Sold by: Kriv AI
Kriv AI discovers unauthorized AI usage across regulated enterprises (payers, pharma, banks, insurers). Network-layer scan (CASB / SSE telemetry), SaaS inventory scan (Okta / Entra SSO catalogs), endpoint + browser-extension scan, mobile AI-app scan, PHI / NPI / MNPI exposure mapping, HIPAA §164.502(b) minimum-necessary + GLBA + NYDFS §500.14 + SR 11-7 + SOC 2 CC6/CC9 + ISO 27001 A.5.19–A.5.23 + EU AI Act Article 26 + Colorado SB 24-205 + NAIC Model Bulletin gap analysis, prioritized 30/60/90-day remediation roadmap, CASB/SSE policy authoring, sanctioned-alternative enablement plan (Bedrock / Q Business / Copilot / Claude for Enterprise), executive + board briefing deck. Three tiers: $35K Foundation (3 wks, 1 cloud + 1 SaaS) / $65K Standard (4 wks, 2 clouds + 3 SaaS + CASB) / $95K Enterprise (5 wks, 3 clouds + 5 SaaS + mobile + tabletop + board). +$15K per additional tenant. AWS Select + Databricks + Anthropic CPN.
Overview
Employees are pasting PHI into personal ChatGPT, NPI into personal Claude.ai, and MNPI into personal Gemini — and CISOs cannot see it. CSA Shadow AI Framework 2024 documents 70–90% of enterprise AI usage is unsanctioned. Netskope Threat Labs (2024–2025) reports 96% of organizations have unsanctioned GenAI. Only Converge holds a shadow-AI-adjacent assessment SKU on AWS Marketplace today. Kriv AI is first with a regulated-industry-anchored Shadow AI Discovery assessment.
CISOs, CCOs, HIPAA Privacy Officers, CROs, CDOs, DPOs, and GCs at top-50 health payers, top-100 hospital systems + IDNs, top-25 pharma + CRO / CDMO organizations, G-SIB + regional banks, top-50 P&C + life insurers, FINRA broker-dealers, SEC RIAs, '40 Act mutual funds, PE + hedge funds, credit unions, and mutual insurers face the same exposure: unauthorized employee use of consumer-grade GenAI tools (ChatGPT.com, Claude.ai, Gemini, Perplexity, personal Copilot, Character.ai, specialty-vertical AI copilots) is creating massive PHI / NPI / MNPI / trade-secret exposure that does not appear on any IT asset inventory. IBM Cost of a Data Breach Report 2024 shows shadow-AI-related breaches cost $670K+ more than average. HIPAA §164.502(b) minimum-necessary, GLBA §6801, NYDFS Part 500 §500.14 third-party risk, SR 11-7 + OCC 2011-12 model risk, SOC 2 CC6 + CC9, ISO 27001:2022 A.5.19–A.5.23, and EU AI Act Article 26 all extend to shadow AI.
Assessment methodology (3–5 weeks). Week 1 Scope + telemetry baseline (cloud/SaaS tenant scoping — AWS, Azure, GCP, Workspace, M365, Salesforce, ServiceNow, Workday, vertical platforms; CASB / SSE log export — Netskope, Zscaler, Palo Alto Prisma Access, Cisco Umbrella, Microsoft Defender for Cloud Apps; Okta / Entra / Google SSO catalog export; endpoint DLP telemetry — Microsoft Purview, Symantec, Forcepoint, Trellix; browser-extension inventory; mobile MDM inventory — Intune, Jamf, Workspace ONE). Week 2 Network + SaaS + endpoint + browser + mobile scan (network-layer shadow-AI detection via CASB / SSE DNS + TLS-metadata + user-agent signature matching against 500+ GenAI service catalog — ChatGPT variants, Claude.ai, Gemini, Perplexity, Character.ai, Copilot consumer, Poe, You.com + 400+ vertical AI copilots; endpoint scan — installed AI apps, browser extensions, developer-tool AI copilots like Cursor / Windsurf / Continue / Claude Code consumer / GitHub Copilot personal / Cody / Tabnine / Codeium; mobile scan — ChatGPT, Claude, Gemini, Perplexity, Copilot mobile, Grammarly Go, QuillBot, Notion AI personal; browser-extension scan — Sider, Monica, ChatHub, Compose AI). Week 3 Exposure mapping + framework gap analysis (per detected shadow AI — data types likely exposed, user count + frequency, regulatory frameworks affected — HIPAA §164.502(b) + §164.308 + §164.312; GLBA §6801; NYDFS Part 500 §500.14; SR 11-7; SOC 2 CC6.1–CC6.8 + CC9; ISO 27001 A.5.19–A.5.23; EU AI Act Article 26; Colorado SB 24-205; NAIC Model Bulletin; HHS OCR shadow-AI guidance; FINRA 2025–2026 exam priority; residual-risk scoring). Week 4 Standard — Remediation roadmap + CASB/SSE policy authoring (30/60/90-day plan; sanctioned-alternative enablement — Bedrock Claude, Q Business, Copilot enterprise, Claude for Enterprise CPN; CASB / SSE policy authoring; employee AUP updates; HIPAA Privacy Officer disclosure workflow; IR playbook integration pairs with N44). Week 5 Enterprise — Mobile deep-scan + tabletop + executive briefing + board-ready deliverable (pairs with N42).
