Fantomo installs silently across Chrome and Edge. It catches phishing, MFA bypass, credential reuse, and session hijacking right in the browser. And it still does the day job: block sites, guide users, find shadow SaaS. No endpoint agent. No hit to productivity.
Proxy tools see traffic. Endpoint agents see the device. Neither sees what happens inside the tab. Fantomo does. Here's what it flags, blocks, and streams to your SIEM.
Paste-the-command lures, fake CAPTCHAs, device-code and consent tricks. Caught and blocked before the payload runs.
Fingerprints each authenticated session. When a token shows up from a different environment, you hear about it.
Find accounts logging in with a password while SSO is meant to be enforced, or with no MFA at all.
Spots the same password reused across sites (by fingerprint, never the password itself), and flags overlap with known breaches.
Inventories third-party app access from Google and Microsoft, scored by how much each grant can touch.
Reports every extension on the device, rated by its permissions, install source, and a known-bad denylist.
Risk-rates downloads by file type and checks DNS integrity over DoH to catch poisoning and captive-portal tricks.
Every detection lands in one triage view and streams to Splunk, Sentinel, or CrowdStrike Falcon Next-Gen SIEM.
From blocking unauthorized tools to detecting Shadow IT, Fantomo gives your IT team complete visibility and control.
Keep your team safe on the web by directing traffic to approved tools. Block unproductive sites and guide users to corporate-sanctioned alternatives instantly.
Match by exact domain, URL fragment, domain pack, or AI-powered classification. Priority-sorted, frequency-controlled, with group, OU, and user-level exclusions.
Explore the Engine →Deploy across all company computers automatically without interrupting your staff. No user sign-in or manual setup required.
Deploy via Microsoft Intune, Jamf Pro, or any MDM. Auto-provisions users from active browser profile data. Fully invisible to the end user.
View MDM Configs →Discover SaaS applications in use. Monitor signup behaviors, manage software compliance, and aggregate usage scoped by Google Workspace OUs and Groups.
Automatically detect SaaS account creation. Segment telemetry and SaaS usage by Google Workspace Organizational Units, Google Groups, and O365 equivalents.
Discover SaaS →Guide employee behavior with custom alerts that pop up in the browser, helping them use corporate tools correctly.
Show policy messages right where users need them. Dismissable, non-dismissable, or full block — with custom styling and translated messages.
See Warning Flow →Monitor company-wide software adoption and security compliance while protecting individual user privacy.
Our agent-based architecture ensures that SaaS usage is monitored, not the staff. No full URLs, document titles, or screenshots are ever logged.
Compliance Reports →Orchestrate multi-step response workflows automatically. Set triggers for new signups, breaches, or anomalies, and execute custom Slack alerts, emails, or access revocation.
Define sequences of checks and actions. Automatically request user justifications, set cooldown periods, escalate non-responses to admins, and synchronize default policies across all tenants.
Read Playbooks Guide →A single, auto-refreshing pane of glass. Every alert, detection, risky app, and pending approval lands in one prioritized "needs your attention" queue you can keep open all day.
Severity-sorted signals merge into one click-through feed that refreshes every 45 seconds. A short sidebar of tabbed Workspaces replaces a long, flat menu — drill into any report in one click.
Explore the Command Center →Set guidelines for what websites and software tools your organization should use, directing employees away from risky sites.
Configure security policies inside the admin panel by defining actions (block, redirect, warn, inform) for specific destinations. The control plane bundles these definitions into compressed hash tables and Bloom filters, then propagates updates to active extensions within 5 minutes.
The browser evaluates every navigation event locally in user space without routing traffic to a third-party cloud. The local rule engine processes rules by active user profiles, directory Organizational Units, or Google/O365 groups to prevent false positives.
Install the software instantly on all employee computers in the background, with zero interruption or setup required from them.
Push the extension silently across your Windows and macOS endpoints using standard device management templates. The browser reads the forced extension policy on startup, downloads the signed package from official stores, and locks the installation.
During initialization, the client retrieves its organization ID and server endpoints directly from the browser's managed storage registry. Users are auto-enrolled based on active browser profiles, removing the need for manual sign-ins or client configuration.
View which software is being adopted across your team, discover shadow IT, and protect company and staff data privacy.
Identify shadow SaaS adoptions and browse compliance events inside the unified admin console. The browser monitors page DOM submission events locally in user space, allowing it to log account signups and check login postures without inspecting raw passwords.
Our multi-tenant architecture partitions administrative databases at the client layer. Access rules prevent cross-tenant queries, and telemetry events are automatically scrubbed of personal identifiers and exact query parameters.
15 seats always free. Only pay for users who were active last month. No contracts, no surprises.
Free forever for up to 15 active users. No credit card required.
| 16–50 users | $4/user/mo |
| 51–100 users | $3/user/mo |
| 101–200 users | $2/user/mo |
| 200+ users | Contact us |
| Shadow IT & SaaS Management | $99/mo |
| M365 & GWS Security Tune-up | $49/mo |
| Full Browsing & Analytics | $119/mo |
| Remote Network Telemetry | $59/mo |
| Policy Auditor / DLP | $29/mo |
Are you a non-profit? Learn about our non-profit program →
The extension is deployed silently via your MDM (Intune, Jamf, etc.) using managed storage policies. End users never see a login prompt or configuration step.
When deployed via MDM with force-install policies, users cannot disable, remove, or modify the extension. This is a standard Chrome/Edge enterprise capability.
Fantomo supports Chrome and Edge (Chromium-based). Both browsers support Manifest V3 extensions with managed storage for enterprise deployment.
The extension uses multilingual URL pattern matching to detect when users visit signup, registration, or account creation pages at SaaS providers. Detections are logged and can trigger Slack alerts.
Yes. Domain packs (e.g., "Social Media", "AI Tools") contain curated lists of 20-30+ domains. Create one rule targeting a pack to apply policy to all domains in that category.
All data is encrypted in transit (TLS 1.3) and at rest. We isolate client logs and configurations using a multi-tenant database architecture. Audit data retention is configurable per organization.
The M365 & GWS Security Tune-up add-on ($49/month) allows you to audit and remediate cloud tenant security settings. Automated remediation runs using temporary administrative credentials that self-destruct 15 minutes after completion, and daily scans audit settings for configuration drift. The engine automatically filters out unsupported premium features based on active tenant licensing, and performs multi-point automated security audits of designated emergency access (break-glass) recovery accounts (evaluating account existence, admin privileges, on-premises sync states, Conditional Access exclusions, and standby sign-in activity).
Available for $119/month, the Full Browsing & Analytics add-on provides complete browsing analytics with domain categorization, visit frequency tracking, and daily metric rollups. It includes Shadow IT & SaaS Management. Data retention is configurable.
Billing only activates when more than 15 users are active in a calendar month. If your team never exceeds 15 active users in a given month, that month is free. We recommend adding a payment method before you hit 15 so there's no interruption as you grow.
A user is counted as active if their extension synced with Fantomo at least once during the prior calendar month. Users who are enrolled but haven't opened their browser that month don't count.
Billing adjusts automatically every month based on who was actually active. If headcount drops, your bill drops too — you never pay for inactive users.
No contracts. Fantomo is month-to-month and you can cancel at any time. For teams over 200 users, we offer negotiated annual pricing — contact us to discuss.
Start with a free account. No credit card required. Deploy in under 10 minutes.