See What Your AI Is Missing.
Before You Change Anything.
SASKI Shadow Mode deploys inside your own infrastructure, runs observation analysis on every conversation, and delivers a complete findings report in 7 days. Nothing blocks. Nothing changes for your users. Your production environment is never touched.
How It Works
Deploy in your staging environment. See what your production traffic reveals.
Shadow Mode is not a demo environment. It is not a sandbox. It evaluates your actual conversation patterns using the same deterministic enforcement engine that powers every SASKI deployment. Your engineering team deploys the SASKI SDK inside your own infrastructure in a staging environment that mirrors your production traffic. Setup takes under two hours.
Step 01 — Deploy
Install and configure
Your engineering team installs the SASKI SDK and sets SASI_DEPLOYMENT_MODE=shadow. Shadow mode cannot run with ENVIRONMENT=production active. Your production environment is never touched.
Step 02 — Evaluate
Analysis runs silently
SASKI runs deterministic analysis on every message. Nothing blocks. Your LLM call fires normally. Your users see no difference. Cryptographic receipts collect in the background for 7 days of real traffic.
Step 03 — Report
Your findings, your traffic
Your team receives a full findings report showing exactly what SASKI detected, what it would have intercepted, and what it would have blocked in your actual traffic. Built from your own conversations, not simulated inputs.
We know what you are thinking.
Shadow Mode is an SDK deployment, not a cloud API call. There is no external endpoint involved. The SASKI SDK runs inside your own infrastructure. Your user conversations are not routed to a shared cloud. They are not processed by a third-party server. The SaskiEnvelope receipts generated during the evaluation are stored within your environment and remain under your custody throughout.
If your organization has data residency requirements, a VPC mandate, or legal restrictions on routing patient, student, or employee interaction data through external endpoints, Shadow Mode satisfies those requirements by design. There is nothing to route externally because nothing leaves your perimeter.
Don't take our word for it. Read the code.
The audit and observation layer that powers Shadow Mode is open source. No account required to install it. No dependencies to manage. The entire package is fewer than 10 files and under 150KB. A developer can read every line in under an hour and confirm for themselves exactly what enters the package, what leaves it, and what never moves.
The observation layer handles deployment gating, cryptographic evidence bundling, and audit report generation. It validates and packages outputs produced by the licensed SASKI engine. It does not contain detection logic, safety thresholds, or enforcement rules. Those live in the licensed engine. The boundary is clean and the code proves it.
We welcome security reviews, issues, and pull requests. If you find something that concerns you, open an issue. That transparency is the point.
What You Receive
Eight deliverables. All built from your own traffic.
PII and PHI Detection Summary
A count and examples of personally identifiable and protected health information present in user messages before your bot logic applied — SSNs, dates of birth, insurance IDs, phone numbers, and other regulated token types detected at the transport layer.
Crisis and Escalation Signal Count
How many turns triggered SASKI's deterministic crisis detection, which risk tier each turn landed in, which action SASKI assigned, and how SASKI would have responded versus your current system.
Compliance Exposure Examples
Specific conversation flows where COPPA, HIPAA, California AB 3030, California SB 243, Colorado SB 26-189, or EU AI Act obligations were triggered in your live traffic. Includes which statute, what the jurisdiction resolver determined, and what SASKI would have done.
Unsafe Flow Documentation
Examples of hallucinated safety actions, boundary failures, or adversarial extraction attempts in your actual conversations. These are turns where SASKI would have blocked or redirected but your current system did not. Your real traffic, not simulated inputs.
Token Savings Calculation
Exact monthly and annual token overhead reduction SASKI would deliver at your actual inference volume, calculated from your real session data. Model your approximate savings first at techviz.us/tokenator.
Latency Impact Report
Measured latency overhead of SASKI enforcement on your specific stack, reported at p50, p95, and p99 across all shadow turns. SDK target is under 50ms. API target is under 200ms. Your actual numbers, not generic benchmarks.
SaskiEnvelope Evidence Sample
Sample cryptographic receipts generated from your own conversations during the evaluation. Each contains a SHA-256 payload hash, redaction confirmation, jurisdiction source, and mode tag — the audit trail artifacts built for regulators, E&O underwriters, and legal teams.
Recommended Enforcement Path
Which SASKI configuration fits your deployment context, which governance tier distribution to expect in production based on your actual traffic, which jurisdiction settings to enable, and estimated time to full enforce deployment.
