Skip to main content

LLM Tracking: Monitor and Control Personal LLM Usage

Overview

LLM Tracking lets your organization monitor when employees use popular AI/LLM tools with personal or free email accounts instead of corporate credentials. Through Swif's browser extension, admins gain visibility into Shadow IT usage of LLM tools, can notify employees with an acknowledgement dialog, and optionally block personal account access — all without inspecting or logging any prompt or response content.

Supported LLM Tools

LLM Tracking currently supports the following six tools:

Tool

Monitored Domains

ChatGPT

chatgpt.com, chat.openai.com

Claude

claude.ai

Gemini

gemini.google.com

Copilot

copilot.microsoft.com

Perplexity

perplexity.ai, www.perplexity.ai

DeepSeek

chat.deepseek.com

Admins can choose to monitor all six tools or select a subset when creating a rule.

How It Works

1. Detection

When an employee navigates to a supported LLM tool in their browser, the Swif browser extension detects the session automatically. Detection works whether or not the employee is logged into the Swif extension — the extension uses the device's MDM enrollment token to identify the device.

2. Sign-In Classification

The extension inspects available browser signals — cookies, localStorage, DOM elements, and in-page data — to determine:

  • Sign-in state: Is the user signed in, anonymous, or unknown?

  • Sign-in type: Is the account a work (corporate) email, a personal/free email, or unknown?

  • Confidence level: How reliable is the detection? (high, medium, or low)

Classification is based on the work domains configured by your admin (e.g., yourcompany.com). If the detected email domain matches a work domain, the session is classified as work. Common consumer domains (e.g., gmail.com, yahoo.com, outlook.com, hotmail.com, protonmail.com) are classified as personal.

3. Policy Enforcement

Based on the admin's rule configuration, the extension takes one of the following actions when a personal account is detected:

  • Track only — The session is logged for reporting. No dialog is shown to the employee.

  • Show acknowledgement notice — A dialog appears informing the employee that they are using a personal account on a monitored LLM tool.

If no rule matches the tool or device, the extension remains completely silent — no tracking, no dialog, no events.

What Employees See

Acknowledgement Dialog

When a personal account is detected and the admin has enabled the acknowledgement notice, employees see a dialog identifying the LLM tool being used. The dialog has two options:

  • "I understand" — Dismisses the dialog for the current page load. The dialog will reappear if the employee refreshes or revisits the page.

  • Dismiss (X) — Closes the dialog with a 24-hour cooldown. The dialog will not reappear until 24 hours have passed, after which it shows again on the next visit.

The dialog does not block the employee from using the tool — it serves as a notification only (unless the admin has enabled blocking).

Blocking Overlay

When blocking is enabled, the employee is presented with an interstitial that prevents continued use of the LLM tool with a personal account. The employee can resolve the block by switching to a work account or logging out.

Admin Setup Guide

Accessing LLM Tracking Settings

Navigate to Settings → Team Settings → LLM Account Monitoring.

If no rules have been created yet, you'll see an empty state with a prompt to create your first rule.

Creating a Rule

  1. Click Create Rule.

  2. Configure the following fields:

    • Rule Name — A descriptive name for the rule.

    • Work Domains — Pre-filled with your organization's domain (e.g., swif.ai). You can add additional domains (e.g., subsidiary.com) or remove the default. At least one work domain is required.

    • LLM Tools to Monitor — All six tools are selected by default. Deselect any tools you don't want to monitor.

    • User Groups — Select which device/user groups this rule applies to. The rule will only apply to devices in the selected groups.

    • Action When Personal Account Is Detected — Choose the enforcement action (e.g., show acknowledgement notice, block access).

  3. Click Create to save the rule.

A success notification will appear, and the rule will be added to the monitoring table.

Editing a Rule

  1. Click the action menu (⋮) on the rule row.

  2. Select Edit.

  3. Modify any fields as needed — the dialog opens with the rule's current values pre-filled.

  4. Click Save Changes.

Deleting a Rule

  1. Click the action menu (⋮) on the rule row.

  2. Select Delete.

  3. Confirm the deletion in the alert dialog.

Once deleted, the extension will stop monitoring for that rule immediately. If it was the last rule, the table returns to the empty state.

Table Features

  • Count badges — If a rule monitors more than 2 LLM tools, the table shows the first two with a "+X" badge. Hover the badge to see the full list.

  • Filter — Filter rules by user group, LLM tool, or action type.

  • Sort — Sort rules by any column in ascending or descending order.

Insight Dashboard: AI Adoption & Usage

The Insight Dashboard provides visual analytics for LLM tracking activity across your organization. Located under Shadow IT → Insight Dashboard, the AI Adoption & Usage section contains two widgets that help admins understand how employees are accessing LLM tools.

LLM Account Sessions by Sign-In Type

This widget displays a donut chart showing the total session distribution categorized by sign-in type:

  • Work — Sessions where the employee is signed in with a corporate email.

  • Personal — Sessions where the employee is signed in with a personal or free email.

