AI tool inventory
Find what AI is actually in use. Sanctioned tools, personal-login shadow tools, browser plugins, meeting bots and the AI features inside your existing SaaS that nobody flipped off.
Service · AI DLP & governance · All major AI tools
Stop staff pasting customer data into AI.
Cyberhaven research found 11% of data pasted into ChatGPT was confidential and 4.2% of workers had pasted company data into a public AI tool at least once. The risk is not theoretical and it is not limited to Microsoft Copilot. ChatGPT, Claude, Gemini, Otter, Fireflies, Perplexity and dozens of free-tier AI tools are quietly absorbing client records, source code, financial data and contracts every day. AI data loss prevention is how you get that under control without banning AI.
11%
of ChatGPT pastes contain confidential data (Cyberhaven)
All
major AI tools, not just Copilot
PrivacyAct
OAIC NDB scheme aligned
POA
scope agreed before commencement
01The leak surface
AI tools turn every staff member into a data egress point.
A bookkeeper pastes a client's P&L into ChatGPT to summarise it. That data now sits on someone else's server.
Multiply that across the team. A salesperson pastes a contract into Claude to redline it. A developer pastes a snippet of source code into Copilot. An office manager uses Otter to transcribe an internal meeting and Otter trains on the audio. None of these people are doing anything malicious. They are doing their jobs faster. But the cumulative exposure is real and almost always invisible until something goes wrong. AI data loss prevention treats this as a real risk surface and brings it under control, without banning the tools that staff genuinely benefit from.
Where AI data leaks fromall of these
- !Microsoft 365 Copilot. Pulls from SharePoint, OneDrive and Teams. Inherits whatever access permissions you already had.
- !ChatGPT, Claude, Gemini. Free tier and paid tier behave differently. Most staff use free tier on personal logins.
- !Meeting bots. Otter, Fireflies, Read, Fathom join calls and transcribe. Audio and transcripts often used for training.
- !Browser AI assistants. Perplexity, Arc, Brave Leo, Edge Copilot. Operate on whatever tab is open, including your CRM.
- !Code AI tools. GitHub Copilot, Cursor, Claude Code. Source code and config files travel to model providers.
- !Embedded AI in SaaS. Every SaaS now ships an AI feature. Read the data clause carefully or assume it trains by default.
02Scope
What an AI DLP engagement actually covers.
Data classification
Identify what data your team handles that should never go to a public AI tool. Client records, source code, financial data, health info, contracts, M&A material. Plain-English categories, not enterprise taxonomy.
Microsoft 365 controls
Configure Copilot sensitivity labels, Purview DLP rules and conditional access. Hide records that shouldn't be in Copilot's index. Block enterprise data from leaving via Edge.
Public AI tool policy
A written, plain-English policy on what staff can paste into ChatGPT, Claude, Gemini and other public AI tools. Includes the practical alternatives (paid tier, business tier, self-hosted) for the cases that justify it.
Meeting bot and SaaS AI
Audit which meeting bots and embedded SaaS AI features are training on your data. Turn off the ones you cannot justify. Document the ones you keep.
Incident response
What to do when someone pastes the wrong thing into the wrong tool. Step-by-step playbook covering OAIC Notifiable Data Breach assessment, client notification and tool-vendor takedown paths.
03Tiers
Three ways to engage. All scoped to your size.
AssessmentOne-off
Fixed-scope written assessment. AI tool inventory, data classification, gap analysis against Australian Privacy Act, prioritised recommendations. Roughly 2-3 weeks. The right starting point for most small businesses.
- ✓AI tool inventory
- ✓Data classification
- ✓Privacy Act gap analysis
- ✓Prioritised remediation list
ImplementationProject
We deliver the remediation. Microsoft 365 sensitivity labels and Purview rules configured, public AI tool policy written, staff training delivered, incident response playbook documented. Roughly 4-8 weeks.
- ✓Everything in Assessment
- ✓M365 controls configured
- ✓Policy + cheat sheet written
- ✓Staff training delivered
ManagedRetainer
Ongoing monitoring and quarterly review. New AI tools appear, vendors change their data clauses, staff churn. We keep the controls current and the policy fresh. Monthly retainer.
- ✓Everything in Implementation
- ✓Quarterly control review
- ✓New-tool risk reviews
- ✓Incident response on call
▸ pricing on application. Scope and figure agreed in writing before commencement.
04Method
How the engagement runs.
01 · scope
30-min scoping call
We confirm the tier, the team contact and the boundaries. What is in scope and what is out. No pitch deck.
02 · inventory
Find every AI tool
Browser plugins, personal logins, meeting bots, embedded SaaS AI, sanctioned tools. The full picture before any remediation.
03 · classify
Map the data risk
What data does the team actually handle and which categories should never reach a public AI tool. Plain-English, not enterprise jargon.
04 · remediate
Lock the leak surface
Microsoft 365 controls configured. Public AI tool policy written and signed off. Staff training delivered. Cheat sheet pinned.
