I've noticed a growing trend of employees using "AI-first" browsers like ChatGPT and Claude, and I'm concerned about the potential for data leaks. It's challenging to track what users are pasting into these AI chat tools since traditional data loss prevention (DLP) measures don't seem to catch this traffic, as it goes to legitimate HTTPS domains. Has anyone found effective configurations or methods to monitor or restrict data input into these AI systems? I'm looking for real, practical approaches rather than just policies.
6 Answers
It sounds like your users might have too many privileges if they can install whatever they want. I’d suggest addressing that first. You might be able to catch some of these installations by reviewing local admin rights.
This is exactly why we've developed monitoring tools for AI interactions at my workplace. The real risk often comes from browser extensions that can access everything on the screen. We’re trying a couple of things like intercepting clipboard events, but it’s getting complicated. We've also looked into browser isolation tech to channel AI traffic through a proxy for better inspection, although it’s not foolproof. Compliance teams are really anxious about this, and it's easy to see why—I've seen someone paste an entire database into Claude during a demo!
We've been using Mimecast’s Incyder for this purpose. It provides a lot of insight, but it can feel a bit invasive at times.
Be aware that those AI-first browsers are often labeled as potentially unwanted programs (PUPs). It’s best to stick with one browser for work—either Chrome or Edge—to maintain better control over what users are doing online.
Honestly, the only sure way is to block specific AI domains or set up a configuration for inspecting all HTTPS traffic. This kind of data exfiltration is not new—the challenge stems from users chatting with AI rather than sending files. It's concerning but similar to sending sensitive info in personal emails.
One way we've handled this is by restricting browser access to just Google Chrome and Microsoft Edge. These are the only browsers we trust, and it simplifies the whole process. Most users shouldn’t need anything else anyway.
That's smart! We go a step further and use Threatlocker to block users from installing anything unapproved. Really keeps things in check.
True! But even Chrome and Edge need proper Group Policy adjustments to secure them fully. I’ve set around 30 policies to disable unnecessary features, like the crypto wallet in Edge that shouldn’t be there in a work environment.
Absolutely! Some browsers install quietly if you bypass the UAC prompts. We've even had to involve our network team to block access to AI sites completely, which can feel like a constant battle.