态势主页是「一份记录,两个读者」的门面:同一份不出域的取证台账,左供财务读成本与 ROI(永远 LIVE),右供合规读证据与留痕。合规列默认关闭——内容审计与 DLP 受合规双钥保护,启用前只显示全量防篡改链深。底部路线图轨上的能力均诚实标注尚未交付。The front door for "one record, two readers": one in-domain forensic ledger — finance reads cost & ROI on the left (always LIVE), compliance reads evidence & trail on the right. The compliance column is off by default — content audit & DLP sit behind a two-key seal. The roadmap track at the bottom honestly marks what isn't shipped yet.
全量内容留痕未启用。内容审计 / DLP 为默认关闭(合规双钥保护)。启用后本列显示内容留痕事件、DLP 命中与数据出境窗口 KPI;启用前仅显示全量防篡改链深。Full content capture not enabled. Content audit / DLP are off by default (two-key sealed). Once enabled this column shows capture events, DLP hits and egress KPIs; until then, only the full tamper-evident chain depth.
发现员工在用哪些外部 AI。旁路传感器只观测元数据(host、计数、字节、首末见),物理上不含任何 prompt / 响应明文。风险评分由服务端单一源计算(数据敏感度 + 国别出境 + 用户数 + 流量),前端只展示、不重算。「建议阻断」仅为顾问信号——本面只发现与取证,不执行拦截。See which external AIs staff actually use. The out-of-band sensor reads metadata only (host, counts, bytes, first/last seen) and by construction carries no prompt or response text. Risk is scored server-side (data sensitivity + cross-border + users + volume); the UI displays, never recomputes. "Block recommended" is advisory only.
| 应用App | 风险Risk | 用户数Users | 流数Flows | 字节Bytes | 敏感度Sensitivity | 国别Country | 目录Catalog |
|---|---|---|---|---|---|---|---|
| ChatGPT chatgpt.com | ⚠ 严重⚠ Critical92 | 128 | 14,820 | 2.3 GiB | 高High | US | △ 影子 · 建议阻断△ shadow · block |
| Claude claude.ai | △ 中△ Medium58 | 64 | 5,310 | 980 MiB | 中Med | US | 影子shadow |
| 通义千问 tongyi.aliyun.com | ✓ 低✓ Low21 | 41 | 3,902 | 610 MiB | 低Low | CN | ✓ 已入目录✓ cataloged |
| Midjourney midjourney.com | △ 中△ Medium47 | 29 | 2,118 | 820 MiB | 中Med | US | 影子shadow |
把已封进防篡改审计链的聚合元数据展开为两个视角:按应用(检测 client:app 与运营声明 agent_label 双列不合并,带调用、用户、护栏命中、跨境与入库美元成本)与按意图(闭集分类分布)。全程只消费聚合计数与闭集标签,绝无内容明文 / PII / key。默认关闭:客户端应用标注与意图标注;意图当前为关键词档,ML 模型在建。Unfolds tamper-evident chain metadata along two axes: by application (detected client:app and operator-declared agent_label kept as two un-merged columns, with calls, users, guardrail hits, cross-border and stored USD cost) and by intent (a closed-set distribution). Off by default: client-app and intent labeling; intent today is keyword-based, with the ML model still in progress.
| 检测应用Detected app | 调用Calls | 用户Users | 护栏Guard | 跨境X-border | 成本Cost |
|---|---|---|---|---|---|
| cursor | 398,210 | 1,204 | 37 | 11 | $3,210.48 |
| vscode | 308,440 | 980 | 5 | 0 | $1,902.17 |
| copilot | 231,300 | 742 | 0 | 0 | — |
| 未识别unidentified | 9,317 | 88 | 0 | 0 | — |
每一次模型调用都留下不可抵赖的元数据,逐条可查、按部门租户隔离。点开任意一条,即时盖上「窗口化链验真」钢印——密码学证明本条留痕未被篡改。原文默认封存:查看需独立的 content-read 令牌 + 必填用途,且查看动作本身逐行写回审计链;明文只活在抽屉内存,关闭即销毁,绝不出域、绝无复制。内容采集默认关闭(强认证 step-up 在建)。Every model call leaves non-repudiable metadata, queryable record-by-record and tenant-isolated by department. Open any row and a windowed chain-verification seal is stamped on the spot. Plaintext stays sealed by default: viewing needs a separate content-read token + a required purpose, and the act of viewing is itself written back to the chain; cleartext lives only in the drawer's memory and is destroyed on close. Content capture is OFF by default (step-up auth in progress).
