THE UNLOCK
Before Omna, policy said "no client data or credentials in AI tools." This week the team used AI on everything — 19,495 requests, 0 blocked — because masking happens on-device before anything leaves, and every request has a receipt. Your people get the tools; you get the proof.
1 · SCAN — WHAT WE SEE
AI app inventory ↓ export CSV
Every AI destination your machines contacted this week, discovered automatically — including personal accounts your policies never approved. The Inspection column says exactly how each tool is covered.
Tool
Account
Inspection
Employees
Requests
Caught
Status
Claude Code
CORPORATE
ENV PROXY
31
14,882
5 secrets · 165 PII
GOVERNED
Cursor (incl. default routing)
CORPORATE
SYSTEM CERT
9
2,431
2 secrets · 29 PII
GOVERNED
aider
CORPORATE
ENV PROXY
2
891
0 secrets · 7 PII
GOVERNED
ChatGPT (web)
PERSONAL
SYSTEM CERT
5
1,204
0 secrets · 12 PII
GOVERNED
Gemini (web)
PERSONAL
SYSTEM CERT
1
87
0 secrets · 1 PII
GOVERNED
How inspection works: ENV PROXY — the tool is configured to route through Omna on the device. SYSTEM CERT — a managed root certificate lets Omna inspect the tool's traffic system-wide, so even personal-account web tools are masked. Known limits, stated up front: certificate-pinned apps, unmanaged personal devices, and mobile are not inspected. Coverage is tracked machine-by-machine below — a gap you can see is a gap you can close.
Unprotected machines — action required
Your roster (synced from Google Workspace / MDM) has 47 machines. These 5 are outside coverage: four have never enrolled, and one had its certificate profile removed. What they send to AI tools is not inspected — that is the risk. One click sends the owner the install link.
Machine
Employee
State
Since
Status
abc-mbp-007
Senior Backend
NOT ENROLLED
on roster · Jul 1
not inspected
Send install link
abc-mbp-013
Frontend
NOT ENROLLED
on roster · Jul 1
not inspected
Send install link
abc-mbp-021
QA Engineer
TAMPERED
cert removed · Jul 9 16:03
not inspected
Re-enroll
abc-mbp-029
Data Engineer
NOT ENROLLED
on roster · Jul 6
not inspected
Send install link
abc-mbp-034
Contractor
NOT ENROLLED
on roster · Jul 7
not inspected
Send install link
2 · PROTECT — SAVES, NOT CITATIONS
Catches ↓ export CSV
Every catch this week, by rule. Nothing here is a citation — each row is data that never left a machine, which means there is no incident to blame anyone for. Remediation happened before egress, so status starts at fixed.
Detection rule
Category
Catches
Teammates covered
Remediation
AWS access keys
SECRET
3
3
MASKED AT SOURCE
Database connection strings
SECRET
2
2
MASKED AT SOURCE
GitHub tokens
SECRET
1
1
MASKED AT SOURCE
Private keys
SECRET
1
1
MASKED AT SOURCE
[CONTACT] emails & phones
PII
133
19
MASKED AT SOURCE
[IDENTITY] names
PII
56
14
MASKED AT SOURCE
[FINANCIAL] account numbers
PII
17
6
MASKED AT SOURCE
[GOV_ID] tax & ID numbers
PII
8
4
MASKED AT SOURCE
Where catches concentrate ↓ export CSV
Grouped by team — enough to target coaching without ranking individuals. Per-person drill-down exists, but it is role-gated, logged, and off by default; turn it on in Policy only if your workflow needs it.
Team
Employees involved
Secrets
PII
Top tool
Trend vs last week
Backend (11)
8
3
78
claude-code
▲ +2 secrets
Data (6)
5
2
61
cursor
▼ −1 secret
Platform (5)
3
1
34
claude-code
▼ steady
Frontend (9)
6
0
33
claude-code
▲ +9 PII
QA (4)
2
1
8
aider
▼ −3 PII
The trace — what one interaction looks like
Every one of the 19,495 requests has this record. This is receipt #18,196 — the AWS-key catch from the table above.
Never left the machine — shown from the local device only.
