One sensor. High-fidelity signal. Governance that works.

A lightweight browser extension captures URL and identity telemetry. The risk engine runs in your environment, resolves ownership down to a named business owner, and produces an identity register your team can govern โ€” not just read.

End-to-end data flow

๐ŸŒ
Browser Chrome / Edge
โฌก
Extension URL + method
โฌš
Ingest API POST /ingest
โ—ˆ
Risk engine Aurora DB
โ‰ก
Register Live, auditable

Step 1 โ€” Deploy the browser sensor

Push through your existing browser management tooling. No new agents. No network changes. No modifications to your IAM or SSO configuration.

  • Chrome Enterprise, Intune, or Jamf โ€” same channel you already use for browser policy.
  • Minimum permissions โ€” the extension observes outgoing request URLs and HTTP methods. No content access. No cookies. No request or response body.
  • Pilot first, then fleet-wide. Validate signal quality before enabling organization-wide.
  • Data stays in your environment. Deployed inside AWS, GCP, or Azure. Nothing sent to Aurora infrastructure.

What the extension captures

Visited URLFull request URL HTTP methodGET, POST, etc. Identity UUIDPersistent, per session TimestampMillisecond precision PII exposurePII signal without the data itself

Not captured

Request body ยท Response content ยท Cookies ยท Form data ยท Keystrokes

Ownership resolution

UUID โ†’ service mapAurora DB enrichment Usage pattern analysisOwnership signal Owner resolutionNamed, not just metadata Risk scoredCategory + behaviour

What ownership resolution means

Not a technical owner. Not a team. The specific person in the business who can say: that account is mine, here's why it exists, and yes you can turn it off.

Step 2 โ€” Resolve identity and ownership

Raw URL telemetry runs through the risk engine and Aurora DB โ€” a curated map of AI tools, developer platforms, HR, and financial services. Every account gets a score. Every account gets a named business owner.

  • No IDP or HR system required at launch. Masked UUIDs are sufficient to detect and map risk.
  • Service accounts included. The engine resolves ownership even for service accounts.
  • Account origin, not just technical metadata. Aurora surfaces who created it and captures further business context at that point โ€” department, purpose, and whether it's still needed.
  • Noise filtered. Not every URL is a governance signal โ€” the engine surfaces what matters.

Step 3 โ€” Surface the register and govern it

Every AI tool and service account observed in your environment โ€” with ownership status, risk score, and usage data. This is a working register, not a report. Continuously updated. Filterable, exportable, auditable.

  1. Discover โ€” new accounts detected as usage happens. Not on a schedule.
  2. Classify โ€” risk engine scores by category and embedded risk.
  3. Assign ownership โ€” unresolved accounts flagged, ownership resolved to a named business owner.
  4. Act โ€” alerts via Slack, Teams, or email. The account, the owner, the action needed.
  5. Review โ€” closed-loop tracking. Every cycle. Auditable.

The identity register

Every AI tool in use, with business owner, department, risk score, and last-seen timestamp. Not a dashboard URL โ€” the actual register.

Offboarding coverage

When someone leaves, Aurora surfaces every account they touched โ€” shadow tools and service accounts included. Nothing stays behind undetected.

Audit-ready export

The register exports for audit packages. The auditor gets the data, not a dashboard URL.

aurora โ€” book-session

aurora run demo --env production

See the register for your environment.

We'll deploy to a pilot group, show you what Aurora finds, and walk through ownership resolution in a live environment.

Book a live walkthrough See how it works

No sandbox ยท No slideshow ยท Your environment