Omna.AI ON EVERYTHING — MASKED ON-DEVICE · PROVEN ON PAPER · OPEN-SOURCE CORE
AI Protection Report · Client ABC
47 employees · 47 machines
Period: 7 days3090180
Coverage
42 / 47▲ +3
machines protected · 5 unprotected
AI requests enabled
19,495
0 blocked · 100% masked on-device
Data scanned
3.4 GB
prompts + attached files
Secrets caught
7
never reached any AI
Personal data masked
214
restored only in replies
Tokens saved
69%
Save mode · 8 employees
THE UNLOCK Before Omna, policy said "no client data or credentials in AI tools." This week the team used AI on everything — 19,495 requests, 0 blocked — because masking happens on-device before anything leaves, and every request has a receipt. Your people get the tools; you get the proof.
1 · SCAN — WHAT WE SEE

AI app inventory ↓ export CSV

Every AI destination your machines contacted this week, discovered automatically — including personal accounts your policies never approved. The Inspection column says exactly how each tool is covered.
ToolAccountInspectionEmployeesRequestsCaughtStatus
Claude CodeCORPORATEENV PROXY3114,8825 secrets · 165 PIIGOVERNED
Cursor (incl. default routing)CORPORATESYSTEM CERT92,4312 secrets · 29 PIIGOVERNED
aiderCORPORATEENV PROXY28910 secrets · 7 PIIGOVERNED
ChatGPT (web)PERSONALSYSTEM CERT51,2040 secrets · 12 PIIGOVERNED
Gemini (web)PERSONALSYSTEM CERT1870 secrets · 1 PIIGOVERNED
How inspection works: ENV PROXY — the tool is configured to route through Omna on the device. SYSTEM CERT — a managed root certificate lets Omna inspect the tool's traffic system-wide, so even personal-account web tools are masked. Known limits, stated up front: certificate-pinned apps, unmanaged personal devices, and mobile are not inspected. Coverage is tracked machine-by-machine below — a gap you can see is a gap you can close.

Unprotected machines — action required

Your roster (synced from Google Workspace / MDM) has 47 machines. These 5 are outside coverage: four have never enrolled, and one had its certificate profile removed. What they send to AI tools is not inspected — that is the risk. One click sends the owner the install link.
MachineEmployeeStateSinceStatus
abc-mbp-007Senior BackendNOT ENROLLEDon roster · Jul 1not inspectedSend install link
abc-mbp-013FrontendNOT ENROLLEDon roster · Jul 1not inspectedSend install link
abc-mbp-021QA EngineerTAMPEREDcert removed · Jul 9 16:03not inspectedRe-enroll
abc-mbp-029Data EngineerNOT ENROLLEDon roster · Jul 6not inspectedSend install link
abc-mbp-034ContractorNOT ENROLLEDon roster · Jul 7not inspectedSend install link
2 · PROTECT — SAVES, NOT CITATIONS

Catches ↓ export CSV

Every catch this week, by rule. Nothing here is a citation — each row is data that never left a machine, which means there is no incident to blame anyone for. Remediation happened before egress, so status starts at fixed.
Detection ruleCategoryCatchesTeammates coveredRemediation
AWS access keysSECRET33MASKED AT SOURCE
Database connection stringsSECRET22MASKED AT SOURCE
GitHub tokensSECRET11MASKED AT SOURCE
Private keysSECRET11MASKED AT SOURCE
[CONTACT] emails & phonesPII13319MASKED AT SOURCE
[IDENTITY] namesPII5614MASKED AT SOURCE
[FINANCIAL] account numbersPII176MASKED AT SOURCE
[GOV_ID] tax & ID numbersPII84MASKED AT SOURCE

Where catches concentrate ↓ export CSV

Grouped by team — enough to target coaching without ranking individuals. Per-person drill-down exists, but it is role-gated, logged, and off by default; turn it on in Policy only if your workflow needs it.
TeamEmployees involvedSecretsPIITop toolTrend vs last week
Backend (11)8378claude-code▲ +2 secrets
Data (6)5261cursor▼ −1 secret
Platform (5)3134claude-code▼ steady
Frontend (9)6033claude-code▲ +9 PII
QA (4)218aider▼ −3 PII

The trace — what one interaction looks like

Every one of the 19,495 requests has this record. This is receipt #18,196 — the AWS-key catch from the table above.
receipt #18,196 · Jul 10, 14:38:52 · abc-mbp-011 · Backend team · claude-code → api.anthropic.com
chain verified
What the employee typed
Never left the machine — shown from the local device only.
Debug why the settlement job fails. Config: aws_access_key_id = AKIA2E7NPP4EXAMPLE9Q db = postgres://admin:Tr4d3r!2026@db.internal:5432/settlements On failure notify m.k@clientabc.com and j.n@clientabc.com
What the AI actually received
Byte-for-byte, verified by content hash c41f…
Debug why the settlement job fails. Config: aws_access_key_id = [REDACTED:AWS_KEY] db = [REDACTED:DB_URL] On failure notify [EMAIL_1] and [EMAIL_2]
Secrets — removed forever. Never restored, never reached any AI. Personal data — restored only inside the reply, on the employee's machine.