Debug why the settlement job fails. Config:
aws_access_key_id = AKIA2E7NPP4EXAMPLE9Q
db = postgres://admin:Tr4d3r!2026@db.internal:5432/settlements
On failure notify m.k@clientabc.com and j.n@clientabc.com
What the AI actually received
Byte-for-byte, verified by content hash c41f…
Debug why the settlement job fails. Config:
aws_access_key_id = [REDACTED:AWS_KEY]
db = [REDACTED:DB_URL]
On failure notify [EMAIL_1] and [EMAIL_2]
Secrets — removed forever. Never restored, never reached any AI.Personal data — restored only inside the reply, on the employee's machine.
What the teammate saw, seconds later
The save goes to the dev first — cover, not blame. You get the receipt; they get the moment Omna had their back.
O
Omna now · abc-mbp-011
Live AWS key masked before it left your machine. You're covered — rotate it when ready.
Rotation guide → · View receipt →
3 · PROVE — THE AUDIT TRAIL
Receipts — one tamper-evident line per request ↓ export full ledger (CSV / JSON)
All 19,495 interactions, nothing sampled. Each line records what data, who, when, and which destination — and is hash-chained to the previous line, so editing any entry visibly breaks the chain.
Time
Team
Machine
Tool → destination
Data caught
Chain
Jul 10 · 14:41:07
Backend
abc-mbp-011
claude-code → anthropic
clean
…c41f → 9d2e
Jul 10 · 14:38:52
Backend
abc-mbp-011
claude-code → anthropic
AWS_KEYDB_URLEMAIL ×2
…88a0 → c41f
Jul 10 · 14:35:19
Data
abc-mbp-024
cursor → anthropic
IDENTITY ×3
…31bb → 88a0
Jul 10 · 14:31:44
Platform
abc-mbp-002
claude-code → anthropic
clean
…e07c → 31bb
Jul 10 · 14:29:03
QA
abc-mbp-038
aider → openai
CONTACT ×2
…54d9 → e07c
Why receipts matter even with enterprise AI contractsZero-data-retention and enterprise tiers are contractual promises about what the provider does after your data arrives. A receipt is technical proof of what crossed the wire in the first place — the artifact your customers' security reviews, your SOC 2 auditor, and your own DPA obligations can actually verify. Omna doesn't replace your enterprise agreement; it makes it provable.
Alerts sent this week
Delivered the moment they happened — the save to the dev, the alert to security. Caught keys enter a rotate-and-verify loop, so a catch ends with a rotated credential, not an open item.
When
Alert
Delivered to
Jul 10 · 14:38
AWS key caught in a Claude Code request on abc-mbp-011 — masked, never sent · key rotated 24 min later ✓
Unenrolled machine on roster: abc-mbp-034 (contractor) has no Omna heartbeat
security@clientabc.com · eng-lead@clientabc.com
✓ 19,495 receipts this week · chain intact since deployment · evidence accumulating toward your next audit
4 · TRUST — WHAT LEAVES THE DEVICE
Don't take our word for it — check
The exact and complete list of what Omna transmits to build this report, and what physically never leaves the machine. Your security team can verify both, live, on any enrolled device.
Sent to Omna cloud — metadata only, ~120 bytes/request
Everything in this report is built from these five fields. Nothing else is transmitted.
Inspection, masking, and restore all run on-device.
prompt & file contents
the detected values themselves
masked output · AI replies
restore mappings ([EMAIL_1] → value)
search index & embeddings
Verify it yourself:omna audit --outbound prints every byte this device has sent to Omna — live, from the shipped binary.Open-source core: the interception + masking data path is public code your team can read and build.
Operationally boring by design: Omna fails open — if it ever stops, your tools keep working and the coverage gap is logged and alerted (that's the TAMPERED state above), never a silent outage. Pilot deployments can run fully on-prem: the report is generated inside your network and nothing reaches Omna cloud at all.
5 · SAVE — OPTIONAL, WHEN ENABLED
Token savings
8 employees have Save mode on: large files are sliced to only the relevant rows before sending. Counted with the same tokenizer on both sides — what would have been sent vs. what was sent.
This week, across 214 file-backed requests
Tokens if raw files had been sent2,140,000
Tokens actually sent after slicing663,000
Rows sent vs. total rows4,812 / 168,400
Top sliced filetransactions_q2.csv · −91%
−69%
fewer tokens sent to AI providers = lower bills, faster replies, fewer rate limits
Included in the Team plan from day one of deployment
Omna Labs, Inc. · omna.dev · AI on everything — masked on-device, proven on paper · verify: omna audit --outboundSAMPLE REPORT — illustrative data · Client ABC is fictional