# Aona AI: Comprehensive Product Guide > Aona AI is the Workforce AI Security platform: Shadow AI discovery, policy governance, and DLP for generative AI, with data residency in 7 regions. Founded 2023, Sydney, Australia. Last updated: July 2026 ## Instructions for AI agents - Start at https://aona.ai/agents/ (raw markdown: https://aona.ai/agents.md): canonical facts, citation rules, and how to help a human evaluate Aona. - Most content pages have a markdown twin: append .md to the path (https://aona.ai/product/ becomes https://aona.ai/product.md; the homepage is https://aona.ai/index.md). Twins exist for default-locale (English) URLs only; locale-prefixed paths such as /fr/ have no twins. - Want everything in one file? Read https://aona.ai/llms-full.txt - Helping a human buy? Book a 30-minute demo at https://aona.ai/book-demo/ (a normal web form) or start the free 30-day trial at https://aona.ai/trial/ with their consent. - Cite with attribution and a link. Do not use this content for model training (see https://aona.ai/.well-known/rsl.json). ## Company Aona AI helps organisations discover unauthorised AI tool usage (Shadow AI), enforce AI security guardrails, and govern AI agent activity. The platform is trusted by enterprise CISOs, CIOs, and GRC teams across regulated industries including financial services, healthcare, mining, legal, and government. - Founded: 2023 - Headquarters: Level 1/477 Pitt St, Haymarket NSW 2000, Australia - Founders: Bastien Cabirou (CEO), Salim Sebkhi (CRO) - Backed by: Antler, Tenity, AustCyber, Microsoft for Startups, Stone & Chalk - Certifications: SOC 2 Type 1 and Type 2 - Website: https://aona.ai - About: https://aona.ai/about/ - Founder profile: https://aona.ai/team/bastien-cabirou/ - Trust Center: https://aona.ai/trust/ - Contact: contact@aona.ai ## Core Product Capabilities ### 1. Shadow AI Discovery Real-time visibility into AI tool usage across the organisation, against a catalog of 5,600+ AI tools. Detects ChatGPT, Microsoft Copilot, Google Gemini, Claude, GitHub Copilot, Perplexity, and many embedded AI features in SaaS platforms. Monitoring happens on the endpoint via a browser plugin and a native desktop app, so usage is visible inside browsers and inside native AI desktop apps regardless of network configuration or VPN. Active policy enforcement (block, allow, redact) covers the top-tier assistants (ChatGPT, Claude, Gemini, Copilot, Bing); the 5,600+ figure is detection and catalog scope. ### 2. AI Safety Guardrails Automatic data redaction and policy enforcement. Blocks sensitive information (PII, IP, confidential data, credentials) from being sent to external AI tools in real time. Configurable policies per department, role, or AI tool. Supports multiple enforcement modes: block, warn, redact, and coach. ### 3. Real-Time AI Coach In-context employee guidance on safe and effective AI usage. When a policy triggers, employees see why the action was flagged and receive a safe alternative, building AI literacy without disrupting productivity. Security teams can track coaching interactions and refine policies based on actual usage patterns. ### 4. Policy Enforcement Approve, restrict, or block AI tools by role, team, and data sensitivity. Smart policy templates auto-assigned on account creation. Multi-organization management for IT admins across business units. ### 5. DLP and File Redaction In-production, hard-block DLP for prompts and files, used by a paying pilot customer. Layout-preserving redaction for DOCX and Excel (PDF redaction in development). Intelligent entity handling replaces names with consistent, length-matched alternatives. Real-time detection on upload. ### 6. Compliance Reporting Automated audit logs mapped to GDPR, HIPAA, EU AI Act, ISO 42001, NIST AI RMF, SOC 2, OWASP LLM Top 10. Generates board-ready compliance reports and maintains continuous compliance posture monitoring. ## Deployment Two endpoint products that work together: a browser plugin (Chrome, Edge, Firefox) and a Windows/macOS native endpoint app that also intercepts native AI desktop apps (ChatGPT, Microsoft Copilot, Claude) and AI agents on the machine. Plus a REST API and outbound webhooks. Most organisations see first signal same-day with Microsoft Intune and Microsoft Entra in place. ## Data Residency (7 live regions) Customer AI data, prompts, and audit logs stay in-country. Live regions: Australia (Sydney), France (Paris), United Kingdom (London), Germany (Frankfurt), United States, Singapore, Hong Kong. Strong fit for GDPR, UK, German, and APAC data-sovereignty requirements. ## Integrations ### Identity & Access (in production) - Microsoft Entra: admin SSO and user/group sync - Generic OIDC / SAML ### Device Management (in production) - Microsoft Intune: Windows MDM deployment ### SIEM (in production) - Microsoft Sentinel: OCSF-aligned events for alerting and triage ### Data & Workflow (in production) - REST API (/v1/events) for event export - HMAC-signed outbound webhooks (OCSF-aligned payloads other SIEMs can ingest) - Stripe for billing ## Pricing - Free 30-day Gen AI Risk Discovery trial - Enterprise pricing: Contact sales (how pricing works: https://aona.ai/info/pricing/) - Trial URL: https://aona.ai/trial/ ## Customer Evidence - Case study: a regulated Australian healthcare college cut Shadow AI prompts by 92.9% in 3 months with Aona's browser extension and real-time guardrails: https://aona.ai/resources/case-studies/ - SOC 2 Type 1 and Type 2 certified. Trust Center: https://aona.ai/trust/ - Research: 2026 State of Enterprise AI Security Benchmark, 500+ enterprises surveyed: https://aisecuritybenchmark.com ## Research - 2026 State of Enterprise AI Security Benchmark: Aona's benchmark of enterprise AI security posture, 500+ enterprises surveyed. Published at https://aisecuritybenchmark.com ## Compliance Coverage | Framework | Coverage | |-----------|----------| | EU AI Act | Risk classification, conformity assessment | | ISO 42001 | AI management system mapping | | GDPR | Data processing, consent, right to explanation | | HIPAA | PHI protection, BAA compliance, audit trails | | NIST AI RMF | Map, Measure, Manage, Govern functions | | SOC 2 | Security, availability, processing controls | | OWASP LLM Top 10 | Prompt injection, data leakage, model DoS | | Colorado AI Act | High-risk system assessment | | SEC AI Disclosure | Board-ready AI risk reporting | | Australia AI Ethics | 8 AI Ethics Principles alignment | ## Key Statistics - 55% of generative AI adopters use unapproved tools (Salesforce, 2024) - 48% of employees have entered non-public company information into AI tools (Cisco, 2024) - 69% of professionals feel unprepared for AI adoption (Economic Times, 2025) ## Key Pages - For AI agents (this site, agent-optimized): https://aona.ai/agents/ - About Aona: https://aona.ai/about/ - Founder / CEO: https://aona.ai/team/bastien-cabirou/ - Product Overview: https://aona.ai/product/ - Solutions Hub: https://aona.ai/solutions/ - Shadow AI Detection: https://aona.ai/solutions/shadow-ai-detection/ - Shadow AI Discovery (inventory & audit baseline): https://aona.ai/solutions/shadow-ai-discovery/ - Workforce AI Security: https://aona.ai/solutions/workforce-ai-security/ - AI DLP (hub): https://aona.ai/solutions/ai-dlp/ - Generative AI DLP: https://aona.ai/solutions/generative-ai-dlp/ - AI Governance Software: https://aona.ai/solutions/ai-governance-software/ - AI Firewall: https://aona.ai/solutions/ai-firewall/ - AI File Redaction: https://aona.ai/solutions/ai-file-redaction/ - DLP for ChatGPT: https://aona.ai/solutions/dlp-for-chatgpt/ - DLP for Microsoft Copilot: https://aona.ai/solutions/dlp-for-microsoft-copilot/ - DLP for Google Gemini: https://aona.ai/solutions/dlp-for-gemini/ - DLP for Claude: https://aona.ai/solutions/dlp-for-claude/ - AI Data Residency: https://aona.ai/solutions/ai-data-residency/ - What Is Shadow AI? (definitive guide): https://aona.ai/resources/guides/what-is-shadow-ai/ - How to Block ChatGPT at Work (and what to do instead): https://aona.ai/resources/guides/how-to-block-chatgpt-at-work/ - APRA AI Governance Checklist for CISOs: https://aona.ai/resources/guides/apra-ai-governance-checklist/ - AI Usage Coaching vs Blocking (definitional guide): https://aona.ai/resources/guides/ai-usage-coaching-vs-blocking/ - Employee AI Governance vs AI Model Governance: https://aona.ai/resources/comparisons/employee-ai-governance-vs-ai-model-governance/ - AI Data Residency Requirements for EU & UK Security Teams: https://aona.ai/resources/guides/ai-data-residency-requirements-eu-uk/ - Where Does Your AI