C
Conduit
Shadow-AI Governance
How it works Gemini surfaces Architecture GitHub →
Submitted to lablab.ai · Track 1 · Agent Security & AI Governance

See how Conduit stops corporate data
before it reaches a public LLM.

A Chromium extension + FastAPI backend that inspects every paste headed to ChatGPT, Claude, Gemini, Copilot or Perplexity. Veea Lobster Trap classifies, Gemini 2.5 rewrites, every event becomes a regulator-readable audit entry.

▶ Walk through the flow github.com/vaatus/conduit
How it works

Three scenarios. One policy. Zero false positives.

Every paste flows: employee → Conduit inspect → modal → audit log. Pick a scenario to step through.

1Employee pastes into Gemini
🔒 gemini.google.com
Hey Gemini, I'm debugging an S3 access issue in production. My AWS access key is AKIAIOSFODNN7EXAMPLE and the secret is wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY. Can you help me figure out why list-objects is failing intermittently against the prod-billing bucket?
Send
2Conduit modal — BLOCK

🛑 Blocked — corporate data egress

Lobster Trap matched rule block_aws_access_key. Severity critical.

[CONDUIT] AWS access key detected. Use the internal AI gateway.
Why this was blocked
  • Pattern AKIA[0-9A-Z]{16} matched at LT layer
  • No Gemini call made — credential never left the browser
  • Logged with severity CRITICAL for the CISO audit
3Audit event in the dashboard
BLOCK CRITICAL evt_98259…
credentials block_aws_access_key
  • Destinationgemini.google.com
  • Useru_8a7c…
  • Triggerpaste
  • Char count347
  • Time14:32:11 UTC
💡 Click Enrich with Gemini Search on this event for live threat-intel: rotation steps from AWS docs, recent breaches, actor TTPs.
1Employee pastes customer data
🔒 gemini.google.com
Here's our top-5 customer roster: name,email,ARR Alice Smith,alice@acme.com,$240K Bob Jones,bob@acme.com,$180K Carol Liu,carol@acme.com,$95K David Park,david@acme.com,$310K Can you write me a Python function that flags accounts with ARR > $200K?
Send
2Conduit modal — REDACT diff

⚠ Sensitive content detected

Rule redact_email_addresses · categories customer_pii · severity high

Customer PII detected. Gemini 2.5 Pro generated a sanitized version below. Question survives, data doesn't.
Original 
Alice Smith,alice@acme.com,$240K
Bob Jones,bob@acme.com,$180K
Carol Liu,carol@acme.com,$95K
David Park,david@acme.com,$310K
Sanitized by Gemini 
Person A,user-a@example.com,$240K
Person B,user-b@example.com,$180K
Person C,user-c@example.com,$95K
Person D,user-d@example.com,$310K
3Audit event with sanitized diff
REDACT HIGH evt_8f3c…
customer_pii redact_email_addresses GDPR
  • Destinationgemini.google.com
  • Sanitized bygemini-2.5-pro
  • Action takenUse sanitized ✓
  • Char count318
💡 Gemini's Embeddings already linked this to 3 similar prior events — click Find similar to see the cluster.
1Employee pastes a screenshot
🔒 gemini.google.com · 📎 image attached
name
email
ARR
Alice Smith
alice@acme.com
$240K
Bob Jones
bob@acme.com
$180K
Carol Liu
carol@acme.com
$95K
Send
2Conduit + Gemini Vision

📷 Screenshot inspected by Gemini Vision

UI type crm_dashboard · severity high · categories customer_pii, financial_data

Screenshot contains sensitive content. Paste the generated text alternative instead of the image.
Extracted (OCR) 
name, email, ARR
Alice Smith, alice@…, $240K
Bob Jones, bob@…, $180K
Carol Liu, carol@…, $95K
Safe text alternative 
I have a CRM dashboard showing 3 customer rows with columns name, email, ARR. Can you write a Python function that flags accounts with ARR > $200K?
3Multimodal audit event
REDACT HIGH evt_5f3b… 📷 image
customer_pii financial_data GDPR
  • UI typecrm_dashboard
  • MIMEimage/png
  • Classified bygemini-2.5-flash + vision
  • Alternative bygemini-2.5-pro
💡 Screenshots are the fastest-growing 2026 exfil vector. Text-only DLP misses them. Conduit catches them via Gemini Vision.
CISO Dashboard preview · last 24h

Live audit feed + Gemini-powered analytics

Live polling /events
Events (24h)
47
Blocked
3
Redacted
18
Allowed
26
BLOCK
→ gemini.google.com my AWS key is AKIAIOSFODNN7EXAMPLE… block_aws_access_key
REDACT
→ gemini.google.com [image:crm_dashboard] customer roster screenshot vision · gemini-2.5-flash
REDACT
→ chatgpt.com Q3 forecast: revenue $42.1M, EBITDA $7.3M, miss vs guidance, board… flag_strategy_or_finance_markers
ALLOW
→ claude.ai Explain the difference between TCP and UDP with examples…
REDACT
→ gemini.google.com class AcmeBillingEngine: def __init__(self, customer_id):… flag_source_code_indicators
Daily CISO brief · gemini-2.5-pro

"Engineering users attempted 3 critical credential exfiltration events in the last 24h, all blocked at the Lobster Trap layer. Finance users redacted 8 events containing customer PII, the largest cluster pasted into ChatGPT. Recommend reviewing the 2 policy overrides triggered by user u_8a7c."

Agentic investigation · function calling
get_stats({hours:24}) → 47 events, 3 critical
list_recent_events({decision:"block"}) → [evt_98259, evt_8f3c, evt_5f3b]
get_event_detail({event_id:"evt_98259"}) → AWS key, gemini.google.com
Gemini integration

Eight Gemini 2.5 surfaces. Not decorative.

Every part of the governance loop touches Gemini — text, vision, reasoning, search grounding, agentic function calling. All routed through Veea Lobster Trap, enforced by a CI test.

1

Text classification

gemini-2.5-flash · JSON

10 categories, severity, regulatory concern, specific findings — on every paste.

2

Text sanitization

gemini-2.5-pro

Realistic placeholders, intent preserved. Employee still gets a useful answer.

3

Multimodal vision

flash + image

Screenshot pastes — the 2026 exfil vector nobody else catches. OCR + UI classification.

4

Image → safe text

gemini-2.5-pro

When a screenshot is blocked, Gemini drafts a paste-safe text rewrite.

5

Thinking-mode

pro · thinking

Ambiguous cases reasoned about. Trace surfaced in the audit detail.

6

Search-grounded intel

+ google_search

Live rotation steps, recent breaches, threat-actor TTPs — every claim cited.

7

Agentic narrative

function calling

Gemini investigates the audit log via Conduit's tools, then writes the brief.

8

Embeddings

embedding-001

k-NN clustering: "this pattern appeared three times last week."

Architecture

The whole stack, end to end.

Conduit architecture: browser extension → Conduit backend → Lobster Trap → Gemini, with audit log + dashboard + MCP server
Sponsor prize eligibility

Track 1 + Gemini Best Use.

98%
enterprises with unsanctioned AI use
CrowdStrike 2026
77%
employees paste corp data into LLMs
LayerX 2026
$670K
avg shadow-AI breach premium
IBM/Ponemon 2026
30/30
adversarial payloads caught
10/10 benign allowed

One command. Whole stack. MIT.

docker-compose up -d brings Lobster Trap, backend, dashboard, and MCP server up from a clean clone. Load the extension unpacked, open the dashboard, paste anything into ChatGPT.

View on GitHub Read the policy MCP server Adversarial tests