05 · maintain
Keep it current
On the Managed tier we review quarterly. New AI tools appear weekly. Vendors update data clauses. The controls have to keep up.
We work with Australian small businesses, typically 5 to 50 staff. The Assessment tier is the most common starting point. About half of clients move on to Implementation. A smaller subset stay on Managed because new AI tools genuinely do arrive every week.
05Boundaries
What this engagement is not.
Not in scope
A network or device DLP rollout
Endpoint and network DLP is your MSP's territory. We focus on the AI tool surface that sits above the device layer.
Not in scope
A blanket AI ban
We do not write policies that block AI outright. The point is to keep the productive use while closing the leak surface.
Not in scope
A Microsoft 365 licence sale
We do not resell M365 SKUs or earn margin on Copilot licences. Vendor recommendations are vendor-neutral.
Not in scope
Legal advice
We work alongside your privacy lawyer. We do not provide legal opinions on what does or does not breach the Privacy Act in a specific case.
Not in scope
A penetration test
Different engagement. AI DLP is about authorised users leaking data via AI tools. Pen testing is about unauthorised access. We run that as a separate service.
06Triggers
When this engagement makes sense.
Copilot rolling out
M365 Copilot is live or imminent
Microsoft has flipped Copilot on for your tenant or you have signed for the licences. Sensitivity labels and Purview DLP rules need to be configured before staff start asking it sensitive questions.
Cyber insurance asking
Renewal form has AI questions
Your cyber insurance renewal or a procurement form has explicit questions about AI usage policy, AI data handling and incident response. You need real answers.
Near miss
Something nearly went wrong
A staff member pasted something into ChatGPT they probably should not have. Nobody got hurt this time. The owner wants the next time not to happen.
Regulator pressure
Sector regulator asking about AI
AHPRA, OAIC, ACNC, NDIS, NOPSEMA or a similar regulator is asking how you manage AI in the context of client and patient data.
Bigger client tendering
Procurement questionnaire
A larger client or government tender sent through a procurement form with AI governance questions. Saying nothing about AI DLP loses the deal.
Free tier shadow AI
Staff using personal AI logins
You suspect or know that staff are using ChatGPT, Claude or Gemini on personal accounts with company data. Nobody has audited what is going where.
07Related
Related services.
Service
AI Usage Review
Interview-based review of how AI tools are actually being used inside your team. Usually the first step before AI DLP.
→ServiceFractional Chief AI Officer
Ongoing AI ownership on a monthly retainer. AI DLP often sits inside a Fractional CAIO engagement.
→ServiceData & Privacy Advisory
Independent advisory on bespoke platforms and supply chain. The platform-side companion to AI DLP.
→08FAQ
Frequently asked questions.
AI data loss prevention (AI DLP) is the practice of stopping confidential data from leaving the business via AI tools. That covers Microsoft 365 Copilot pulling from files it should not see, staff pasting client data into ChatGPT or Claude, meeting bots transcribing internal calls, browser AI assistants reading whatever tab is open, and the AI features now embedded in most SaaS tools. AI DLP combines technical controls (M365 sensitivity labels, Purview DLP rules, conditional access), a written usage policy, staff training and incident response.
No. Microsoft Copilot is the most visible risk because of how broadly it has been rolled out, but the bigger surface is staff using ChatGPT, Claude, Gemini and dozens of free-tier AI tools on personal logins, browser AI assistants on company devices, and meeting bots silently joining calls. A real AI DLP engagement covers all of these, not just the Microsoft stack.
Pricing is on application. The Assessment tier is fixed-scope and typically runs 2-3 weeks. Implementation runs 4-8 weeks. The Managed retainer is monthly rolling. Scope and figure are agreed in writing before commencement, no annual lock-in on Managed.
Australian small businesses, typically 5 to 50 staff. Smaller than that the AI Usage Review or a Fractional CAIO engagement is usually a better fit. Larger than that the engagement scales but the playbook is the same.
The engagement is structured around Australian Privacy Act obligations including the Australian Privacy Principles, the Notifiable Data Breaches scheme, and (where relevant) the 2024 Privacy Act amendments. We work alongside your privacy lawyer rather than replacing them. Final compliance sign-off remains theirs.
The incident response playbook covers it: assess whether the data triggers OAIC Notifiable Data Breach obligations, document the exposure, contact the AI vendor through the appropriate takedown path (OpenAI, Anthropic and Google all have one), notify affected clients if required, and update the policy to prevent recurrence. Doing this in advance is what separates a near miss from a notifiable breach.
No, and that is the point. A blanket AI ban gets ignored within weeks and pushes the usage further into the shadows. AI DLP done well makes the sanctioned tools easy to use and the risky paths hard. Most clients see AI usage go up not down after the engagement, because staff finally know what they are allowed to use.
Not necessarily. AI DLP is the one-off and ongoing technical and policy work. Fractional Chief AI Officer is broader ongoing AI leadership. Many small businesses do AI DLP first and only add Fractional CAIO if AI becomes a bigger part of the business model.