Shadow AI Governance · SentinelOne Deep Visibility · Multi-Tenant MSP
Shadow AIDetection Console
Real-time detection of unauthorized local AI models (Ollama, LM Studio, llama.cpp, Whisper), rogue GPU usage, and unapproved AI tooling across all client endpoints. Powered by SentinelOne Deep Visibility with per-site tenant isolation.
SentinelOne Singularity
Deep Visibility API
Ollama Detection
.gguf Model Files
GPU Abuse Flags
Site Isolation
Service User Auth
Defender Fallback
Client Detection Grid
Shadow AI Detections
Each tile shows the SentinelOne Site for that client. Click to expand endpoint-level events, process detections, and remediation actions. Data sourced from POST /web/api/v2.1/dv/init-query via backend proxy.
Aggregate Analytics
Detection Trends
Portfolio-wide shadow AI activity trends, model distribution, risk scoring over time, and endpoint coverage health.
// Endpoints with sustained GPU load >60% correlated with AI process detections
Deep Visibility Query Builder
S1 Query Console
Build and preview SentinelOne Deep Visibility queries. In production, these execute via your backend proxy with Authorization: ApiToken auth. Results returned from POST /web/api/v2.1/dv/init-query.
Query Builder — SentinelOne Deep Visibility
Preset Queries
Query (Deep Visibility DSL)
Site (Client)
From Date
To Date
Limit
POST /web/api/v2.1/dv/init-query · Ready
Policy Compliance
AI Policy Status
Per-client AI governance policy enforcement status. Shows whether written AI policies exist, whether S1 behavioral rules are deployed, and employee acknowledgment rates.
Real-Time Alerts
Detection Alerts
Automated alerts from Deep Visibility process matches, GPU anomaly correlation, and behavioral indicators flagged by SentinelOne across all client Sites.