16,037+ AI-tool domains classified across 18 functional categories and 180+ subcategories. Explore risk profiles, growth trends, and domain counts to evaluate the blocklist before deploying it.
The AI tool ecosystem has exploded from a handful of platforms to tens of thousands of web apps, APIs, and extensions. Our pipeline discovers and classifies 50 to 150 new AI-tool domains every single day.
A flat domain list tells a firewall what to block but reveals nothing about risk, regulatory exposure, or safe usage. Categorization transforms raw domain intelligence into actionable policy inputs like "block code assistants for engineering but allow design tools for marketing."
Categories emerged from clustering observed tool behaviors across the corpus — not from theoretical definitions. When 3,000+ domains shared the trait of accepting free-text input and generating natural-language output, "AI Chatbots" crystallized. When a distinct cluster accepted source code with a different IP-exposure risk profile, "AI Code Assistants" became its own category.
Each category is subdivided into 5–18 subcategories for granular policy control. For example, "AI Image Generators" includes text-to-image, AI upscalers, background removers, and face generators — an org might allow background removers (low risk) while blocking face generators (deepfake potential). See the full taxonomy reference.
These six categories accept rich, unstructured input — free text, source code, documents, media — through models that may retain or redistribute that data. Most enterprise blocking policies start here and expand outward.
Accept unrestricted freeform input including documents and data. Highest data exposure risk — users paste confidential content directly into chat interfaces.
Accept source code and generate suggestions, exposing proprietary algorithms and API keys. Many operate as IDE extensions with deep filesystem access.
Text-to-image and editing tools with training data risks from uploaded reference images. Deepfake generation adds compliance and liability concerns.
AI video generation and avatar creation accepting video uploads and scripts. Deepfake capabilities create fraud, impersonation, and reputational risk.
Voice cloning from as little as 30 seconds of audio enables vishing attacks. Transcription tools also ingest sensitive meeting recordings.
Specialized text generation often integrated with document editors and CMS platforms. High-throughput data channel due to volume of text submitted.
These categories serve specialized functions with widely varying risk profiles. Several are among the fastest-growing in the database, with new domains outpacing even the chatbot category.
AI-powered answer synthesis from web content. Search queries reveal intent, competitive research targets, and internal concerns.
Accept entire datasets for AI-powered insights and visualization. Extreme data exposure risk from bulk uploads of customer and financial data.
Ad creative generation and campaign optimization with CRM integrations. Indirect data exposure through API connections to customer databases.
AI-enhanced design for UI/UX, logos, and presentations. Moderate risk from visual assets, but tools accepting screenshots of internal apps need evaluation.
AI tutoring and learning tools. Enterprise risk when employees feed internal training materials and SOPs into AI-powered study tools.
Diagnostic assistants and clinical decision support processing protected health information. HIPAA and GDPR violations from unauthorized use.
These six categories serve specific verticals with smaller domain counts but extremely sensitive data. They are often the highest priority for blocking in regulated industries.
Financial analysis and algorithmic trading ingesting market-sensitive data. SEC and FINRA violations from unauthorized AI tool use with MNPI.
Contract analysis and legal research processing attorney-client privileged material. Submitting to third-party AI may waive privilege irreversibly.
Resume screening and employee assessment with bias and discrimination risks. Process highly sensitive employee data including compensation and reviews.
Support automation processing customer PII and complaint details. Risk from employees using unauthorized tools to draft responses outside approved systems.
Meeting summarization and workflow automation with deep platform integrations. A single OAuth grant can expose an entire workspace of organizational data.
Full execution environments for building and deploying with AI assistance. Risk combines code exposure with production infrastructure access.
Category-based blocking ties every enforcement action to a documented risk rationale. When an employee asks "why was this blocked?" the answer references a risk category, not an opaque list entry.
| Risk Level | Categories | Default Action | Exception Process |
|---|---|---|---|
| Critical | Chatbots, Code Assistants, Writing, Data Analytics, Healthcare, Finance, Legal | Block | CISO approval + completed risk assessment |
| High | Image Generators, Video, Audio/Music, Search, HR/Recruiting, Productivity, Developer Tools | Block w/ exceptions | Department justification + DLP controls |
| Medium | Marketing, Design, Customer Service | Monitor & log | Standard IT request |
| Low | Education | Allow | Monitoring enabled by default |
The API supports category-based filtering natively, enabling deployment of different blocklists per department. The following example pulls category-filtered domain lists for a segmented policy architecture.
Each generated file can be consumed as an EDL by Palo Alto, a URL filter feed by FortiGate, or a custom category by Zscaler. Integrates directly with enterprise firewall deployments.
Our classification pipeline scans 300,000+ domains daily from a 102M-domain corpus. Overall database growth has averaged 9.2% month-over-month, now exceeding 16,037+ domains.
The API provides real-time category statistics including domain counts, growth rates, and newly added domains. Security and compliance teams use this data to generate board-level reports.
Coverage statistics double as a validation metric. Customer-reported gaps are investigated and feed back into pipeline improvements for the affected vertical.
Tell us which categories matter most and we'll provide a detailed coverage report with domain counts, subcategory breakdowns, and sample entries.
Tell us which AI tool categories matter most to your organization and we will provide a detailed coverage report.