An analyst sends the Q3 earnings draft to ChatGPT. You find out from LinkedIn, not your security stack. Nobody broke a rule — there was no rule.
POLICY
Data handling policy triggered
Upload to unapproved tool blocked based on active policy rule
Version 2.3 | Last Updated: November 2024
1. Purpose and Scope
This policy establishes guidelines for the acceptable use of artificial intelligence tools and services within the organization. All employees, contractors, and third-party...
2. Approved Tools
The following AI tools have been reviewed and approved for use in accordance with our data classification and security requirements. Employees must only use tools from...
3. Data Classification Requirements
Before using any AI tool, employees must classify the data they intend to input according to our four-tier classification framework: Public, Internal, Confidential, Restricted...
COMPLIANCE
Compliance score: 87% across organization
Based on policy adherence, tool approvals, and data handling practices
POLICY
3 policy violations this week, all coached
Users received inline guidance before data left the organization
AGENT
Claude Code blocked from /finance/projections
Agent policy prevented access to restricted financial directory
REGULATION
EU AI Act deadline: 90 days
3 tools require classification review before compliance deadline
A legal team member tries to upload a client contract to ChatGPT for summary. The Sidekick catches it before the data leaves.
A client contract was blocked from reaching ChatGPT. The user was coached toward an approved alternative. No data left the organization.
POLICY
Upload blocked: client contract to ChatGPT
File classified as confidential, policy prevents upload to unapproved tools
COMPLIANCE
Coaching nudge sent to user
User received guidance on approved alternatives for document summarization
Claude Code tries to access /finance/projections during a coding session. The agent policy blocks it automatically.
AGENT
Claude Code blocked from /finance/projections
Agent attempted to read files in a restricted directory during automated coding session
A regulatory deadline is approaching. You need to know which tools are affected and what to do about it.
Which of our tools are affected by the EU AI Act?
3 tools require attention. ChatGPT (used by 28 people) and Claude (used by 19 people) need transparency documentation under Article 52. Midjourney (used by 8 people in Marketing) generates synthetic media and requires disclosure labeling. All three need classification review before the compliance deadline in 90 days.
REGULATION
EU AI Act compliance deadline in 90 days
New classification requirements take effect for high-risk AI systems
Connect your identity provider for instant visibility. Plug in your security tools for usage depth. Deploy the Sidekick for proactive governance.
Install via Kandji, Intune, or JAMF. The Sidekick works with each employee to drive the right AI adoption. Coaching, not blocking.
Inline redaction and DLP:
Redact sensitive data before it reaches AI tools.
Personal adoption coaching:
Suggests the right tools and workflows per employee.
Policy and playbook suggestions:
Recommends governance based on observed usage patterns.
Book a demo and we'll show you policy recommendations based on your actual AI landscape.