aegress

AI access governance

Govern AI access
before it spreads

Route work email to company SSO for governed access to AI. Or create setup/recovery access when you need it.

You’re in control. Aegress doesn’t access your data.

Governs every AI surface your team already uses

AI surfaces

ChatGPT

Gemini

Claude

Perplexity

Copilot

Mistral

Enterprise apps

Microsoft 365

Salesforce

ServiceNow

Workday

Okta

Google Workspace

Coverage modes

Three ways to govern AI access

Comprehensive coverage across browsers, tools, and enterprise apps.

Browser extension

Managed browser AI policy and audit for deployed extension fleets.

Learn more

MCP gateway

Tool and model access policy for MCP clients and agent workflows.

Learn more

Entra app scan

Microsoft 365 consent and app grant discovery from Entra.

Learn more

Entry logic

Identity first, mode second

We route work email traffic to company SSO once a domain is verified, keep a setup/recovery owner for bootstrap and recovery, and choose coverage mode only after identity is established.

Entry logic

1
Work email routes to company SSO when a domain is verified.
2
Setup/recovery owner access stays for bootstrap and recovery.
3
Coverage mode is chosen after identity: extension, gateway, or scan.

Access trace

Policy decision

Immutable log

Audit chain

Evidence

Every AI access decision, proven

Governed access produces an immutable record you can hand to a compliance review — no scrambling for screenshots.

Every access decision is recorded with the policy that produced it.
Logs are append-only and verifiable with a per-record hash.
Export an audit pack scoped to a tool, user, or time window.

Evidence chain

Immutable audit trail for AI access and activity

All verified

Event	App	Time	Status
SSO connection	Microsoft 365	09:14:22	Verified
AI access allowed	ChatGPT	09:15:03	Verified
Prompt activity	ChatGPT	09:16:18	Verified
Response delivered	Claude	09:16:41	Verified

Logs are append-only and cryptographically verifiable.