STACK Whisper
Product · IDE Insider Risk

Your devs' AI tools just read 12,000 lines of restricted code.

STACK Whisper observes IDE activity, AI coding assistant prompts, and source-pull behavior — tied to identity, scoped to repo sensitivity, and aware of the difference between Copilot inline completion and a paste-into-public-Claude.

Get a Demo Talk to Sales
12k
Avg Monthly Restricted-Repo Reads
6+
AI Tools Tracked
0bytes
Source Code Uploaded
100%
Sessions Attributed to Identity
Capabilities

AI coding assistants are the new insider risk

Every regulated org is asking what their developers' AI tools are reading. No product answers cleanly without breaking developer trust. Whisper does both.

IDE Activity Capture

VSCode, JetBrains, Cursor, Zed, Neovim plugins surface read, write, copy, and paste events at the editor layer.

LSP-Layer Tap

Language-server traffic shows actual file resolution, symbol context, and cross-repo navigation — the real footprint of a session.

AI-Tool Awareness

Copilot, Cursor agent, Claude Code, Cody, Continue, and self-hosted assistants — each treated with its own attribution and privacy model.

Repo Sensitivity Mapping

Tag repos by sensitivity class (PHI, PCI, source IP, board materials). Alert when crossings happen.

Identity Stitch

Every IDE session tied to a user, device, and project assignment via your existing IdP.

Privacy by Design

Code content never leaves the workstation. Metadata, hashes, and prompt skeletons only — never raw source.

Frequently Asked

Questions teams ask before deploying

Straightforward answers about scope, integration, data handling, and rollout.

Won't developers hate this?

They'll respect it if you're transparent. Whisper ships a worker-side dashboard so devs see exactly what's captured about their sessions — and nothing more.

Does it work with self-hosted LLMs?

Yes. We tap at the IDE and LSP layer, not at the model layer — so Ollama, vLLM, on-prem assistants are all visible.

GDPR and works-council story?

Designed for it. Per-employee opt-in supported; access logs of who viewed which telemetry; automatic redaction of personal data outside the work scope.

How much source code do you see?

Zero raw source. Structural hashes, file paths, symbol skeletons, and prompt outlines only. The actual bytes never leave the developer's machine.

Ready to See It Live

Find out what your AI tools are actually reading

Deploy the plugin to one dev team. One week of telemetry. We'll show you the restricted-repo reads, the public-LLM pastes, and the unsanctioned tools — without ever seeing your source.

Try Demo Book a Call