reviews and audit trails on developer teams.

One-click block, sandbox, or allow

Three policy states per tool. Blocked tools are prevented in-browser. Sandboxed tools show a warning before use. Allowed tools run without interruption. Reversible in one click.

Per-category detection rules

Tune blocking per content category: credentials, PII, source code, customer data, legal language. Set different thresholds for different departments without separate installs.

RBAC: roles and permissions

Owner, admin, and member roles. Admins set policies, members see their own events. Owners manage billing and team access. Multi-workspace support for Lighthouse and above.

MCP Gateway: per-tool allow/warn/block

Govern MCP server access at the tool level. Allow the filesystem MCP to read but not write. Block the GitHub MCP from accepting code that contains credentials. Logged per call.

Filesystem, GitHub, Postgres, Slack, Stripe, Puppeteer, Google Drive, Brave Search, Memory, Sequential Thinking

Slack alerts with severity filter

High-severity events hit your Slack channel within seconds. Set the minimum severity threshold per workspace. Rate-limited to prevent alert storms. Block Kit format with redacted snippet.

Daily email digests

Scheduled daily summary for each org, delivered at the time and timezone you configure. Key metrics, new tools detected, top events by severity. No login required to stay informed.

Immutable signed audit logs

Tamper-evident, cryptographically signed logs across all four surfaces. Every event has a timestamp, user label, tool, surface, and detection category. Cannot be edited or deleted.

SOC 2 evidence pack

One-click export of the AI governance evidence auditors expect for SOC 2. Pre-mapped to CC6, CC7, and CC9 controls. Delivered as a PDF your auditor can accept on first submission.

EU AI Act Article 4 evidence

Logs and exports mapped to Article 4 AI literacy obligations. Demonstrates that your team's AI use is governed and that human oversight is in place. Exportable for competent authority review.

HIPAA technical safeguards evidence

Evidence mapped to HIPAA Security Rule §164.312 technical safeguards. Shows access controls, audit controls, and transmission security for AI activity involving PHI categories.

Quarterly executive risk-audit report

Automated risk summary for your board or audit committee. Top tools by exposure, policy changes in period, sensitive-event trends, and recommended governance actions. Ready for the next board meeting.

REST API access

Programmatic access to your tool inventory, policy configuration, and audit logs. Export to your own dashboards, trigger automations on detection events, or feed a SIEM pipeline.

Browser extension (Chrome, Edge, Brave, Arc)

One-click install from the Chrome Web Store. Self-pairs via the dashboard on first sign-in. Works on Manifest V3. Deploys via managed policy on Chrome Enterprise.

Mac and Windows desktop app

Signed and notarized .pkg for macOS. Authenticode-signed .msi for Windows. Installs as a background agent, auto-starts on login. Paired to your workspace via setup code.

macOS 12+ and Windows 10+ supported

MDM-managed deployment

Force-install via Jamf, Intune, or Kandji. The extension and desktop app land silently on every managed device. No end-user interaction required. Policy can be set before first boot.

MCP Gateway: automatic setup

On Sentinel workspaces, the MCP Gateway turns on automatically at install. No separate configuration for Claude Desktop, Cursor, or Claude Code. Reversible in one command.

SAML SSO and SCIM provisioning

Okta, Entra ID, and any SAML 2.0 identity provider. Automated user provisioning and deprovisioning via SCIM. No manual seat management as your team grows.

SIEM streaming

Push Northbeams events to Splunk HEC or Datadog Logs in real time. Your security operations team sees AI governance events alongside everything else in their existing tooling.

GRC evidence automation

Vanta, Drata, and OneTrust integrations push Northbeams evidence directly into your compliance platform. No copy-paste, no manual mapping, no last-minute evidence scrambles before audit.

7-year audit log retention

Immutable logs retained for seven years. Meets financial services, healthcare, and government retention requirements. Available for export at any time.

US or EU data residency

Choose where your Northbeams data is stored and processed. US region or EU region. Required for some GDPR, Schrems II, and sector-specific compliance postures.

Custom DPA and BAA

Data Processing Agreement and Business Associate Agreement provided as part of your Fleet engagement. Required for HIPAA-covered entities and EU-facing GDPR compliance.

99.9% uptime SLA and dedicated CSM

Contractual uptime SLA with quarterly business reviews. Dedicated Customer Success Manager and private Slack channel. Annual SOC 2 evidence pack delivered directly to your auditor.

MDM deployment kits

Pre-built Jamf policies, Intune configuration profiles, and Kandji blueprints for enterprise Fleet deployments. Delivered as part of onboarding, configured to your device management stack.