Three tiers. Foundation $35K (3 weeks; 1 cloud + 1 SaaS + endpoint + browser; up to 2,500 employees; 20 most-used AI services; HIPAA + GLBA OR NYDFS gap analysis; Tier 1 30-day remediation). Standard $65K (4 weeks; 2 clouds + 3 SaaS + endpoint + browser + CASB / SSE policy authoring; up to 10,000 employees; 100 AI services; HIPAA + GLBA + NYDFS + SR 11-7 + SOC 2; full 30/60/90 roadmap). Enterprise $95K (5 weeks; 3 clouds + 5 SaaS + endpoint + browser + mobile + tabletop + executive board briefing; up to 25,000 employees; 500+ AI services; full framework suite incl. ISO 27001 + EU AI Act + Colorado SB 24-205 + NAIC). Additional tenant $15K each.
Important disclosures. No 100% shadow-AI discovery guarantee (constrained by Customer telemetry — CASB / SSE retention, endpoint DLP coverage, mobile MDM enrollment, BYOD). Does NOT provide incident response (route to N44). Does NOT install / configure / operate CASB / SSE / DLP / MDM. No legal / regulatory / clinical / actuarial opinions. Does NOT replace HHS OCR Risk Analysis, FINRA Rule 3110, NYDFS §500.02, or ISO 27001 certification audit. Does NOT disclose to regulators on Customer's behalf. Personal employee data not collected. No regulator-outcome guarantee. Anthropic CPN membership (April 9, 2026) — CPN partner, not Anthropic-authorized reseller.
Highlights
- First regulated-industry Shadow AI Discovery SKU on AWS Marketplace — HIPAA §164.502(b) minimum-necessary + §164.308 + §164.312 + §164.514 + GLBA §6801 + NYDFS Part 500 §500.14 + SR 11-7 + OCC 2011-12 + SOC 2 CC6 + CC9 + ISO 27001:2022 A.5.19–A.5.23 + EU AI Act Article 26 + Colorado SB 24-205 + NAIC Model Bulletin + HHS OCR shadow-AI guidance + FINRA 2025–2026 exam priority. CSA Shadow AI Framework 2024: 70–90% of enterprise AI unsanctioned. Netskope 96%.
- Network + SaaS + endpoint + browser + mobile scan across 500+ GenAI services (ChatGPT, Claude.ai, Gemini, Perplexity, Character.ai, Copilot consumer, Cursor, Windsurf, Continue, Claude Code, GitHub Copilot personal, Sider/Monica/ChatHub/Compose AI extensions, Grammarly Go, QuillBot, Notion AI + 400+ vertical AI copilots). Exposure-to-framework mapping across PHI / NPI / MNPI / trade secrets / source / customer lists / PII / legal-privileged.
- $35K (3 wks) / $65K (4 wks) / $95K (5 wks) fixed-fee + $15K per additional cloud/SaaS tenant. AWS Select + Anthropic CPN-certified. Prioritized 30/60/90-day remediation roadmap + sanctioned-alternative enablement plan (Bedrock Claude / Q Business / Copilot enterprise / Claude for Enterprise) + CASB/SSE policy authoring + executive briefing + board-ready deliverable + tabletop exercise (Enterprise). Pairs with N44 GenAI IR Playbook as natural N43 → N44 → N2 sequential motion.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary support contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. Baseline 2 US business days (Mon–Fri 9 am – 6 pm ET, US federal holidays excluded). Standard tier 1 US business day. Enterprise tier 4-hour response for active-incident escalation (active HHS OCR / FINRA / NYDFS / SEC / state AG examination or post-regulator-inquiry).
Engagement onboarding. First customer contact within 2 US business days of marketplace inquiry / private-offer acceptance. Kickoff within 2–4 weeks of countersigned SOW.
Escalation path. Engagement Lead (named in SOW) → Practice Director (info@kriv.ai ) → CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Teams channel, weekly 60-min checkpoint, Friday status note. Customer SMEs 3–5 hrs/week (CISO, CCO, HIPAA Privacy Officer, CRO, CDO, DPO, GC, Head of Third-Party Risk, Head of GRC).
Documentation handoff. Shadow-AI inventory as Excel; PHI / NPI / MNPI / trade-secret exposure map as Excel + Word; framework-by-framework gap analysis as Excel indexed to control IDs; 30/60/90-day remediation roadmap as Word; CASB / SSE policy documents (Standard / Enterprise) as JSON + Word; sanctioned-alternative enablement plan as Word; executive briefing as PowerPoint; board-ready deliverable (Enterprise) as PowerPoint + Word.
Boundaries. No 100% discovery guarantee (constrained by telemetry availability). Does NOT provide IR services (route to N44). Does NOT install / operate CASB / SSE / DLP / MDM. No legal / regulatory opinions. Does NOT replace HHS OCR Risk Analysis, FINRA 3110, NYDFS §500.02, or ISO 27001 audit. Does NOT disclose to regulators. No regulator-outcome guarantee. AWS infrastructure billed separately.
Hours / holiday coverage. Mon–Fri 9 am – 6 pm ET. Closed on US federal holidays except Enterprise-tier 4-hour SLA for active-incident escalation.