| ID | 方向Dir | 严重度Sev | 意图Intent | 员工Staff | model | 策略Policy | SHA-256 |
|---|---|---|---|---|---|---|---|
| #48217 | 响应resp | ⚠ 高⚠ High | data_exfil | 林深L. Shen | claude-x | 拦截block | 9f2ac41be0d3… |
| #48205 | 请求req | △ 中△ Med | code_gen | 周岚Z. Lan | gpt-x | — | 1b7d09e4aa52… |
| #48190 | 请求req | 无发现clean | — | 陈帆C. Fan | claude-x | — | c0ffee12ab34… |
- 命中DLP
- credit_card=2 · email=1
- 脱敏/截断Redact
- 已脱敏redacted
- 出境Egress
- domestic=true
- 保留至Retain
- 2031-06-24
授权解密需 content-read 令牌 + 必填用途;本次查看逐行写入审计链。(强认证 step-up 在建)Decrypt needs a content-read token + a required purpose; the view is written to the chain. (step-up auth in progress)
授权解密查看内容Authorize & decrypt这是头号护城河:一键全链重放对整条审计链做哈希验真——自创世条目起逐条比对前向哈希链接与内容哈希。通过则盖下「封」字钢印并出具可打印的《链验真报告》法律证物;任一处被篡改则盖「断」破章并精确定位断点 seq / 类型。结论只含位置与哈希断点,绝不含任何 prompt / 响应明文。WitnessAI 等云端 SaaS 形态结构上做不到这一层。The number-one moat: one click replays the entire chain and hash-verifies it end to end from the genesis record. A pass stamps the "Sealed" chop and issues a printable, court-grade Verification Report; any tamper stamps the "Broken" chop and pinpoints the break by seq/kind. The verdict carries only positions and hash breaks — never any plaintext. Cloud SaaS tools like WitnessAI structurally can't offer this layer.
✓ 链完整 · 已验真✓ Chain intact · verified
全链重放通过:自创世条目起,每个条目的前向哈希链接与内容哈希逐条一致。Full-chain replay passed: from the genesis entry on, every forward-hash link and content hash matched.
- 结论Verdict
- ✗ 断 · 篡改 / 链断✗ BROKEN
- 断点类型Break kind
- broken-link(前向链接断裂)broken-link (prev_hash mismatch)
- 断点 seq / indexBreak seq / index
- 31,902 / 31,901
数据出境的System-of-Record:每一条经受控通道转发到境外 / 境内 provider 的请求,都按部门、员工、Provider 折叠成可查证的聚合,再落到逐请求的取证清单。境内 / 境外判定单一源在服务端,前端只展示、绝不重算;全程只读审计链元数据,不含内容明文。这是个保法 / 数据出境合规的可证据化台账——云端 SaaS 结构上难以提供对应能力。The system-of-record for cross-border egress: every request forwarded through a controlled channel to a domestic or overseas provider is rolled up by department, employee and provider into verifiable aggregates, then grounded in a per-request forensic ledger. The domestic-vs-overseas verdict is server-side; the front end never re-derives it. An evidentiary ledger for PIPL / data-export compliance that cloud SaaS tools structurally struggle to provide.
| 部门Dept | 出境调用Calls | 实际转发Forwarded | 已拦截Blocked |
|---|---|---|---|
| 战略投资部Strategy | 642 | 631 | 11 |
| 研发中心R&D | 318 | 317 | 1 |
| 数据科学组Data Sci | 196 | 196 | 0 |
| 市场部Marketing | 128 | 103 | 25 |
| 时间Time | 员工Staff | 部门Dept | Provider | 地区Region | 跨境X-border | 处置Disposition | Request ID |
|---|---|---|---|---|---|---|---|
| 06-24 09:41:07 | 王 XXW. XX | 战略投资部Strategy | anthropic | us-east | ⚠ 境外⚠ overseas | — | req_8f3a…c41 |
| 06-24 09:38:52 | 李 XXL. XX | 研发中心R&D | anthropic | eu-west | ⚠ 境外⚠ overseas | △ 已拦截△ blocked | req_2b7e…90d |
| 06-24 09:35:18 | 赵 XXZ. XX | 数据科学组Data Sci | zhipu | cn-north | ✓ 境内✓ domestic | — | req_5d20…7af |
护栏与输出侧拦截:DLP 与外发内容在出域前按策略集逐条裁决,「首次命中」生效、全不命中落默认动作。出厂默认全部停用(record-not-enforce),启用执行需合规授权;裁决计数在启用前恒为 0,所有动作经防篡改取证留痕。「改道」为保留态、本期不执行(导览不展示提示词重路由)。Guardrails & output-side interception: outbound content is adjudicated rule by rule against a ruleset before leaving the domain — first match wins, default action backstops the rest. Shipped disabled by default (record-not-enforce); verdict counts stay zero until enabled, and every action is written to tamper-evident record. "Reroute" is reserved and not executed this cycle.
