Organization Overview
Loading…
Risk Distribution
7-Day Org-Wide Trend
Top Regulations Triggered
Top LLM Endpoints
PII Types Sanitized
Financial Data Protected
Most Active Devices
Recent Critical Events
Devices
—
/Device
Departments
PII exposure breakdown by team
Department Comparison
Org-Wide Scan Log
—
| Time↕ | User | Dept | Domain↕ | LLM | Risk↕ | Action | Regulations |
|---|
—
Security Report
Organization security summary
Server Settings
Organization-level configuration
Behavioral baselining
Compares each user's volume of sensitive AI flows against their
department's median over the last 30 days. It names employees,
so it is off unless you turn it on. It never alerts and never emails
anyone — the numbers appear only when someone opens the report.
Departments with fewer than 3 reporting devices are compared against
the organisation median, so a small team's median cannot identify a
colleague.
SIEM export (OCSF)
Ledger events as OCSF Data Security Finding (class_uid 2006)
NDJSON — ingestible by AWS Security Lake, Splunk, Sentinel or Chronicle.
Fingerprints and chain hashes are never exported.
The AWS secret access key is never entered or stored here — set
ARGOS_OCSF_S3_SECRET in the server environment (or attach an
IAM role). Without it the daily push stays off and the download below
still works.
AGENT BOOTSTRAP CODE
– / – seats used
–
At full capacity the next install is rejected with
seat limit reached. Free a seat by
decommissioning a device in Devices.
ACTIVE BOOTSTRAP CODE
No code yet — rotate to generate one
ROTATE BOOTSTRAP CODE
GENERATE INSTALL COMMAND
USER EMAIL
DEPARTMENT
TARGET OS
Email & department are tagged to the device and appear
in Devices / Departments. Paste into a CI/CD job or run manually.
Organization
Distribute this to agents via their config
Global Policies
Block CRITICAL everywhere
Override agent enforcement
Require minimum k-anonymity
k ≥ 5 org-wide
Weekly email digest
AGENT UPDATES
—
UPDATE HISTORY
API Endpoints
Fire on CRITICAL events
Superusers
—
Admin · you
Danger Zone
Purge scan history
Delete all org scans older than retention
Issue new org token
Adds a new token for new enrolments — existing agents keep working
Network Monitoring
Outbound traffic, alert rules and notification settings
Monitoring Toggle
Loading…
—
Events (24h)
—
Volume Out
—
Categories
—
Flagged
Traffic by Category
Severity Breakdown
Flagged Events
Category Legend
| Time | User | Device | Domain | Category | Severity | Bytes Out |
|---|
Alert Rules
New Rule
Triggered Alerts
| Time | Rule | Device | Severity | Status |
|---|
Email Notifications (SMTP)
Hot-Path Latency
Per-device stage p95 vs the published budget (≤30ms total added, per stage: scan ≤5ms / checksum ≤2ms / NER ≤20ms / transform ≤3ms)
Per-Device Stage p95 vs Budget
AI Data-Flow Ledger
Loading…
—
Chain Integrity
—
Devices Reporting
—
Round-Trip Echoes
—
Provenance Searches
AI Usage by Provider
| Provider | Direction | Action | Flows |
|---|
Coverage
Provenance Search
Check whether any fragment of a document ever reached an AI tool. The text is fingerprinted in the browser and discarded, never stored. Every search is written to the audit log and appears in the evidence pack.