Stack Breach
Real-time shadow AI detection · APRA CPS 234 · ASD Essential 8 · Privacy Act 1988

Your team is already
sending data to AI.
You just can't see it.

Stack Breach monitors every outbound AI API call across your organisation — giving compliance teams, SOC analysts, risk managers, and auditors a single pane of glass before a breach becomes a regulator's problem.

Start free trial See how it works

No credit card required · 14-day free trial · Australian-hosted data

14,682

AI API calls monitored per month

19 min

Mean time-to-alert (critical)

91%

Policy coverage across frameworks

< 5 min

Time to instrument a new device

The problem

Unsanctioned AI is your biggest unaudited risk.

Employees are using ChatGPT, Claude, Gemini, and a dozen other AI tools without IT approval — pasting customer records, legal documents, and proprietary source code into external LLMs every day. By the time your APRA or Privacy Act audit lands, the exposure has already happened.

  • Zero visibility into which AI tools employees are using
  • Sensitive PII and IP leaving the organisation undetected
  • No audit trail for APRA CPS 234 or ASD Essential 8 reviews
  • Compliance teams discovering breaches months after the fact
The solution

Six capture methods. One compliance dashboard.

Stack Breach intercepts AI traffic at every layer — network, browser, SDK, API gateway, SaaS webhooks, and host OS — without proxying your data or reading message content. Every call is logged, classified, and surfaced to the right person on your team in real time.

  • Six capture methods covering every device and deployment pattern
  • Real-time violation detection with 19-minute MTTA on critical
  • Framework-aligned alerts: APRA CPS 234, Privacy Act 1988, ASD Essential 8
  • One-click evidence packs for regulators and external auditors

Six ways to catch what others miss

Whether your team is remote, hybrid, or using SaaS integrations, Stack Breach captures AI traffic at every layer — no matter how employees access it.

01

Browser extension

Captures AI usage directly in Chrome and Edge before it leaves the device. Ideal for BYOD and remote workers.

02

Network proxy agent

Lightweight gateway-level monitor that logs outbound AI API calls without decrypting content.

03

SDK wrapper

Drop-in replacement for popular AI client libraries. Logs calls from developer workstations and internal tooling.

04

SaaS webhooks

Native integrations with Microsoft 365 Copilot, Google Workspace AI, Slack AI, and Salesforce Einstein.

05

Host agent

OS-level process monitor for servers and VMs. Catches AI calls from scripts, cron jobs, and backend services.

06

API gateway plugin

NGINX and AWS API Gateway plugins intercept AI traffic from production services at the infrastructure layer.

Purpose-built for every stakeholder

From SOC analysts triaging violations to board members reviewing risk posture — everyone gets the view they need.

Real-time monitoring dashboard

SOC analysts get a live feed of every AI call, violation, and alert across the organisation — filterable by provider, department, and framework.

Violation alerts & triage

Instant Slack and email alerts with severity tagging. Acknowledge, escalate, or mark false positives directly from the dashboard — with full audit trail.

One-click audit reports

Generate framework-aligned evidence packs for APRA CPS 234, Privacy Act 1988, ASD Essential 8, SOC 2, GDPR, and HIPAA — with cryptographic signing for integrity.

Compliance control centre

Map every AI policy to specific framework requirements. Manage exception requests, track remediation, and maintain evidence for your next audit.

Risk intelligence

Configurable risk scoring with department-level benchmarks. Risk managers see cross-organisation posture; executives see board-ready summaries.

Incident forensics

Full SOC analyst timeline with payload snapshots, access logs, hash-chain integrity, and MTTA tracking for every critical incident.

Auditor portal

Give external auditors scoped read-only access to evidence packs, framework coverage maps, and audit logs — without exposing live operational data.

Executive risk brief

Board-ready summaries with risk trend, audit readiness score, open critical items, and industry benchmark positioning — updated in real time.

AI-powered insights

Ask natural language questions about your compliance exposure and get instant answers. Powered by AWS Bedrock — your data stays in Australia.

The right view for every role

Stack Breach adapts to who's looking. Every team member sees exactly what they need — nothing more, nothing less.

SOC Analyst

User
  • My calls this month
  • My open violations
  • Conformance rate
  • Pending review

Live alert feed, violation triage, and per-user activity — with acknowledge and escalate actions built in.

Compliance Officer

Admin
  • Org risk score
  • Calls (30 days)
  • Active violations
  • Open alerts

Organisation-wide compliance posture, framework coverage, exception governance, and audit-ready reporting.

Risk Manager

Platform Staff
  • Orgs monitored
  • Orgs at risk
  • Open tickets
  • Avg risk score

Cross-tenant risk scoring, department rankings, benchmark comparisons, and incident escalation.

Security Engineer

Platform Admin
  • Monthly recurring revenue
  • Active organisations
  • Platform uptime
  • Policy coverage

Policy tuning backlog, rule registry, exception workflow, and developer API self-service portal.

External Auditor

Auditor
  • Evidence items
  • Frameworks covered
  • Audit readiness
  • Last audit date

Scoped read-only access to evidence packs, immutable audit logs, and framework coverage maps.

Executive / Board

Executive
  • Risk score trend
  • Audit readiness
  • Open critical items
  • Remediation rate

Board-ready risk brief with industry positioning, top priorities, and a one-page view for every board pack.

Up and running in under 5 minutes

Choose your capture method. Connect your team. Start monitoring.

01

Pick your capture method

Install the browser extension, deploy the network agent via a single shell command, or connect a SaaS webhook — your choice, your environment.

02

Invite your team by role

Add SOC analysts, compliance officers, risk managers, auditors, and executives. Each gets a tailored dashboard — no configuration needed.

03

Monitor, triage, and report

Violations appear in real time. Acknowledge alerts, track remediation, and generate audit evidence packs whenever your regulator asks.

Real-time compliance dashboard

Stack Breach dashboard preview

Frameworks supported

APRA CPS 234Privacy Act 1988ASD Essential 8GDPRHIPAASOC 2 Type IIISO 27001NIST CSFPCI-DSS

Don't wait for the audit to find out.

Start monitoring your organisation's AI traffic today. Your first shadow AI violation is probably happening right now.

Get started free

14-day free trial · No credit card · Australian-hosted · Cancel anytime

Compliance Resources

Empower your team. Secure your audits.

Download our expert compliance resources to assess your current Shadow AI risk posture and define robust controls.

📋
Compliance Mapped

Generative AI Acceptable Use Policy Template

Corporate Policy Framework

A ready-to-use policy document defining approved AI providers, data classifications, and employee guidelines. Mapped to APRA CPS 234, Privacy Act 1988, and GDPR.

🔍
Technical Guide

CISO's Shadow AI Audit & Discovery Checklist

Self-Guided Security Audit

Step-by-step technical checklist to search browser histories, firewall logs, local processes, and code dependencies for hidden AI tool usage.

📊
Audit Ready

The AI Compliance Framework Matrix

Regulatory Control Reference

Detailed matrix mapping specific sections of APRA CPS 234, ASD Essential 8, GDPR, HIPAA, and SOC 2 to their respective Generative AI data risks.