Product method

AIMapper methodology

AIMapper is designed as an operational inventory layer: make AI tools visible inside an organization without reading the work content of teams.

Detect usage, not content

The starting signal is the domain of an AI tool visited or declared. AIMapper does not read prompts, files, conversations, screenshots or business content.

Qualify with context

The same tool can carry different risk depending on usage. Initial classification combines catalog data, tool category and declared usage.

Produce usable evidence

The goal is a dated, exportable inventory readable by management, DPOs, GDPR consultancies or IT teams.

The steps

1

Domain-only detection

The extension or client configuration identifies only known AI tool domains. URL paths, page content and entered data are not collected.

2

Catalog matching

The domain is matched to a maintained AI tool catalog: tool name, provider, category, related domains and risk signals.

3

Declared usage

The organization can add context: writing, code, HR, customer support, research, productivity or another business use.

4

AI Act pre-classification

AIMapper proposes an initial level: minimal, limited, potential high risk, high risk, prohibited or to review. This supports review; it does not replace legal analysis.

5

Export and review

The inventory can be exported for internal discussion, DPO review, customer audit or consulting work.

What is collected

  • Visited or declared domain
  • Tool category
  • Period or timestamp
  • Team or user depending on configuration
  • Declared usage and review status

Never collected

  • Prompts
  • Conversations
  • Documents
  • Screenshots
  • Business content
  • Data entered in AI tools
  • Full URL paths

Important limits

See the expected deliverable

The sample report shows how this method becomes a readable and actionable inventory.

View sample report