A keyword scan of employee browser URL history that surfaces which AI tools are being used, how often, and whether sensitive terms are appearing in AI-directed queries. No software install. Read-only. Risk dashboard delivered in 2 business days.
This is a lightweight surface scan, not a full forensic audit. Understanding the scope is important for setting expectations about what the report will and won't show.
A scan of a single analyst's endpoint at a regional insurance firm detected 340 visits to ChatGPT.com over 60 days, with URL query strings containing the terms "claim", "policy number", and "client" on 23 separate sessions. The analyst was not part of any approved AI pilot program. Finding was escalated to a full forensic engagement.
Total URLs analyzed, date range covered, number of AI tool hits, and overall risk classification. One page, executive-readable.
Every AI tool detected, with first seen date, last seen date, visit count, and a risk level per tool (based on data handling policies and HIPAA BAA availability).
Sensitive terms detected in URL query strings, grouped by keyword category (PHI-adjacent, financial, confidential), with session context and timestamps.
Three prioritized recommendations based on findings — ranging from policy gap acknowledgment to escalation for a full forensic audit, depending on risk level.
A clear disclaimer distinguishing this scan from a full forensic audit — included in every report to ensure findings are properly contextualized for legal and compliance use.
Book via Calendly. We'll send you a secure intake package with step-by-step instructions for exporting Chrome and Edge browser history on the target endpoint. No software installation required — the export uses tools already available on a standard Windows machine.
Follow the provided instructions to export Chrome and Edge URL history to a CSV file. The process is read-only — no data is modified, deleted, or transmitted from the machine. Takes under 10 minutes.
Upload the CSV using the secure link we provide. The CSV contains only URLs and timestamps — no browsing content, passwords, or credentials.
We analyze the URL history against our AI tool registry and keyword list. You receive a branded PDF risk dashboard report with findings and next steps.
Use this scan when you need a documented starting point — before committing to a full forensic engagement.
Compliance officers who suspect AI tool usage on regulated endpoints but need documented evidence before escalating internally.
IT and security teams responding to an employee separation or incident where AI tool usage is a suspected contributing factor.
Legal teams conducting a pre-litigation data audit that needs to characterize AI tool exposure on key custodian devices.
Healthcare and fintech operators running a spot-check on high-risk roles (billing, underwriting, legal) before a scheduled compliance audit.
Yes. The export is entirely read-only — it copies the browser history database to a file and exits. No data is written to, modified, or deleted on the machine. Full instructions are provided in advance so your IT team can review the steps before anything is run.
An IT administrator with access to the target endpoint, or the employee on their own machine. No elevated permissions are required for Chrome or Edge history export on standard Windows configurations.
If the scan reveals critical exposure — high visit counts to non-approved AI tools, sensitive keyword hits, or patterns suggesting systematic data exfiltration — the report will recommend a full forensic audit. The cost of this scan is credited toward the full engagement.
Each endpoint is priced separately at $1,200. If you need five or more endpoints scanned, contact us for volume pricing. For organization-wide scanning infrastructure, that falls under our full forensic engagement scope.
This scan documents AI tool usage patterns — it is not a forensic audit conducted to chain-of-custody standards. The report is appropriate for internal compliance purposes and initial incident documentation. For findings that will be used in litigation or presented to regulators, a full forensic engagement is required.
Two business days from now, you'll have documented evidence of what AI tools your employees are actually using — and whether sensitive data is in the picture.