Fantomo installs silently across Chrome and Edge. It catches phishing, MFA bypass, credential reuse, and session hijacking right in the browser. And it still does the day job: block sites, guide users, find shadow SaaS. No endpoint agent. No hit to productivity.
Proxy tools see traffic. Endpoint agents see the device. Neither sees what happens inside the tab. Fantomo does. Here's what it flags, blocks, and streams to your SIEM.
Paste-the-command lures, fake CAPTCHAs, device-code and consent tricks. Caught and blocked before the payload runs.
Fingerprints each authenticated session. When a token shows up from a different environment, you hear about it.
Find accounts logging in with a password while SSO is meant to be enforced, or with no MFA at all.
Spots the same password reused across sites (by fingerprint, never the password itself), and flags overlap with known breaches.
Inventories third-party app access from Google and Microsoft, scored by how much each grant can touch.
Reports every extension on the device, rated by its permissions, install source, and a known-bad denylist.
Risk-rates downloads by file type and checks DNS integrity over DoH to catch poisoning and captive-portal tricks.
Every detection lands in one triage view and streams to Splunk, Sentinel, or CrowdStrike Falcon Next-Gen SIEM.
From blocking unauthorized tools to detecting Shadow IT, Fantomo gives your IT team complete visibility and control.
Keep your team safe on the web by directing traffic to approved tools. Block unproductive sites and guide users to corporate-sanctioned alternatives instantly.
Match by exact domain, URL fragment, domain pack, or AI-powered classification. Priority-sorted, frequency-controlled, with group, OU, and user-level exclusions.
Explore the Engine →Deploy across all company computers automatically without interrupting your staff. No user sign-in or manual setup required.
Deploy via Microsoft Intune, Jamf Pro, or any MDM. Auto-provisions users from active browser profile data. Fully invisible to the end user.
View MDM Configs →Discover SaaS applications in use. Monitor signup behaviors, manage software compliance, and aggregate usage scoped by Google Workspace OUs and Groups.
Automatically detect SaaS account creation. Segment telemetry and SaaS usage by Google Workspace Organizational Units, Google Groups, and O365 equivalents.
Discover SaaS →Guide employee behavior with custom alerts that pop up in the browser, helping them use corporate tools correctly.
Show policy messages right where users need them. Dismissable, non-dismissable, or full block — with custom styling and translated messages.
See Warning Flow →Monitor company-wide software adoption and security compliance while protecting individual user privacy.
Our agent-based architecture ensures that SaaS usage is monitored, not the staff. No full URLs, document titles, or screenshots are ever logged.
Compliance Reports →Orchestrate multi-step response workflows automatically. Set triggers for new signups, breaches, or anomalies, and execute custom Slack alerts, emails, or access revocation.
Define sequences of checks and actions. Automatically request user justifications, set cooldown periods, escalate non-responses to admins, and synchronize default policies across all tenants.
Read Playbooks Guide →Set guidelines for what websites and software tools your organization should use, directing employees away from risky sites.
Define actions (block, redirect, warn, or inform) by exact domain, URL patterns, or categories. Set rule priority and display frequency control.
Install the software instantly on all employee computers in the background, with zero interruption or setup required from them.
Push the extension silently via Intune, Jamf, or GPO. Auto-configures using browser managed storage policies and immediately pulls active rules.
View which software is being adopted across your team, discover shadow IT, and protect company and staff data privacy.
Track SaaS signup forms, trigger real-time alerts (including Slack integration), and review compliance logs isolated with Postgres Row-Level Security.
15 seats always free. Only pay for users who were active last month. No contracts, no surprises.
Free forever for up to 15 active users. No credit card required.
| 16–50 users | $4/user/mo |
| 51–100 users | $3/user/mo |
| 101–200 users | $2/user/mo |
| 200+ users | Contact us |
| Shadow IT & SaaS Management | $99/mo |
| M365 & GWS Security Tune-up | $49/mo |
| Full Browsing & Analytics | $119/mo |
| Remote Network Telemetry | $59/mo |
| Policy Auditor / DLP | $29/mo |
Are you a non-profit? Learn about our non-profit program →
The extension is deployed silently via your MDM (Intune, Jamf, etc.) using managed storage policies. End users never see a login prompt or configuration step.
When deployed via MDM with force-install policies, users cannot disable, remove, or modify the extension. This is a standard Chrome/Edge enterprise capability.
Fantomo supports Chrome and Edge (Chromium-based). Both browsers support Manifest V3 extensions with managed storage for enterprise deployment.
The extension uses multilingual URL pattern matching to detect when users visit signup, registration, or account creation pages at SaaS providers. Detections are logged and can trigger Slack alerts.
Yes. Domain packs (e.g., "Social Media", "AI Tools") contain curated lists of 20-30+ domains. Create one rule targeting a pack to apply policy to all domains in that category.
All data is encrypted in transit (TLS 1.3) and at rest. We use PostgreSQL Row-Level Security to ensure strict tenant isolation. Audit data retention is configurable per organization.
The M365 & GWS Security Tune-up add-on ($49/month) allows you to audit and remediate cloud tenant security settings. Automated remediation runs using temporary administrative credentials that self-destruct 15 minutes after completion, and daily scans audit settings for configuration drift. The engine automatically filters out unsupported premium features based on active tenant licensing, and performs multi-point automated security audits of designated emergency access (break-glass) recovery accounts (evaluating account existence, admin privileges, on-premises sync states, Conditional Access exclusions, and standby sign-in activity).
Available for $119/month, the Full Browsing & Analytics add-on provides complete browsing analytics with domain categorization, visit frequency tracking, and daily metric rollups. It includes Shadow IT & SaaS Management. Data retention is configurable.
Billing only activates when more than 15 users are active in a calendar month. If your team never exceeds 15 active users in a given month, that month is free. We recommend adding a payment method before you hit 15 so there's no interruption as you grow.
A user is counted as active if their extension synced with Fantomo at least once during the prior calendar month. Users who are enrolled but haven't opened their browser that month don't count.
Billing adjusts automatically every month based on who was actually active. If headcount drops, your bill drops too — you never pay for inactive users.
No contracts. Fantomo is month-to-month and you can cancel at any time. For teams over 200 users, we offer negotiated annual pricing — contact us to discuss.
Start with a free account. No credit card required. Deploy in under 10 minutes.