> ## Documentation Index
> Fetch the complete documentation index at: https://docs.oriant.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Shadow AI detection for macOS | Oriant

> Discover, govern, and block Shadow AI on managed macOS devices without storing prompt content.

Oriant is a Shadow AI inventory and control plane for managed macOS devices.

The Oriant Agent is a tunnel-only HTTPS system proxy. It identifies traffic to
catalogued AI providers, attributes it to the machine's stamped identity, and
sends aggregated metadata to Oriant. You can then review your company's AI
surface and set each provider to **Unsanctioned**, **Sanctioned**, or
**Blocked**.

<CardGroup cols={2}>
  <Card title="Connect a machine" icon="laptop" href="/get-started/connect-a-machine">
    Install the Agent on one macOS machine with a single-use enrollment command.
  </Card>

  <Card title="Deploy your fleet" icon="rocket" href="/get-started/deploy-your-fleet">
    Generate the Intune deployment artifacts for managed macOS machines.
  </Card>
</CardGroup>

## What Oriant records

Oriant stores the matched provider, stamped identity, originating app when
macOS can resolve it, time bucket, request count, byte totals, and whether the
connection was allowed or blocked. It never stores prompts, responses, request
bodies, URL paths, query strings, or headers.

The Agent does not decrypt TLS. It sees the destination from the HTTPS
`CONNECT` request and relays the encrypted connection when it is allowed.

## What happens next

1. [Connect a machine](/get-started/connect-a-machine) to confirm the Agent is reporting.
2. Review detected providers in **AI Tools**.
3. Set their [sanction state](/using-oriant/ai-tools) to match your policy.