  • Unknown — Sessions where the sign-in type could not be determined.

Hover over any segment of the chart to see a tooltip with the sign-in type name, session count, and percentage.

LLM Sessions by Tool

This widget displays a table with session breakdowns for each monitored LLM tool (e.g., ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek). Each row shows:

  • The tool name and icon

  • Total session count

  • Breakdown by sign-in type (Work / Personal / Unknown)

  • A trend indicator comparing the current period to the equivalent previous period:

    • Red upward arrow — Usage increased (e.g., +12%)

    • Green downward arrow — Usage decreased (e.g., -3%)

    • Grey neutral indicator — No change (0%)

Hovering over a row highlights it, and clicking a row opens the tool detail view.

Time Range

Both widgets share a time range dropdown at the top of the section. The default time range is Last 30 days. Changing the time range updates both widgets and recalculates trend indicators based on the new range versus the equivalent previous period.

Tool Detail View

Clicking a tool row in the Sessions by Tool table opens a detail view that includes:

  • Tool name and icon

  • Session breakdown by sign-in type

  • Trend data for the selected time range

  • A list of active monitoring rules that apply to the selected tool

If more than two active rules are configured for a tool, the list becomes scrollable. Clicking an active rule navigates directly to Settings → Team Settings → LLM Account Monitoring, where you can view or edit the rule.

If any text in the detail view (e.g., a long rule name or description) is truncated after two lines, hover over it to see a tooltip with the full content.

Technical Details

How the Extension Fetches Rules

On every page load of a monitored domain, the extension calls:

getLLMFreeAccountRuleForExtension(domain, mdmDeviceId)

  • domain — The hostname of the current tab (e.g., chatgpt.com, gemini.google.com).

  • mdmDeviceId — The device identifier from the MDM enrollment token.

The backend resolves the device to its user groups, matches against active rules for that domain, and returns the first matching rule — or null if no rule applies.

If the response is null, the extension does nothing.

Event Reporting

When a session is detected and a rule is active, the extension reports events via:

reportLLMFreeAccountEventForExtension(input)

Each event includes:

Field

Description

eventType

session_start, active_ping, session_end, block_triggered, block_resolved, acknowledge

appId / appName

Tool identifier (e.g., chatgpt / ChatGPT)

appDomain

Domain where the session was detected

signInState

signed_in, anonymous, or unknown

signInType

work, personal, or unknown

confidenceLevel

high, medium, or low

emailDomain

Domain portion of the detected email (e.g., gmail.com)

email

Full email address (lowercase)

mdmDeviceId

Device identifier

sessionId

Unique UUID per browser tab lifecycle

actionTaken

acknowledge or null

timestamp

ISO 8601 timestamp

MDM-Only Mode

LLM Tracking does not require the employee to be logged into the Swif extension. As long as the device is MDM-enrolled, the extension uses the MDM device token to fetch rules and report events. This ensures coverage even on devices where employees haven't signed into the extension.

Privacy & Security

  • No content logging. Swif never inspects, stores, or transmits the content of prompts or responses entered into any LLM tool.

  • Email handling. The detected email address and email domain are reported for classification purposes. No passwords or authentication tokens are collected.

  • Metadata only. Events contain session metadata (tool name, domain, sign-in type, timestamps) — not usage content.

  • Admin-controlled scope. Monitoring only occurs for tools and user groups explicitly configured by an admin. No monitoring happens without an active rule.

FAQ

Q: Does this track what employees type into ChatGPT or other LLM tools?
No. LLM Tracking only detects which tool is being used and whether the sign-in is with a work or personal account. No prompts, responses, or content are logged.

Q: What happens if an employee uses an LLM tool anonymously (not signed in)?
The session is classified as signInType: "unknown" with confidenceLevel: "low". No acknowledgement dialog is shown. The event is still reported for visibility.

Q: Does this work in incognito/private browsing mode?
Detection may be limited in incognito mode due to restricted access to cookies and storage. The extension documents these limitations and falls back to unknown classification when signals are insufficient.

Q: Can I monitor only specific LLM tools?
Yes. When creating or editing a rule, you can select or deselect individual tools from the LLM tools dropdown.

Q: Does the employee need to be logged into the Swif extension?
No. LLM Tracking works via the MDM device token. The extension does not require a logged-in Swif session to detect LLM usage and enforce policies.

Q: What happens if I delete all rules?
The extension stops monitoring entirely. No events are emitted, no dialogs are shown, and the extension is completely silent on LLM tool pages.

Q: Can I set different policies for different teams?
Yes. Each rule is scoped to specific user groups. You can create multiple rules with different tools, work domains, and enforcement actions for different teams.

Related Articles
Shadow IT Features: Complete Visibility and Control
How Swif’s Browser Extension Tracks & Manages Shadow IT on Managed Devices
How Swif’s Browser Extension Uses LLM for Intelligent Features
PII Tracking in Swif’s Browser Extension
Sensitive App Prolonged Activity Tracking in Swif’s Browser Extension
Did this answer your question?