The board pack pasted into ChatGPT for "quick summary." The legal memo forwarded to a vendor who fed it to Copilot. The transcript a departing employee dropped into Otter. Waterline plants canaries in your documents, probes AI systems for reproduction, and tells you who forwarded what — with audit-grade evidence and a human review gate at every step.
The leak surface security tooling ignores: a trusted recipient pasting confidential content into an LLM for a quick summary, forwarding a transcript on WhatsApp, or screenshotting a document into a group chat. Not malice. Just the friction-free workflow that AI and messaging apps now make trivial.
A board pack copied into ChatGPT for a one-line summary travels to OpenAI's training pipeline. The user thinks they've been efficient. You can't see it happen.
Otter, Granola, and Fathom transcripts carry the full content of confidential calls. One forward turns a private meeting into a search-indexable artefact.
You only learn a document leaked when an LLM regurgitates it back to a third party. Without canaries, you can't prove where it came from. Without probes, you don't see it until it's public.
Four stages. Every artefact is registered. Every probe is logged. Every detection ends with the human-review gate.
Embed canaries in confidential docs & register
Query AI systems for canary reproduction
Match suspect text or audio back to the recipient
Generate formal notices with evidence attached
Document content never leaves the machine. Generation, embedding, registry, and detection all run locally. External calls only at the probe step, by design.
Six watermark layers ranked by survival: lexical paraphrase, stylometric signature, semantic fingerprint, steganographic placement, invisible characters, metadata. Survives copy-paste, screenshot-OCR, and light AI rewrite.
Probe Anthropic, OpenAI, and local models from one CLI. Probes ask the target to acknowledge familiarity, not reproduce content — reducing re-leak risk.
Each detected leak carries per-layer match scores combined into a single confidence percentage. The threshold is yours; the human review is mandatory.
Export registry rows, probe transcripts, and match traces as a signed evidence pack. Ready to attach to formal takedown notices, regulatory filings, or expert-witness reports.
Improve detection accuracy on domain-specific terms — names, technical jargon, programme codes. Hotwords seed the probe templates and the matcher in one configuration step.
Waterline runs as a CLI on your laptop or in your secured compute environment. Every command produces a registered artefact and a manifest. Nothing is reconstructed; everything is replayable.
Run waterline plant document.pdf against any confidential document. The CLI generates per-recipient canaries, embeds them, and writes a registry row keyed on document and recipient.
waterline probe --target anthropic:claude-sonnetqueries the AI system with prompts derived from your registry. Responses are scored against the canary library and recorded in the probe results table.
When a leak surfaces — a screenshot, a forwarded email, a chatbot reply — paste the text into waterline detect. Per-layer matches combine into a ranked-candidate list with confidence scores. Human review required before any attribution.
waterline takedown produces a formal notice with the detection evidence, registry entries, and match chain attached. Suitable for legal, regulatory, or contractual escalation.
Board materials. M&A diligence rooms. Legal memos. Compliance files. Anything where attribution matters more than aesthetics.
Plant per-recipient canaries before distribution. If the deck surfaces in an AI response or an unauthorised forward, you know which director it came from.
Privileged memos, expert reports, and filings carry forensic fingerprints. Probe results and detection traces attach directly to formal takedown notices.
Diligence rooms see hundreds of recipients across counsel, bidders, and advisers. Per-recipient canaries make leak attribution a CLI command, not a forensic investigation.
A 90-day audit covers planting, probing, and a confidential detection report on your highest-sensitivity document set. We run the audit; you keep the registry. Custom pricing based on document footprint and probe volume.
Human review required before any attribution.