Menlo Security Acquires Votiro to Deliver Easy, AI-driven Data Security to Enterprises
Read Blog
This blog post, the third in a series, focuses on the critical need to secure Generative AI (GenAI) usage in the browser to prevent data loss. As employees increasingly use GenAI for work, often with free-tier services that share data for training, proprietary and sensitive information is at risk. Traditional Data Loss Prevention (DLP) solutions, especially endpoint-based ones, are fraught with risk and complexity, relying on escalated privileges or being vulnerable to local compromise. Replacement browsers are fundamentally flawed for this purpose as they operate on the contested endpoint, exposing the DLP controls to bypass risk. The solution lies in a DLP approach that operates in the cloud, in the flow of browser traffic, to inspect GenAI prompts and file uploads before data ever lands on the endpoint. This provides a lower-risk, more effective path to closing the browser security gap for GenAI use.
—-
This blog is part three of a multi-part series. Part 1 discussed how selecting the right browser security architecture is critically important. Part 2 covered the risks that replacement browsers impose on organizational and user choice. And now on to GenAI security.
Workers access GenAI through both their web portals and mobile apps. Today and for the foreseeable future, the majority of GenAI usage for workplace productivity is going to be through the web browser. Each GenAI web browser portal works the same way: the prompt is typed into a browser form and transmitted to the GenAI service via an HTML POST operation:
Users fell in love with GenAI. Think of how they started: Using consumer-facing GenAI portals, they could adapt recipes for the ingredients they had on hand. Write perfect cover letters. Then they came to work, where they could summarize complex data or create tailored pitches based on specific customer data.
Unfortunately, that complex data is either proprietary, sensitive, or both. Customer data is, too, by its very nature. And even now that many organizations are selecting and paying for a GenAI tier that does not train their models with prompts, many employees still select their favorite GenAI at the free tier, which shares prompts and responses with the LLM. Data loss risk increases with every such user interaction.
So the problem is that user Gen AI activities risk the loss of potentially sensitive and proprietary data, even to sanctioned GenAI portals. The risks are no joke: your organization could fall out of compliance with data privacy regulations. Your competitors might see your intellectual property.
Data loss risk through web browsers requires a data loss prevention solution that can prevent such losses. Unfortunately, efforts to deliver such solutions often fall short. Three types of offerings commonly are believed to address this situation: mainstream DLP solutions like Varonis, enterprise browsers, also known as replacement browsers like Island, and cloud-based, browser-centric, preemptive DLP, such as from Menlo Security.
Many mainstream DLP solutions claim to be able to secure the browser channel—that is, traffic between websites and browsers, which includes text typed into forms as well as files and archives in web traffic. But, their mechanisms for delivering DLP on the browser channel create complications and risks.
Replacement browsers like Island cannot solve the GenAI data loss problem because Island is, once again, operating on the endpoint, which is the most contested ground in IT: attackers know that endpoint OSes, primarily Windows and secondarily MacOS, are the weak link in the IT security chain, and therefore focus their attacks on the endpoint. It’s the primary battleground between threat actors and IT. This means that DLP in a replacement browser is fundamentally broken, because its security posture is based on local hardening—attempting to make a vulnerable endpoint browser safe. Let’s take a closer look:
Local Compromise and Bypass Risk is a core weakness of replacement browsers in the context of advanced threats and GenAI DLP: Island runs a local Chromium instance and inherits all Chrome CVEs until patched. Even with features like JIT/Wasm disabled, the replacement browser still executes web code natively on the endpoint, even with diminished performance. This exposes both the OS and hardware to exploitation.
If a zero-day exploit succeeds via a Chrome CVE before Island can patch it, the attacker can now run code locally on the endpoint, giving the attacker access to the browser's memory and files. Such local compromise has a direct effect on the efficacy of DLP for GenAI. On a replacement browser, there’s almost no point: before a replacement browser can prevent files with sensitive data from being uploaded to GenAI, the sensitive data has already been compromised by the attacker.
Risk Beyond File Upload is due to a dependence on browser extensions, even if every effort has been made to protect them. The Island replacement browser enforces DLP-related controls such as clipboard copy/paste, watermarking, and screenshots, among many others. It is nearly trivial for a skilled user with local administration privileges (common in many organizations) to disable Island internal extensions. Internal users can be trusted, but the mechanisms used to disable Island internal extensions are scriptable, so threat actors that gain access to systems can disable them as well. Island self-heals its extensions, but data can be lost in the blink of an eye.
Performing DLP inspection on both the GenAI prompt and any files uploaded from a browser to a GenAI portal can go a long way towards preventing sensitive data loss to GenAI. Menlo Browser DLP does just that. Here’s a closer look:
Menlo Browser DLP prevents any file with sensitive data from:
Further, Menlo Browser DLP applies dictionary DLP inspection to browser text inputs – form fields – to prevent sensitive data loss via web pages. This is particularly useful in the age of GenAI consumption, where any GenAI’s web portal prompt field is a browser form field.
All of these operations occur in the Menlo Cloud, not on the endpoint. A file upload or download passes through Menlo DLP in the cloud before a GenAI destination. A form field submit is transmitted first to Menlo DLP in the cloud before delivery to GenAI. Cloud-based DLP is, in essence, preemptive data loss prevention.
I hope that the blog series continues to pique your interest. In this one, we sought to link your evolving appreciation of endpoint risk to the task of preventing data loss, particularly in our rapidly evolving world, leveraging GenAI. The endpoint is contested ground. A secure cloud isn’t. I hope that this information will help you and your organization better understand your options on the path to closing the browser security gap, in particular as it pertains to GenAI.
Menlo Security
