zeflin
Request a slot

What your team sends to AI. And what it sends back.

Zeflin governs your whole AI data boundary: what sensitive data leaves for AI tools, and what AI content comes back.

Request a slot See the live product
The Zeflin overview: coverage posture, what needs attention, and both directions of the AI data boundary

Covers the AI tools your team already uses. Copilot and Perplexity next.

ChatGPTClaudeGemini

Your AI vendor's console can't see personal accounts. And nothing sees where AI output goes after the chat window.

68%

of employees use free-tier ChatGPT-style tools on personal accounts, invisible to every vendor compliance console.

Menlo Security, 2025 Report — corroborated by Verizon DBIR 2026 (67%)

58% out, 66% in

of employees admit pasting sensitive data into public AI tools, and rely on AI output without verifying what comes back.

Anagram, 2025 (58% out) · KPMG / Univ. of Melbourne, 2025 (66% in)

One boundary, both directions.

Most tools watch data going out. Zeflin watches both, and enforces them differently on purpose.

To AI

Stop sensitive data leaking out

Prompts and pastes into AI tools are classified by Google Cloud DLP. Ships warn-first, with hard block opt-in per tool and category. Blocking a credential before it reaches ChatGPT is exactly what you want.

Enforcement: warn-first, block opt-in

From AIProvenance

Trace AI content coming back in

When AI output gets pasted into Gmail, Docs, Slack, or Jira, Zeflin matches it to the captured response and shows where it spread, and who should attest. We never block a paste into someone's work.

Enforcement: monitor, warn, attest only. Never blocked.

From AI provenance: an AI-origin figure traced across work destinations, with an attestation queue

Trace where AI content lands. Nothing else does.

We capture AI responses at the source, then match every paste across your work apps against them. You see one response fan out across documents and people, flagged for a human to verify before it ships again. We flag AI origin. People verify the truth.

No DLP tool, vendor console, or enterprise browser tracks where AI output lands after it is copied. We are not aware of another product that does.

Documented, dated, and public

The inbound risk is real, dated, and expensive.

1,636

documented court cases involving AI-hallucinated content, 1,146 of them in the US.

Charlotin AI Hallucination Cases database, June 2026

~$30k

in sanctions against two attorneys for fabricated citations, at the appellate level.

Whiting v. City of Athens, 6th Cir., March 2026

US$290k

(AU$440k) government report partially refunded after hallucinated references were found in it.

Deloitte Australia, October 2025

Every one was discovered after the content shipped, by a judge, a client, or a journal. Zeflin surfaces AI-origin content at the paste, so a human catches it first.

When your insurer or auditor asks about employee-AI controls, you have the answer.

All three drivers ask the same question. Zeflin's logs, attestations, and policy are the programmatic evidence. Export an evidence pack, not screenshots.

Insurance + AI underwriting

Insurers filed Generative-AI exclusion forms effective January 2026, and cyber underwriting questionnaires now ask about employee-AI controls.

SOC 2

Auditors now expect programmatic AI-control evidence under the existing criteria (CC6 to CC9), not screenshots.

ISO/IEC 42001

A growing share of enterprise buyers screen vendors for AI-management posture before they sign.

The pressure is your insurance renewal and your next SOC 2 audit, not the EU AI Act, which does not mandate logging employee AI use. No fear, just the controls your insurer and auditor ask about today. Carrier adoption varies, so ask your broker.

The Zeflin evidence pack composer: each section mapped to the question it answers for an insurer or auditor

A five-minute install, not a six-month rollout.

01

Deploy in minutes

Push the Chrome extension through Google Workspace or Intune. No agents, no proxies, no endpoint project.

02

Capture turns on with consent

It activates per employee only after they acknowledge the monitoring notice. The notice and consent workflow are built in.

03

Warn, attest, and prove

Outbound warnings, inbound attestations, and a one-click evidence pack for insurers and auditors.

The arc:See/Alert/Attest/Enforce/ProveEnforce is To AI only. Attest is From AI only.

Guardrails, not surveillance theater.

Full capture is a serious responsibility, so the safeguards ship from day one, and we are honest about what the product does not do yet.

Encrypted, then deleted

Captured content is encrypted at rest and hard-deleted on a retention TTL. No archive.

No ack, no capture

Capture activates per employee only after they acknowledge the monitoring notice.

Work is never blocked

Pastes into your own email and docs are never blocked. A human decides, never an auto-score.

Yours to delete

Per-employee export and verified hard delete handle DSARs without engineering.

What we don't do yet
Phase 1 is managed Chrome and web AI tools. Desktop-app paste coverage comes after validation.
Matching catches verbatim and lightly-edited reuse. Heavy rewrites are out of scope in v1.
US companies only, on Google Workspace with managed Chrome. We say so up front.

Become a design partner.

We are running a small number of free pilots with US companies. You get the full product, a hands-on rollout, and a pilot with success criteria we agree on together. We get a design partner who shapes what we build.

  • Free, with no card and no commitment
  • Hands-on Workspace or Intune rollout
  • A pilot scoped to your own success criteria

Free pilot for US companies on managed Chrome. No card, no commitment.