Demo environment
Find shadow AI, control AI budgets — see it working with sample data.
Every page below uses realistic seeded data so you can poke around without setup. The two pillars (shadow AI discovery and AI budget control) and every supporting capability are interactive. When you're ready to use your real data, head to Providers and connect a key — the dashboard automatically switches over.
Try it live
Capabilities shipping today
Every page below is fully interactive with seeded data. The exact UI an admin would use in production.
Dashboard
LiveOne page for every dollar of AI spend, with a 30-day trend and end-of-month forecast.
MTD spend · 30-day trend · forecast to EOM · top spenders · anomalies queue · approvals pending.
Finance gets a defensible number every month; IT gets visibility before the bill arrives.
Users + attribution
LiveEach dollar mapped to a person, sorted by who's spending most and who's growing fastest.
Top spender: Maya Reyes ($4,820 MTD, ↑62% vs last month) — click to drill into her models.
Chargeback by cost centre. Spot the user behind a spike in two clicks.
Teams
LiveRollup of spend by team with vs-last-month delta and budget utilisation.
Engineering 38% of org spend · Customer Success 24% · Marketing 18%.
Where AI spend is actually concentrating — and where you need a team-scoped cap.
Budgets
LiveRight-sized monthly allowances at four scopes. Soft alert at 75%, hard at 100% — never blocks production.
Org cap $50k · Engineering team $20k (74% used) · Project ‘sales-bot’ $1.5k (102% — alert fired).
Spend management without breaking a production app. Guardrails, not gates.
Approval requests
LiveAn AI advisor scopes new workloads in a minute. You approve a budget — a service-account key is auto-provisioned.
3 pending · 12 approved · auto-provisioned 9 OpenAI service-account keys · saved est. $14k/mo via right-sizing.
Every new AI workload has provenance — model, budget, ROI note, transcript. No more rogue keys.
Approved-models policy
LiveOrg-wide allowlist of which AI models employees can use. The advisor physically can't recommend a banned model.
Allowed: gpt-4o-mini, gpt-4o, claude-3-5-sonnet · Blocked: gpt-3.5-turbo (data residency).
Compliance, data residency, and vendor-contract enforcement at the recommendation layer.
Audit log
LiveEvery admin action recorded — key added, budget changed, request approved, model policy edited. Exportable.
Every approval, key rotation, budget change, policy edit, and connector action — captured with actor + IP and exportable to CSV.
SOX, FedRAMP, customer-audit evidence in one click.
Preview the design
Coming-soon capabilities, modelled with realistic data
Each preview is a production-quality mockup of how the capability will work. You'll see the UI, sample output, and what the capability unlocks once it ships.
Shadow AI discovery
Coming soonFind every AI tool used in your company — without setup, without asking employees. Brex / Ramp cards, Jamf / Intune devices, network logs, GitHub repos, Okta event hooks.
27 unsanctioned tools surfaced this month · 14 personal-tier subscriptions on cards · 6 AI library imports in code · 3 SSO signups outside the policy.
See the AI tools IT doesn't know about before they're a habit, not after.
AI Gateway + DLP
Coming soonCloudflare AI Gateway sits in front of every approved provider. Inspects each call, redacts PII, enforces the approved-models policy at the network edge.
12,847 calls inspected · 28 redactions (emails, card numbers) · 3 policy blocks (banned model attempted).
Stop company data leaking through prompts. Hard enforcement of the approved-models policy.
Approval routing
Coming soonPush approval requests into ServiceNow change tickets, Jira SM tickets, or Microsoft Teams adaptive cards — wherever your IT change-control already lives.
Request TS-142 routed to ServiceNow as CHG0034521 · admin clicks Approve in Teams · key auto-provisioned 47 seconds later.
No new workflow tool to learn. Approvals happen where your team already works.
AI vendor risk hub
Coming soonOne page per vendor: SOC 2, ISO 27001, GDPR, EU AI Act posture · data residency · prompt retention · training-on-data toggle · sub-processors.
OpenAI: SOC 2 II ✓ · prompt retention 30d · no training (API tier) · US-only deployments available.
GRC evidence in two minutes, not two weeks. Pass customer audits without an emergency.
SSO + SCIM directory sync
Coming soonWorkOS connects to Okta, Entra ID, Google Workspace, Rippling — once. Users, teams, and group memberships flow in automatically and stay live.
234 users synced from Okta · last sync 2 min ago · 3 joiners, 1 leaver, 2 team changes this week.
Attribution stays accurate as people join, change roles, or leave. No more dashboard pointing at ghosts.
Next
When you're ready to use your own data
Connect a provider
Paste an OpenAI or Anthropic admin key. One key per provider covers every employee. The dashboard switches to real numbers within minutes.
Open Providers →How it works
Long-form walkthrough of architecture, sync cadence, attribution scenarios, the approval workflow, and the security stack.
How it works →What we collect
Per-data-point inventory of every credential we read, what's required vs optional, and the data we deliberately don't collect.
What we collect →Integrations
Every connector that ships today (Today vs Coming-Soon) plus the AI providers, identity, expense, network, and ITSM systems we work with.
Integrations →