Lapwing detects every AI tool employees use, stops sensitive data reaching unapproved services, and gives IT and security teams the evidence they need for audits — all in one platform.
Employees use ChatGPT, Claude, Copilot, Gemini, Perplexity and dozens more — on personal accounts, without IT knowing.
PII, financial data, credentials, and source code pasted into consumer AI tools — with no visibility and no controls.
GDPR, SOC 2, and client contracts require evidence of AI governance. Spur gives you the audit log and compliance reports to prove it.
Deploy the Spur browser extension via Chrome policy, or install the native agent on Mac, Windows, or Linux endpoints. No network rerouting required.
Spur detects AI tool usage across browser and desktop, runs on-device DLP on inputs, and enforces your policies in real time — blocking unapproved tools instantly.
Monitor from the admin portal, review alerts, and download compliance snapshots for boards, auditors, and security teams.
The Chrome extension and endpoint agent detect every AI tool employees use — in the browser and as desktop apps. ChatGPT, Claude, Copilot, Gemini, Cursor, Ollama, and 15+ more covered at launch, with business versus personal account detection built in.
Department breakdowns, usage spikes, out-of-hours activity — Spur turns raw AI traffic into signals your IT team can act on every week.
The admin portal gives IT and security teams full control. Enable or disable each AI tool with a single toggle. Set sensitive data rules per category. Review alerts, export audit logs, and download compliance snapshots for boards and auditors.
Spur is completely free. Every feature, every platform, no credit card.
See exactly what it costs for your team size →
Spur v0.1 ships all three phases — visibility, data protection, and policy control. Available now for pilot deployment.
Spur detects every AI tool employees use, runs on-device DLP to stop sensitive data reaching unapproved services, and gives IT and security teams full policy control and audit reporting — all shipped in v0.1.
Full visibility via browser extension and Mac, Windows & Linux agents
Available NowOn-device DLP — PII, credentials, financial data, source code
Shipped v0.1Admin portal — policies, alerts, SIEM, compliance reports
Shipped v0.1Hosted cloud, Chrome Web Store, MDM packages, SSO
Roadmap300+ AI tools monitored across browser and endpoint. Native agents for Mac, Windows, and Linux. New tools flagged instantly wherever they appear.
Department breakdowns, user attribution, spike detection, and out-of-hours alerts. The data to act on, not just log.
Detect file uploads and large payloads to AI services. No content is read — just the signal that something moved.
Every detected tool rated by data policy, jurisdiction, and retention practices. Know the risk before your auditor does.
Full exportable log per user, date range, and tool. One click to a GDPR or SOC 2 ready report for any auditor.
Everything in one dashboard. Clear, actionable, and fast to deploy.
Free for up to 10 users. No credit card required.
Organisations are adopting AI tools faster than security teams can respond. Lapwing gives IT and security teams the visibility, protection, and control they need — without enterprise complexity or enterprise pricing.
A decade ago, employees started using Dropbox, Slack, and Google Docs without IT approval. Security teams scrambled to catch up. The same pattern is repeating — only this time the stakes are higher.
The 100–500 employee company faces the same compliance obligations as a Fortune 500 firm, but without the security team, the budget, or the enterprise tooling to match. That's the gap Lapwing was built to fill.
Simple to deploy. Clear to understand. Immediately actionable. Priced so an IT manager can sign up without a procurement process.
The lapwing is a British bird known for one thing above all others: it will aggressively dive on anything that threatens its territory. It sees what others miss and acts before harm is done. That's the instinct we've built into our product.
We focus exclusively on the 100–500 employee segment. Large enough to have real AI data risk. Small enough that a simple, affordable product can make a real difference without a six-month implementation project.
You can't protect what you can't see. We give IT teams the full picture before asking them to act on it.
We never store prompt content. Metadata only in Phase 1. We protect your data the same way we help you protect your customers'.
No jargon. No 40-page manuals. If a non-security IT manager can't understand it in five minutes, we haven't done our job.
Get in touch. We're happy to walk you through what Spur can do.
Spur v0.1 is available for pilot deployment now. Tell us about your organisation and we'll get you set up.
We'll respond within one business day. No sales pressure.
We'll walk through Spur live and show you what it detects in a real environment.
Get Spur running via browser extension or endpoint agent in 30 minutes. Free 30-day trial, no commitment.
No contract to sign. No credit card needed. Just a clear picture of your AI risk.
Lapwing Ltd · lapwingdefence.com · Registered in England & Wales
Spur is completely free. Browser extension, endpoint agent, and full admin portal — no credit card, no catch.
Spur is free. Use the calculator to see what comparable tools would cost — and what you're saving.
Yes — completely free. Every feature included: browser extension, endpoint agent, admin portal, DLP, policies, SIEM, and compliance reports. No credit card, no hidden tiers, no catch.
The Chrome extension is deployed via enterprise policy or sideloaded. The endpoint agent installs via a package on Mac or Windows. Employees enrol using a shared org code — no individual sign-up required.
No. Spur detects AI tool usage at the metadata level — which tools, which users, when, and how much data was sent. We never read or store the content of prompts or documents.
The Spur agent runs on Mac, Windows, and Linux. The browser extension supports Chrome and Edge. Both can be deployed together for complete coverage.
Yes. The Chrome extension blocks disabled tools via browser network rules. The Mac endpoint agent quits blocked desktop apps and closes Safari tabs to blocked domains. This is real enforcement, not just logging.
Near term: production-hosted cloud (EU/US), Chrome Web Store listing, signed MDM packages (Jamf, Intune), faster policy push, Safari and Firefox extensions. Later: SSO, SOAR integrations, EU AI Act report templates.
Spur v0.1 is available for pilot deployment today. Browser extension, endpoint agent, and admin portal — all three phases shipped.