See every AI agent on every laptop in your company — what they're doing, what they're allowed to do, what they tried to do.
AiEGIS Eye is endpoint AI visibility software. It runs on employee laptops, detects connections to AI vendors at the network layer, and logs the metadata to the customer's own infrastructure. Built in Ireland for EU data residency.
When an employee opens ChatGPT, Claude, Copilot, Gemini, Cursor or any of seven other AI vendors on a company laptop, AiEGIS Eye records the connection: which vendor, which process, which user, what timestamp. The metadata lands in the customer's own cloud — AWS, Azure, GCP, on-prem SIEM — never in AiEGIS Ltd's hands.
The CISO gets a daily report: which teams use which AI tools, how often, on what devices. Evidence-grade, audit-ready, EU-resident.
The architecture is two-tier and deliberately boring:
{vendor, process, user, host, timestamp}. No prompt content. No file contents. Metadata only.The same architecture is being extended in v0.6 (browser extension with prompt blocking) and v0.7 (Windows-native AI app + CLI coverage via TLS proxy). Same backbone, same data path.
68% of organisations cannot distinguish AI agent activity from human activity (CSA + Aembit, March 2026). 99% of attack attempts against authenticated APIs originate from authenticated sources — rogue agents with legitimate credentials (Salt Security, 1H 2026).
The EU AI Act Article 26 obligation to monitor the operation of high-risk AI systems doesn't have a paperwork-only path. The deployer needs technical evidence that the monitoring actually happened — which laptops, which users, which AI tools, when. AiEGIS Eye produces that evidence by default, signed and append-only.
Cloud-only competitors send your logs to American servers. You forfeit EU data residency, GDPR transfer protections, and any regulator's confidence that the audit trail is yours and not the vendor's.
AiEGIS Eye is endpoint AI visibility software. It is designed to run on every employee laptop and detect, at the network layer, when that laptop connects to an AI vendor — ChatGPT, Claude, Gemini, Copilot, Cursor, Cohere, Mistral, Perplexity, Codeium, Windsurf. The v0.5 sensor is source-complete (Rust, 10 vendor signatures); a signed Windows MSI is in pre-customer pilot state. It records which vendor, which process, which user, and when. Metadata only, not prompt content. Logs go directly from the endpoint to the customer's own cloud — AiEGIS Ltd never sees the data.
Traditional Data Loss Prevention and Cloud Access Security Brokers were built for SaaS apps over HTTPS proxies. They can see that someone visited chat.openai.com but not whether the connection was a human typing or an autonomous AI agent acting under that user's credentials. AiEGIS Eye is designed for the AI-agent era: it distinguishes agent activity from human activity, captures the process-level attribution, and runs on the endpoint so it works whether the user is on the corporate network or on a coffee-shop Wi-Fi.
The v0.5 sensor captures and logs — it does not block. The v0.6 browser extension (in build) adds prompt blocking on Chrome, Edge, Safari and Firefox: configurable keyword and pattern lists reject prompts containing customer data, source code, private keys or PII before they reach the AI vendor. v0.7 extends blocking to Windows-native AI apps and CLI tools via TLS proxy with corporate CA.
No. Logs go directly from the endpoint sensor to a destination the customer controls. AiEGIS Ltd is not in the data path. This is a deliberate architectural choice for EU data residency and for compliance with sectoral rules (Irish public sector, healthcare, financial services) that prohibit telemetry leaving the controlled environment.
v0.5 covers ChatGPT, Claude, Gemini, Copilot, Cursor, Cohere, Mistral, Perplexity, Codeium and Windsurf — the ten vendors enterprise AI usage actually concentrates on as of 1H 2026. The signature list is updated as new tools reach enterprise adoption.
Every captured event is appended to an audit log with a 5-year retention floor (SQL-enforced, append-only) that satisfies EU AI Act Article 12. The companion governance layer at /api/protect runs each agent action through a 15-layer policy enforcement chain and emits signed decisions that map to EU AI Act Article 26. The full mapping is at /article-26-walkthrough.