Lapwing detects every AI tool employees use, stops sensitive data reaching unapproved services, and gives IT and security teams the evidence they need for audits — all in one platform.
Employees use ChatGPT, Claude, Copilot, Gemini, Perplexity and dozens more — on personal accounts, without IT knowing.
PII, financial data, credentials, and source code pasted into consumer AI tools — with no visibility and no controls.
GDPR, SOC 2, and client contracts require evidence of AI governance. Spur gives you the audit log and compliance reports to prove it.
Deploy the Spur browser extension via Chrome policy, and the native endpoint agent on macOS. No network rerouting required.
Spur detects AI tool usage across browser and desktop, runs on-device DLP on inputs, and enforces your policies (blocking supported via the extension + macOS agent).
Monitor from the admin portal, review alerts, and download compliance snapshots for boards, auditors, and security teams.
The Chrome extension and endpoint agent detect every AI tool employees use — in the browser and as desktop apps. ChatGPT, Claude, Copilot, Gemini, Cursor, Ollama, and 15+ more covered at launch, with business versus personal account detection built in.
Department breakdowns, usage spikes, out-of-hours activity — Spur turns raw AI traffic into signals your IT team can act on every week.
The admin portal gives IT and security teams full control. Enable or disable each AI tool with a single toggle. Set sensitive data rules per category. Review alerts, export audit logs, and download compliance snapshots for boards and auditors.
Spur is in early access. Join the list to get release updates and pilot availability.
Spur ships visibility, data protection, and policy control. Join the release list to get notified as pilots expand.
Spur detects every AI tool employees use, runs on-device DLP to stop sensitive data reaching unapproved services, and gives IT and security teams full policy control and audit reporting.
Visibility via browser extension + macOS endpoint agent
Available NowOn-device DLP — PII, credentials, financial data, source code
ShippedAdmin portal — policies, alerts, SIEM, compliance reports
ShippedHosted cloud, Chrome Web Store, MDM packages, SSO
RoadmapDetects major AI tools across browser and endpoint. Known tools are classified via our registry; unknown AI usage can be flagged for review.
Department breakdowns, user attribution, spike detection, and out-of-hours alerts. The data to act on, not just log.
Detect file uploads and large payloads to AI services. No content is read — just the signal that something moved.
Every detected tool rated by data policy, jurisdiction, and retention practices. Know the risk before your auditor does.
Full exportable log per user, date range, and tool. One click to a GDPR or SOC 2 ready report for any auditor.
Everything in one dashboard. Clear, actionable, and fast to deploy.
Join the release list to get notified when new pilots open.
Organisations are adopting AI tools faster than security teams can respond. Lapwing gives IT and security teams the visibility, protection, and control they need — without enterprise complexity or enterprise pricing.
A decade ago, employees started using Dropbox, Slack, and Google Docs without IT approval. Security teams scrambled to catch up. The same pattern is repeating — only this time the stakes are higher.
Growing companies face the same compliance obligations as a Fortune 500 firm, but without the security team, the budget, or the enterprise tooling to match. That's the gap Lapwing was built to fill.
Simple to deploy. Clear to understand. Immediately actionable.
The lapwing is a British bird known for one thing above all others: it will aggressively dive on anything that threatens its territory. It sees what others miss and acts before harm is done. That's the instinct we've built into our product.
Teams that need AI governance without enterprise complexity — visibility, data protection, policy controls, and audit-ready reporting.
You can't protect what you can't see. We give IT teams the full picture before asking them to act on it.
We never store prompt content. Metadata only in Phase 1. We protect your data the same way we help you protect your customers'.
No jargon. No 40-page manuals. If a non-security IT manager can't understand it in five minutes, we haven't done our job.
We're building Spur in the open with a small core team. If you're a developer who cares about security, privacy, and practical tooling, we'd love to hear from you.
Useful skills include TypeScript, browser extensions (MV3), macOS endpoint work, API design, and security-minded product engineering. You don't need enterprise security experience — curiosity and good judgment matter more.
Lapwing is an independent UK company building security tooling without enterprise budgets. Donations help us keep development moving while Spur is in early access.
Thank you for supporting independent security software.
Join the release list for product updates, or get in touch if you want to help build Spur.
Leave your details and we’ll email you when Spur opens wider availability, plus major product updates. No spam.
We’ll only email product updates and release availability.
A short email when Spur opens wider availability.
New tool coverage, policy controls, and deployment improvements.
Spur is designed to avoid collecting prompt content by default.
Lapwing Ltd · lapwingdefence.com · Registered in England & Wales
Spur is not generally available yet. Join the release list for updates when wider access opens.
Not yet for general availability. Join the release list and we’ll email you when Spur opens wider access.
The Chrome extension is deployed via enterprise policy or sideloaded. The endpoint agent installs via a package on Mac or Windows. Employees enrol using a shared org code — no individual sign-up required.
No. Spur detects AI tool usage at the metadata level — which tools, which users, when, and how much data was sent. We never read or store the content of prompts or documents.
The Spur agent runs on Mac, Windows, and Linux. The browser extension supports Chrome and Edge. Both can be deployed together for complete coverage.
Yes. The Chrome extension blocks disabled tools via browser network rules. The Mac endpoint agent quits blocked desktop apps and closes Safari tabs to blocked domains. This is real enforcement, not just logging.
We’re expanding deployment options and platform coverage. Join the release list to get notified when new capabilities ship.
Join the release list for product updates and availability announcements.