裁决语义:策略集 = 一组规则,按优先级升序「首次命中」;命中规则的动作生效,全不命中则落策略集「默认动作」。裁决计数见合规总览看板的 policy.* 卡(启用执行前为 0)。改动经策略缓存传播,写入后约数十秒内生效。Adjudication: a ruleset is a list of rules matched first-hit by ascending priority; the matched rule's action applies, otherwise the ruleset's default action. Verdict counts appear on the dashboard's policy.* cards (zero until enforcement is enabled). Changes propagate via cache within tens of seconds.
| 名称Name | 版本Ver | 默认动作Default | 状态Status | 更新Updated |
|---|---|---|---|---|
| 默认护栏集Default guardrails gr_ruleset_a1c4 | 3 | 阻断block | 已停用disabled | 06-20 14:03 |
| 外发 DLP 集Outbound DLP gr_ruleset_7f20 | 1 | 阻断block | 已停用disabled | 06-11 08:55 |
| Agent 出域防护Agent egress gr_ruleset_b3e9 | 2 | 放行allow | 已停用disabled | 06-18 10:12 |
| 优先级Prio | 名称Name | 动作Action | 源Source | 护栏类Class |
|---|---|---|---|---|
| 100 | 阻断提示注入Block injection | 阻断block | 部门 研发、风控dept: R&D, Risk | injection:override |
| 110 | 外发含敏感词警示Warn on PII | 警示warn | 复合 ANDcomposite AND | prohibited:pii |
| 120 | Agent 出域白名单Agent allowlist | 放行allow | agent_label: finance-bot | — |
| 130 | (改道 · 保留)(reroute · reserved) | 改道(保留)reroute (reserved) | — | — |
把网关唯一持有的计量台账,按部门归因成「谁花了多少」。所有成本都是入库时的字节精确快照——绝不重算价;未命中价目的请求诚实剔除、单列「未计价」。「按人头 license 对比」的席位单价是可配置假设值,明确标注非真实采购报价。全程部门级粒度,不点名到人。云端方案不做计费——这是我们的差异化。The metering ledger only a real gateway holds, attributed by department into who spent what. Every cost is the byte-exact ingest-time snapshot — never re-priced; unpriced calls are honestly excluded and surfaced separately. The per-head license comparison uses a configurable assumed seat price, clearly flagged as not a real quote. Department-level throughout, never named to an individual. Cloud tools don't do billing — this is our differentiation.
- 席位单价(假设)Seat price (assumed)
- $30 / 人月mo
- 整体按席位采购(估算)If bought per-seat
- $5,136.00
- 实际计量成本(快照)Actual metered
- $3,210.48
- 估算节省Est. saving
- $1,925.52 · 37%
- 席位利用Seat usage
- 128 / 214
全量内容审计默认关闭——由服务端双钥(env 开关 + 法律确认句柄)守护,控制台无权翻动。默认态我们呈现的不是空表,而是「双钥合规启用 · 治理就绪指引」:审批人、法律依据、员工告知、留存期四步封缄核对,合规前置后方可由运维在服务端启用。即便采集关闭,防篡改链仍可重放验真——这是不出域、防篡改的取证职责。Full content audit is off by default, gated by a server-side two-key control (env switch + legal-ack handle) that the console itself cannot flip. The default state shows not an empty log but a two-key enablement readiness checklist: approver, legal basis, employee notice, retention — all sealed before operations turns it on. Even with capture off, the tamper-evident chain stays replayable.
全量内容审计为默认关闭(合规双钥保护)。下方四步为启用前的治理就绪核对;启用本身是运维在服务端的双钥动作,本控制台无法代办。勾选仅为本地核对(不落库,刷新即重置)。Full content audit is off by default (two-key sealed). The four steps below are a pre-enable governance checklist; enabling is a server-side dual-key action operations performs — the console cannot do it. Checks are local only (never persisted).
把员工外部 AI 的证据,
留在你自己的网络里。Keep the evidence of employee AI use
inside your own network.
你刚看完九屏控制台。其中三件事是云端方案结构上做不到的——这正是钧衡的护城河。预约一次私有化演示,我们用你的合规、数据出境与 AI 成本场景走一遍。You've just seen nine console screens. Three of them are things cloud tools structurally can't do — that's WAN.NOW's moat. Book an on-prem demo and we'll walk your compliance, data-egress and AI-cost scenarios.
★ 防篡改取证链★ Tamper-evident chain
一键全链重放验真 + 可打印法律证物,任何人可离线复算。One-click full-chain verify + printable legal exhibit, recomputable offline by anyone.
★ 数据出境台账★ Egress ledger
境内 / 境外逐请求 SoR,个保法与数据出境的呈堂证据。Per-request domestic/overseas SoR — court-ready for PIPL & data-export.
★ 按人头成本归因★ Per-head cost
网关唯一持有的计量台账,给 CFO 一份「谁在烧」的账。The metering ledger only a gateway holds — a CFO-grade "who's burning it" bill.
内容审计默认关闭、合规前置 · 内容不出域 · 内部代号 aegiscontent-audit OFF by default · content stays on-prem · codename aegis