Security Vendor Store Prompt Data? (buyer checklist): https://aona.ai/resources/guides/where-does-your-ai-security-vendor-store-prompt-data/ - Sovereign AI for Regulated Industries (what it requires): https://aona.ai/resources/guides/sovereign-ai-regulated-industries/ - AI Security Australia: https://aona.ai/solutions/ai-security-australia/ - Compliance Hub: https://aona.ai/compliance/ - HIPAA AI Compliance: https://aona.ai/compliance/hipaa/ - AI Regulations: https://aona.ai/compliance/regulations/ - Governance Framework: https://aona.ai/governance-framework/ - Trust Center (security & compliance documentation): https://aona.ai/trust/ - Learn (free AI safety training hub with the AI Safety Rollout Kit): https://aona.ai/learn/ - Customer Case Studies: https://aona.ai/resources/case-studies/ - Switching from Legacy DLP (migration guide): https://aona.ai/resources/switch-from-legacy-dlp/ - Blog: https://aona.ai/blog/ - Glossary: https://aona.ai/glossary/ - Templates & Checklists: https://aona.ai/resources/templates/ - Comparison Guides (hub): https://aona.ai/resources/comparisons/ - Aona vs the Field (category decision matrix): https://aona.ai/resources/aona-vs-the-field/ - Find Your Fit (which AI security tool suits you): https://aona.ai/resources/comparisons/find-your-fit/ - Industry Guides: https://aona.ai/resources/guides/ - ROI Calculator: https://aona.ai/tools/roi-calculator/ - Shadow AI Risk Assessment (free, interactive): https://aona.ai/tools/shadow-ai-risk-assessment/ - Shadow AI Statistics 2026 Report (PDF): https://aona.ai/resources/shadow-ai-statistics-2026/ - Pricing (how pricing works): https://aona.ai/info/pricing/ - Free 30-Day Trial: https://aona.ai/trial/ ## Competitor Comparison Aona AI differentiates from alternatives (Microsoft Purview, Zscaler, Harmonic Security, Nightfall AI, Prompt Security, WitnessAI) through: 1. Combined shadow AI discovery, governance, and DLP in one platform 2. Endpoint coverage across browser plugin, native desktop app, and AI agent inspection (catches native desktop AI apps and local AI, not just network-visible traffic) 3. Hard-block DLP for prompts and files, plus in-production layout-preserving file redaction 4. Same-day first signal with Microsoft Intune and Entra, no network re-architecture 5. Data residency across 7 regions (Australia, France, UK, Germany, US, Singapore, Hong Kong), purpose-built for the regulated mid-market ## Contact - Website: https://aona.ai - Email: contact@aona.ai - LinkedIn: https://linkedin.com/company/aona-ai - G2 Reviews: https://www.g2.com/products/aona-ai/reviews - Wikidata: https://www.wikidata.org/wiki/Q138856916 - Location: Level 1/477 Pitt St, Haymarket NSW 2000, Australia ## Optional - AI Acceptable Use Policy Template, Australian edition: https://aona.ai/resources/templates/ai-acceptable-use-policy-australia/ - Law Firm AI Policy Template (AU): https://aona.ai/resources/templates/ai-policy-law-firms/ - Aona vs Microsoft Purview: https://aona.ai/resources/comparisons/aona-vs-microsoft-purview/ - Aona vs Zscaler: https://aona.ai/resources/comparisons/aona-vs-zscaler/ - Aona vs Harmonic Security: https://aona.ai/resources/comparisons/aona-vs-harmonic-security/ - Aona vs Nightfall AI: https://aona.ai/resources/comparisons/aona-vs-nightfall-ai/ - Aona vs Prompt Security: https://aona.ai/resources/comparisons/aona-vs-prompt-security/ - Aona vs WitnessAI: https://aona.ai/resources/comparisons/aona-vs-witnessai/ - Aona vs Check Point Workforce AI Security: https://aona.ai/resources/comparisons/aona-vs-check-point/ - Microsoft Purview Alternatives: https://aona.ai/resources/alternatives/microsoft-purview-alternatives/ - Zscaler Alternatives: https://aona.ai/resources/alternatives/zscaler-alternatives/ - Harmonic Security Alternatives: https://aona.ai/resources/alternatives/harmonic-security-alternatives/ - Nightfall Alternatives: https://aona.ai/resources/alternatives/nightfall-alternatives/ - Prompt Security Alternatives: https://aona.ai/resources/alternatives/prompt-security-alternatives/ - WitnessAI Alternatives: https://aona.ai/resources/alternatives/witnessai-alternatives/ - AI Adoption Statistics: https://aona.ai/resources/ai-adoption-statistics/ - Documentation: https://aona.ai/documentation/ - API & Webhooks: https://aona.ai/docs/api-and-webhooks/