Understanding the Dashboard
Shadow AI is organized into five views in the left nav: Overview, Devices, Users, AI Apps, and Files (plus Settings). This page explains what each shows and the concepts behind the numbers.
Core concepts
A few terms appear throughout the dashboard:
| Term | Meaning |
|---|---|
| Sanction status | Your policy classification of a tool: Sanctioned (approved), Tolerated (permitted with monitoring), or Unsanctioned (not reviewed or forbidden). |
| Risk | The risk level of a tool — low, medium, high, or critical. |
| Source | Where a signal came from: macOS, Windows, Browser, or Both. |
| Interactions | A normalized count of AI activity (prompts / API events) for a tool or user. |
| Sessions | A conversation or tool run (a chat started, a CLI invocation). |
| Uploads / file events | Files sent to an AI tool, captured as metadata only (name, size, type) — never contents. |
| Persona | A usage archetype the platform infers from behavior (e.g. heavy adopter vs. occasional user). |
Most views share a time-range selector and search, and several support filters by platform, risk, sanction status, and (when Directory Integration is connected) department.
Overview
The landing page — your AI-adoption and governance posture at a glance.
- Headline metrics: total AI interactions, active AI users, apps detected, and file uploads for the selected window.
- Risk posture: distribution of traffic across Sanctioned / Tolerated / Unsanctioned, with a headline LOW / MEDIUM / HIGH read based on how much traffic is unsanctioned.
- Organization activity graph: an interactive Organization → Users → Apps → Models drill-in.
- Trends & breakdowns: interactions over time (by provider), provider and model breakdowns, agent-version distribution, top apps, and top users.
- Adoption: active users, adoption rate, sanction split, and top departments (when directory data is present).
Use the Overview to answer "how much AI is happening, who's doing it, and how much of it is unsanctioned?"
Devices
Health and check-in status of every enrolled client (desktop agents and browser extensions).
- Status tiles: Total devices, Healthy (recent heartbeat, no issues), Degraded (online but with issues), Offline (no heartbeat for a while).
- Table: hostname, source, OS, agent version, installed browser extensions, health, last check-in, IP, user, and (macOS) serial number.
- Filters: platform, browser, health status, and search by hostname / user / IP / OS.
- Device detail (click a row): identity & compliance (serial, MDM, directory user), installed clients and their capabilities/permissions, network activity summary (macOS), and a recent check-in timeline.
Use Devices to confirm rollout coverage and spot machines that are offline, degraded, or missing permissions.
Users
AI usage broken down by person.
- Metric tiles: active AI users, heavy users (well above average activity), average interactions per user, and total sessions.
- Persona mix: share of users by inferred persona.
- Table: user, source, department, device / app / upload / session counts, apps used, and last active.
- User detail (click a row): identity, activity over time, a per-day heatmap, devices used, a per-app breakdown (with risk and sanction status), CLI usage, recent files, and recent sessions.
Use Users to see who your heaviest AI users are and exactly which tools each person touches.
AI Apps
The inventory of AI tools discovered across your organization, split into tabs:
- Web AI Tools — browser-based tools detected via the extension.
- Desktop Apps — IDE/desktop AI (Cursor, VS Code, Claude Desktop, …).
- CLI Tools — terminal AI (Claude Code, Codex, Gemini CLI, …), with sessions, tool calls, and tokens.
- Adoption — adoption rate, sanction split, top apps by users, and top departments.
Each row shows risk, sanction status, category, users, interactions, uploads, and first/last seen. App detail (click a row) shows activity trend, top users, models used, daily activity, and a button to drill into file uploads — and lets stewards set the tool's sanction status and risk with an optional note.
Use AI Apps to inventory what's in use and to act on it — see AI Tools, Registry & Policy.
Files
An audit trail of files uploaded to AI tools across your organization.
- Columns: timestamp, filename, size, MIME type, source (how the file reached the tool — drag/drop, file picker, CLI read/write, MCP tool, etc.), user, and device.
- Filters: provider, time window, domain, and user.
Files are recorded as metadata only — filename, size, and type. File contents are never read or stored. See Data & Privacy.
Use Files to answer "what kinds of files are being uploaded to which AI tools, by whom?"
Next steps
- AI Tools, Registry & Policy — classify and govern what you see here.
- Directory Integration — slice usage by department and manager.
- Data & Privacy — exactly what is and isn't collected.