Skip to content
shadowiq
v1 · April 2026 · EU AI Act countdown: T-4 months

Every AI decision, signed and proven.

Discover every model, agent, and assistant running inside your enterprise. Enforce policy at the gateway in under 75 ms. Prove compliance with cryptographic evidence auditors accept.

Book a demoSee the architecture
< 75 ms
p99 gateway
70+
risk controls
Ed25519
signed evidence
ChatGPTClaude APIBedrockCopilotInternal LLMAgentGatewayp99 74ms · 14 policiesblk 0x4e12a0signed · sealedblk 0x4e12a1signed · sealedblk 0x4e12a2signed · sealedblk 0x4e12a3signed · sealedblk 0x4e12a4signed · sealed✓ prompt-injection-v2 · block✓ pii-redact · redact
Evidence sealed
Ed25519 · fp_a9c3e71d
Ed25519 signedMerkle anchoredOSCAL exportable74 ms p99 gateway70+ controls · pre-mappedEU AI Act · NIST AI RMF · ISO 42001 · SOC 2SOC 2 Type IIDeploy SaaS · VPC · self-hostEd25519 signedMerkle anchoredOSCAL exportable74 ms p99 gateway70+ controls · pre-mappedEU AI Act · NIST AI RMF · ISO 42001 · SOC 2SOC 2 Type IIDeploy SaaS · VPC · self-hostEd25519 signedMerkle anchoredOSCAL exportable74 ms p99 gateway70+ controls · pre-mappedEU AI Act · NIST AI RMF · ISO 42001 · SOC 2SOC 2 Type IIDeploy SaaS · VPC · self-host
The problem · Shadow AI is already in your stack

Your AI inventory stopped being a spreadsheet weeks ago.

Samsung banned ChatGPT after an IP leak. Air Canada lost in court over a chatbot's promise. Every week a new headline. Every CISO we've talked to knows the stakes — and knows a spreadsheet will not cut it.

78%

of enterprises have shadow AI running — with zero security visibility.

McKinsey Workplace AI 2026
7%

of global revenue. That's the maximum fine under the EU AI Act.

EU AI Act · Article 99
T-4mo

until high-risk system enforcement begins. Your governance program has one.

Countdown from April 2026
0

AI governance platforms that sign every decision into a tamper-proof ledger — except one.

Competitive matrix · 2026
The shift
Two years ago this was a nice-to-have. Today it's a line item in every CISO's budget.
See readiness mappings
The platform · One signet, four seals

One platform. Four pillars.
End-to-end control of every AI system.

Most governance tools watch. ShadowIQ acts — and leaves proof behind.

DiscoverEvaluateEnforceEvidence
Continuous · signed · verifiable
01 · Pillar

Discover

Network, endpoint, SaaS, and code discovery — unified into a single AI BOM.

Open the discover pillar
02 · Pillar

Evaluate

Red-team every model, score every vendor, map to every framework.

Open the evaluate pillar
03 · Pillar

Enforce

Prompt injection defense, PII redaction, egress control — at the gateway.

Open the enforce pillar
04 · Pillar

Evidence

Ed25519-signed decisions anchored in a Merkle ledger. Export OSCAL in one click.

Open the evidence pillar
A day with ShadowIQ · T-minus 75 ms

Four steps. Under 75 milliseconds. Proof that survives you.

T+0 ms

A prompt enters the gateway.

Any model call — ChatGPT, Claude, Bedrock, or an internal LLM — routes through the ShadowIQ AI Gateway.

shadowiq · live
POST /v1/gateway/inference
{ "model": "openai:gpt-4o",
  "user": "alex@acme.com",
  "prompt": "Summarize John Doe, SSN 123-45-6789…" }
T+18 ms

70+ risk controls fire in parallel.

Prompt injection classifier, PII detector, egress policy, customer-specific rules — evaluated concurrently.

shadowiq · live
→ policy.evaluate
  ✓ injection.classifier   0.02 safe
  ! pii.detector           ssn · high
  ✓ egress.allowlist       pass
  → decision: redact
T+42 ms

The response is shaped, not just logged.

SSNs, credentials, and restricted identifiers are redacted inline. A human-in-the-loop fires for edge cases.

shadowiq · live
modified prompt:
  "Summarize John Doe, SSN [REDACTED]…"
modified decision: allow · redact(pii.ssn)
T+74 ms

The decision is signed and sealed.

Ed25519 signature, hashed into a Merkle tree, anchored in the evidence ledger. Your auditor gets read access. You keep the keys.

shadowiq · live
evidence.seal
  block   0x4e12a0
  key     fp_a9c3…e71d
  status  anchored
  OSCAL   exportable
Regulatory alignment · Map, not guess

Pre-mapped to every framework your auditor asks about.

Every control in ShadowIQ is already bound to the article, clause, or criterion you need to defend. Evidence exports in OSCAL — no spreadsheet gymnastics.

See crosswalks
EU
EU AI Act
Enforcement Aug '26
NIS
NIST AI RMF
Govern · Map · Measure · Manage
ISO
ISO 42001
AI management system
SOC
SOC 2 (AI)
Trust Services Criteria
HIT
HITRUST
Healthcare controls
NYC
NYC LL-144
Hiring bias audit
COL
Colorado AI Act
Consumer protection
GDP
GDPR (AI)
Art. 22 automated decisions
Integrates with the stack you already run
Full catalog · /platform/integrations
Okta
Snowflake
Databricks
ServiceNow
Splunk
Azure OpenAI
Bedrock
Vertex
Anthropic
OpenAI
CrowdStrike
Drata
Vanta
PagerDuty
Slack
Okta
Snowflake
Databricks
ServiceNow
Splunk
Azure OpenAI
Bedrock
Vertex
Anthropic
OpenAI
CrowdStrike
Drata
Vanta
PagerDuty
Slack
Design partner · Global insurer · Q2 2026
We replaced four point tools and a spreadsheet. The first signed audit export cleared our Q2 committee review in eleven minutes.
EM
Elena Marchetti
CISO · Insurance · $28B AUM
Ready to see the signet in motion?

Your 30-minute demo. A signed audit trail by the end of it.

We'll wire ShadowIQ into one live workload, block a prompt injection in real time, and hand you a cryptographic receipt — before the meeting ends.

Schedule a 30-minute walkthroughReview pricing