How to Monitor ChatGPT Usage at Work (2026 Guide)

How to Monitor ChatGPT Usage at Work (2026 Guide)

Monitoring ChatGPT usage means knowing who in your organization uses ChatGPT, how often, on which accounts, and what kind of data they're putting into it. You can't govern what you can't see, so monitoring is step one of any AI policy. This guide covers how to monitor ChatGPT usage at work in 2026 and the tools that do it well, starting with dope.security.

The short answer: the level of monitoring you get depends on where you sit in the traffic. DNS logs tell you a domain was visited. Full on-device visibility tells you who used ChatGPT, on a corporate or personal account, and whether sensitive data went in. Aim for the second.

Why monitoring ChatGPT usage is harder than it looks

ChatGPT runs in the browser over HTTPS. A basic DNS or firewall log can tell you someone reached chatgpt.com, but not who, not which account, and definitely not what they typed. And a lot of usage happens on personal accounts and off the corporate network entirely. Real monitoring has to follow the user and see inside the session, not just the connection.

Three levels of ChatGPT visibility

  • DNS-level: you learn a device asked for chatgpt.com. That's it. No user, no account, no content.
  • Inline proxy: you see the session and can apply policy, but traffic detours through a vendor cloud, and coverage depends on users being on-network or routed.
  • On-device: you see the session wherever the user is, tie it to a user and account, and inspect content locally. This is the level that actually answers your questions.

What good ChatGPT monitoring shows you

  • Who is using ChatGPT, by user and device.
  • Which account: corporate/enterprise vs personal login. The ChatGPT workspace ID is what makes that distinction enforceable.
  • How much: frequency and volume of use.
  • What data: whether sensitive content is being submitted, which is where AI DLP comes in.
  • On or off network, because usage doesn't stop when people leave the office.

dope.security: full visibility, then control

dope.security monitors ChatGPT usage through its on-device agent, so it sees usage wherever the user is, on the corporate network or a coffee-shop Wi-Fi. Shadow IT discovery shows who's using ChatGPT and whether they're on a corporate or personal account, which is the distinction that actually matters for risk, and the heart of the shadow AI problem.

Because inspection happens on-device with SSL decryption, you get session-level visibility, not just a domain hit in a log. And monitoring flows straight into action: Cloud Application Control can restrict ChatGPT to your enterprise tenant (block personal accounts), and Dopamine DLP can monitor (or block) the sensitive data going into prompts, classifying through zero-retention APIs so the content is checked but never stored. Run Dopamine DLP in Monitor mode and you get a clear picture of what's being shared before you decide what to enforce, the first step of ChatGPT DLP.

It all lives in one console, pushes policy in seconds, and adds no backhaul latency (up to 4x faster than legacy proxies). Monitoring and enforcement aren't two separate projects, they're the same AI governance workflow.

ChatGPT monitoring alternatives

Cisco Umbrella

Umbrella is DNS-first, packaged as DNS Security Essentials and Advantage plus the fuller SIG Essentials and SIG Advantage tiers, and it now sits alongside Cisco Secure Access (Cisco's newer SSE) in the Security Cloud. It logs and reports that devices reached ChatGPT domains, and it's simple to turn on. That simplicity is also the ceiling: DNS-layer monitoring sees the domain, not the user's account or the content of the session, and it misses a lot of HTTPS detail. It's a fast way to know ChatGPT is in use, not a way to know what's happening inside it. See dope.security vs Cisco Umbrella.

Netskope

Netskope offers rich visibility into ChatGPT and other AI apps through the Netskope One inline proxy, its deep app catalog, the Cloud Confidence Index, and SkopeAI analytics, with detailed activity-level reporting. It's genuinely strong at monitoring. The trade-offs are the cloud-proxy architecture (traffic routes through Netskope's edge) and the enterprise scale of the platform in both complexity and cost.

Microsoft Purview / Defender

If ChatGPT use in your org runs through Microsoft surfaces (Copilot, ChatGPT Enterprise tied to M365), Purview Audit and DSPM for AI, plus Defender for Cloud Apps with its Cloud Discovery and Conditional Access App Control, give solid monitoring and reporting inside that estate, with Entra identity context. The gap is consumer ChatGPT on personal accounts outside Microsoft, which is harder for these tools to observe.

DNSFilter

DNSFilter is a clean, fast DNS-layer tool, sold in Core and Pro plans with a Roaming Client for off-network devices and AI-driven domain classification. It can report and block AI domains with very little setup, which many lean IT teams appreciate. Like Umbrella, though, it operates at the DNS layer, so it tells you a domain was requested, not who used which account or what data they submitted. For a broader look at filtering options, see our top URL filtering tools.

Quick comparison

ToolVisibility depthSees account (corp vs personal)?Monitors data in prompts?
dope.securitySession-level, on-deviceYesYes (Dopamine DLP)
Cisco UmbrellaDNS layerNoNo
NetskopeInline, detailedPartialYes
Microsoft Purview/DefenderWithin Microsoft estateWithin estateYes, in M365
DNSFilterDNS layerNoNo

What to do with what you find

Monitoring is only useful if it leads to action. Once you can see usage, sort AI apps into allow, warn, and block. Move people onto sanctioned enterprise tenants. Turn on DLP for the data types you care about most. Then keep watching, because the AI landscape shifts monthly. Monitoring is the on-ramp, not the destination.

A note on employee trust

Monitoring AI usage works best when it's transparent. Tell people what you monitor and why: you're protecting company and customer data, not reading their lunch plans. Framed well, it lands as "we're making AI safe to use here," which is a far better message than a silent block page. Good generative AI security is as much about communication as controls.

Frequently asked questions

How do I monitor ChatGPT usage at work?

Use a tool that sees usage at the device or inline level, not just DNS. dope.security's Shadow IT discovery shows who uses ChatGPT and whether they're on corporate or personal accounts.

Can I see what employees type into ChatGPT?

With on-device SSL inspection and DLP, yes, at the policy level. dope.security's Dopamine DLP can monitor sensitive content in prompts in Monitor mode without storing it.

Is DNS logging enough to monitor ChatGPT?

No. DNS logs show a domain was reached, not who used it, which account, or what data went in. For real monitoring you need session-level visibility.

Should employees know their ChatGPT usage is monitored?

Yes. Transparency keeps trust intact and improves compliance. Tell people what's monitored and that the goal is protecting sensitive data, not surveilling their work.

See it in action

Get a clear picture of ChatGPT usage across your team, then act on it. Try dope.security free or book a 20-minute demo.

AI Governance
AI Governance
Cloud App Control
Cloud App Control
How-To
How-To
AI Security
AI Security
back to blog Home