For security leaders
You cannot govern what you cannot see.
Every AI policy, every approval workflow, every DLP rule starts from the same precondition: an honest inventory of what your organisation is actually using. GreyScape gives security leaders that inventory — and the attribution, the policy enforcement, and the tamper-evident audit trail that satisfy NIST AI RMF, ISO 42001, the EU AI Act, and SOC 2 in one place.
The threat surface
Five AI-era incident classes your existing stack can't see
CASBs see traffic to known SaaS endpoints. EDR sees what runs on a managed device. SIEM sees what you stream to it. None of them see what an employee just pasted into Claude.ai on a personal Google account using corporate-tethered WiFi. These are the categories we see customers triage in the first week.
Customer data pasted into a free-tier model
Support transcripts, draft contracts, internal financials, source code with embedded secrets — pasted into a free-tier ChatGPT or Claude account that may use prompts to train. The classic data-leakage incident, and the one most insurance carriers now ask about.
Source code with embedded credentials
An engineer pastes a 400-line function into Copilot for refactoring. The function contains a hard-coded API key. The key now lives in a model context store with retention you don't control. Detection-after-the-fact is the security industry's hardest leakage class.
Agent privilege escalation
An autonomous agent — Claude Code, Cursor, or a custom MCP server — reads from one system, writes to another, and quietly compounds permissions across systems no human authorised in combination. The agent layer is the next CASB blind spot.
Account takeover via AI-generated phishing
GPT-grade spear-phishing is cheap and good now. Token-replay, OAuth consent phishing (ConsentFix-class), and AI-assisted impersonation are the leading 2026 ATO patterns. The browser is the only control point that sees them.
Shadow AI agents on employee laptops
Claude Desktop, ChatGPT Desktop, Cursor, a local MCP server. End-to-end encrypted, never crosses your network gateway, and not on any IT inventory. The fastest-growing class of unmanaged AI surface.
The duplicate-tool risk surface
Three teams paying for three Cursor seats with three different procurement paths and three different data classifications. The risk surface is 3x what a single sanctioned seat would be — without a centralised inventory, no one sees the duplication.
What you get
Four building blocks. One control plane.
A defensible AI inventory
Seven discovery surfaces working in parallel: provider admin APIs, expense feeds, browser extension, SSO event hooks, network egress logs, MDM inventory, code scans. Every AI tool, every user, every dollar — deduplicated into one inventory.
Per-tool classification with data-flow profile
For each tool in the inventory: vendor, model family, data residency, prompt retention, training-on-data policy, sub-processors. Classification updates as the underlying vendor terms change.
Policy enforcement that knows the difference
Approved-models policy enforced at the gateway. Inline PII redaction. Blocked-prompt review queue. Policies fire on intent and context, not just keyword regex — so legitimate work doesn't get blocked while real exposure does.
Tamper-evident admin audit log
Every admin action, every approval, every policy change cryptographically chained from tenant creation. Any later edit is detectable. Exportable as a signed evidence pack — what auditors, insurers, and the regulator ask for first.
Framework alignment
One evidence base, four frameworks satisfied
We don't certify your compliance — that's the role of notified bodies and auditors. What we do is produce the underlying evidence every framework asks for. The same inventory + audit log + policy engine maps cleanly to all four of the AI-relevant frameworks your security organisation is currently being measured against.
NIST AI RMF 1.1
GreyScape evidence covers Govern (inventory + policy), Map (per-tool classification), Measure (usage attribution), and Manage (approval workflow + audit log). The Profile artefacts NIST recommends drop straight out of the platform as CSV exports.
ISO/IEC 42001 (AIMS)
The AI Management System standard requires inventory (Clause 6), risk treatment (Clause 6.2), human oversight (Clause 7.3), and operational controls (Clause 8). GreyScape produces the evidence for each, including the documented decisions auditors look for.
EU AI Act
From 2 August 2026 — deployer obligations (Art. 26), automatically generated logs (Art. 19), transparency to deployers (Art. 13) and to people (Art. 50). GreyScape's readiness pack maps each named Article to the evidence record.
SOC 2 — AI-relevant criteria
When AI use lands inside your SOC 2 scope (CC1 governance, CC6 logical access, CC8 change management), GreyScape's audit log + approval workflow + provisioning log satisfy the evidence requirements without bespoke instrumentation.
Evidence on demand — not evidence reconstructed later
Every admin action, every approval, every policy change in your tenant lands in the audit log at the moment it happens. The log is cryptographically chained so later edits are detectable. Exports are signed. Requests for evidence — from internal audit, external auditors, the ICO, the AI Office, a customer's vendor-risk team — turn into a 30-second download instead of a three-week project.
- • Cryptographic chaining (hash-of-prior-record) — tamper-evident by design.
- • Per-actor attribution (who, when, from where, what changed).
- • Exportable as JSON, CSV, or signed PDF evidence pack.
- • Custom retention policies on the Pro and Enterprise tiers.
- • Public Reporting API for SIEM forwarding when a customer asks.
See it on your own environment in 45 minutes
Standard demo: 45 minutes, hands-on, against a tenant seeded with realistic data. We'll connect a provider, run the discovery flow, walk through the approval workflow, and show the audit log produce an evidence pack live. No procurement gate — bring whoever you need.
Frequently asked
What security leaders ask first
What does GreyScape see — and what does it never see?
Provider usage metadata only: which key, which model, token count, cost, timestamp. We never see prompts, completions, embeddings, training data, or anything in the request body. Read-only by default on day one.
Where does our data live?
EU-region Postgres on Railway (Frankfurt) by default. US region available on request. Tenant data is isolated by tenant_id and enforced with Postgres row-level security policies. We never share data between tenants. Full residency + sub-processor detail at /trust and /legal/subprocessors.
What's the SOC 2 status?
Audit in progress, target completion Q3 2026. SOC 2 Type II follows after six months of production operating evidence. Customers under NDA can request the controls inventory and the current attestation timeline.
Will this interfere with the AI tools developers are already using?
No. The default deployment is read-only — we pull from provider admin APIs and discovery surfaces, but we don't sit in any production code path. Active controls (gateway enforcement, inline DLP) are opt-in and roll out per-tool with a soft-mode review window.
How does this compare to a CASB or to Microsoft Purview?
CASBs inspect network traffic to known SaaS endpoints — they miss desktop AI apps, agents on localhost, embedded AI in your existing SaaS, and personal-card free-tier signups. Microsoft Purview governs Microsoft AI surfaces well; it doesn't see Claude, Cursor, Perplexity, or the long tail. GreyScape is the inventory layer above all of them.
Continue reading
Related pages
- Shadow AI discovery → — the discovery work that feeds the inventory.
- EU AI Act readiness → — what bites on 2 August 2026, and what GreyScape provides for each Article.
- How it works → — architecture, sync cadence, encryption, attribution.
- Trust overview → — our own residency, sub-processors, and security stack.
- What we collect → — and what we deliberately don't.