Working with the AI Interaction Policy for User Protection

Overview

Users often interact with AI chat applications as part of their daily work, without fully considering the security, compliance, or data exposure risks involved. Completely blocking access to these tools can reduce risk, but it also removes the productivity benefits that AI-driven workflows provide.

The AI Interaction Policy lets you control how users interact with AI chat applications by inspecting prompts in real time and responding when risky content is detected. Instead of blocking AI chats entirely, you can apply granular protections that help prevent sensitive data exposure, policy violations, and compliance risks while still allowing approved AI usage.

Using AI Interaction Policies, you can block, anonymize, alert on, or monitor specific types of prompt content based on your organization’s security and governance requirements. This approach enables you to protect sensitive information and enforce AI usage policies without disrupting legitimate and productive use of AI tools.

Note: When you use the AI Security API Integration module, AI Interaction Policies support monitoring actions only.

Prerequisites

TLS Inspection must be enabled at the account level for AI Interaction Policies to inspect AI traffic. If TLS Inspection is disabled for the account, AI Interaction Policies don't inspect AI traffic.

AI Interaction Policies inspect matching AI traffic based on the account-level TLS Inspection setting and don't require a specific TLS Inspection rule.

Configuring AI Interaction Policies

Before you create rules, enable AI Interaction Policies for end users in the Cato Management Application.

To enable AI Interaction Policies for end users:

  1. From the navigation menu, select AI Security.
  2. Under User Protections, select AI Interaction Policy
  3. Enable the End Users Prompts Rules toggle.

Configuring an AI Interaction Policy Rule

To create an AI Interaction Policy rule:

  1. From the AI Interaction Policy page, click New.
  2. In the General section, configure the fields, for example, Name and Description.
  3. In the Source section, select the users or groups that the rule applies to, or leave Any to apply the rule to all sources.
  4. In the Applications section, select the AI applications that the rule applies to, or leave Any to apply the rule to all supported applications.
  5. In the Engine Profiles section, select the profile used to evaluate AI prompts.

  6. In the Action section, select the action to apply when a prompt matches the content profile, such as Block.

    If you are creating an API rule, the only action available is Monitor.

  7. (Optional) Select a Notification Template to notify users when the action is enforced.
  8. Click Save.

When a prompt matches the configured criteria, the selected action is enforced.

Understanding Actions

The AI Interaction Policy supports the following actions for each rule:

  • Block - the prompt is blocked, and no information is sent to the AI vendor
  • Monitor - the prompt is sent to the AI vendor, and the interaction is monitored

  • Anonymize and Block - If the Engine Profile you selected includes Detectors that:

    • Support anonymizing content, the content is anonymized, and sent
    • Do not support anonymizing content; the prompt is blocked

  • Anonymize and Monitor - If the Engine Profile you selected includes Detectors that:

    • Support anonymizing content, the content is anonymized, and sent
    • Do not support anonymizing content. The prompt is sent to the AI vendor, and the interaction is monitored

Was this article helpful?

0 out of 0 found this helpful

0 comments