You do not need to understand the architecture to understand the report.
If you are running an AI chatbot in a regulated industry, the Shadow Mode report answers the questions your legal team, compliance officer, and E&O underwriter are already asking.
- Is our AI transmitting user data we should not be transmitting?
- Are we handling crisis situations in a way that creates liability?
- Do we have documented proof of what our AI did on any given user interaction?
- Are we paying for governance overhead we do not need on safe conversations?
The report is written for business stakeholders, not just engineers. Every finding includes a plain-language description of what was detected, what the regulatory exposure is, and what SASKI would have done differently.
Your engineering team handles the deployment. It takes under two hours. You receive the report. Everything after that is your decision.
Here is exactly what Shadow Mode does at the infrastructure layer.
Install the SASKI SDK via pip and set SASI_DEPLOYMENT_MODE=shadow via environment variable or YAML configuration. Requires Python 3.9 or higher and a staging environment that mirrors your production traffic. Do not run shadow mode with ENVIRONMENT=production or SASI_ENV=production active. The production enforce lock will override shadow mode.
from sasi_sdk.deployment_mode import evaluate_deployment_mode
from sasi_sdk.evidence_export import turn_payload_from_result
session = SasiSession(user_id="user_123", mode="your_mode")
result = session.analyze(
message=user_message,
conversation_history=history,
system_prompt=your_lean_prompt,
)
decision = evaluate_deployment_mode(result, mode="shadow")
# enforcement_suppressed=True — nothing blocks
# Your LLM call fires normally
payload = turn_payload_from_result(result, mode_tag="shadow_mode")
# Evidence stored in your infrastructure, not transmitted externally
On every turn, session.analyze() runs the enforcement pipeline. Because SASI_DEPLOYMENT_MODE=shadow is set, enforcement_suppressed is true on every turn. Every call returns:
- A
SaskiEnvelopereceipt containing the policy hash, decision trace, risk tier assignment, and cryptographic signature over canonical JSON. - A
system_prompt_for_llmvalue showing what SASKI would have assembled for that turn under full enforcement. - A
message_for_llmvalue showing whether SASKI would have passed the message unchanged, redacted PII, or rewritten it to a safe response template. - An
actionvalue showing the enforcement decision SASKI would have made. - An
enforcement_suppressedflag set totrueconfirming analysis ran but no enforcement action was taken.
Run for a minimum of 48 to 72 hours of real traffic before reviewing results. Seven days produces a statistically meaningful report across a broader range of conversation types and risk distributions.
SASI_DEPLOYMENT_MODE=enforce
# Gate your LLM call on the enforcement decision
if not decision.effective_should_block:
response = call_llm(result.message_for_llm)
Want to inspect the observation layer before you commit to anything? The audit package is open source with zero dependencies. Read the code, run it locally, open issues.
View SASKI_Shadow on GitHubAfter the Evaluation
Shadow Mode is the beginning of the conversation, not the end of it.
After you receive the report, three paths are available. There is no pressure attached to any of them.
Do nothing.
You keep the report. You have documented evidence of what SASKI found in your production traffic patterns. That evidence belongs to you regardless of what you decide next. There is no obligation attached to receiving it.
Move to full integration.
SASKI becomes your pre-LLM enforcement layer. The recommended enforcement path in your report becomes your starting configuration. Moving from shadow to enforce requires a single configuration change. Integration into your existing stack takes 2 to 8 hours total.
Ask questions first.
Reach out directly. The report will surface findings that warrant a conversation about your specific deployment context, regulatory exposure, and what full enforcement would look like for your platform. There is no sales process attached to that conversation.
There is no pressure path. The report is the value. Everything after that is your decision.
Not Ready for Shadow Mode Yet?
Start with the Prompt Analyzer.
Run your current system prompt through the SASKI Prompt Analyzer at techviz.us/tokenator. Paste your system prompt. See exactly which governance obligations SASKI handles at the pre-LLM layer, what you can safely remove from your static prompt, and what your token overhead costs you annually at your current inference volume. No signup. No commitment. Results in under 30 seconds.
Ready to see what your AI is missing?
Shadow Mode deploys inside your infrastructure via the SASKI SDK. Setup takes under two hours. Your data never leaves your environment. Your users see nothing different. You receive a full findings report in seven days.
Questions? [email protected]