What the teammate saw, seconds later

The save goes to the dev first — cover, not blame. You get the receipt; they get the moment Omna had their back.
O
Omna now · abc-mbp-011
Live AWS key masked before it left your machine. You're covered — rotate it when ready.
Rotation guide →  ·  View receipt →
3 · PROVE — THE AUDIT TRAIL

Receipts — one tamper-evident line per request ↓ export full ledger (CSV / JSON)

All 19,495 interactions, nothing sampled. Each line records what data, who, when, and which destination — and is hash-chained to the previous line, so editing any entry visibly breaks the chain.
TimeTeamMachineTool → destinationData caughtChain
Jul 10 · 14:41:07Backendabc-mbp-011claude-code → anthropicclean…c41f → 9d2e
Jul 10 · 14:38:52Backendabc-mbp-011claude-code → anthropicAWS_KEYDB_URLEMAIL ×2…88a0 → c41f
Jul 10 · 14:35:19Dataabc-mbp-024cursor → anthropicIDENTITY ×3…31bb → 88a0
Jul 10 · 14:31:44Platformabc-mbp-002claude-code → anthropicclean…e07c → 31bb
Jul 10 · 14:29:03QAabc-mbp-038aider → openaiCONTACT ×2…54d9 → e07c
Why receipts matter even with enterprise AI contracts Zero-data-retention and enterprise tiers are contractual promises about what the provider does after your data arrives. A receipt is technical proof of what crossed the wire in the first place — the artifact your customers' security reviews, your SOC 2 auditor, and your own DPA obligations can actually verify. Omna doesn't replace your enterprise agreement; it makes it provable.

Alerts sent this week

Delivered the moment they happened — the save to the dev, the alert to security. Caught keys enter a rotate-and-verify loop, so a catch ends with a rotated credential, not an open item.
WhenAlertDelivered to
Jul 10 · 14:38AWS key caught in a Claude Code request on abc-mbp-011 — masked, never sent · key rotated 24 min later ✓dev (save) · security@ · #security-alerts
Jul 9 · 16:04Interception disabled on abc-mbp-021 — certificate profile removed; machine marked unprotectedsecurity@clientabc.com
Jul 7 · 10:27Unenrolled machine on roster: abc-mbp-034 (contractor) has no Omna heartbeatsecurity@clientabc.com · eng-lead@clientabc.com
✓ 19,495 receipts this week · chain intact since deployment · evidence accumulating toward your next audit
4 · TRUST — WHAT LEAVES THE DEVICE

Don't take our word for it — check

The exact and complete list of what Omna transmits to build this report, and what physically never leaves the machine. Your security team can verify both, live, on any enrolled device.
Sent to Omna cloud — metadata only, ~120 bytes/request
Everything in this report is built from these five fields. Nothing else is transmitted.
timestamp pseudonymous machine ID tool → destination domain rule IDs triggered + counts receipt chain hash
Never leaves the machine
Inspection, masking, and restore all run on-device.
prompt & file contents the detected values themselves masked output · AI replies restore mappings ([EMAIL_1] → value) search index & embeddings
Verify it yourself: omna audit --outbound prints every byte this device has sent to Omna — live, from the shipped binary. Open-source core: the interception + masking data path is public code your team can read and build.
Operationally boring by design: Omna fails open — if it ever stops, your tools keep working and the coverage gap is logged and alerted (that's the TAMPERED state above), never a silent outage. Pilot deployments can run fully on-prem: the report is generated inside your network and nothing reaches Omna cloud at all.
5 · SAVE — OPTIONAL, WHEN ENABLED

Token savings

8 employees have Save mode on: large files are sliced to only the relevant rows before sending. Counted with the same tokenizer on both sides — what would have been sent vs. what was sent.

This week, across 214 file-backed requests

Tokens if raw files had been sent2,140,000
Tokens actually sent after slicing663,000
Rows sent vs. total rows4,812 / 168,400
Top sliced filetransactions_q2.csv · −91%
−69%
fewer tokens sent to AI providers
= lower bills, faster replies, fewer rate limits
Real-timeSave → the dev · alert → security
DailyDigest of catches & coverage
WeeklyThis report, auto-delivered
MonthlyEvidence pack — SOC 2, vendor questionnaires, client audits
Included in the Team plan
from day one of deployment
Omna Labs, Inc. · omna.dev · AI on everything — masked on-device, proven on paper · verify: omna audit --outbound SAMPLE REPORT — illustrative data · Client ABC is fictional