Overview
Users often interact with AI chat applications as part of their daily work, without fully considering the security, compliance, or data exposure risks involved. Completely blocking access to these tools can reduce risk, but it also removes the productivity benefits that AI-driven workflows provide.
The User Interaction Policy lets you control how users interact with AI chat applications by inspecting prompts in real time and responding when risky content is detected. Instead of blocking AI chats entirely, you can apply granular protections that help prevent sensitive data exposure, policy violations, and compliance risks while still allowing approved AI usage.
Using User Interaction Policies, you can block, anonymize, alert on, or monitor specific types of prompt content based on your organization’s security and governance requirements. This approach enables you to protect sensitive information and enforce AI usage policies without disrupting legitimate and productive use of AI tools.
Note: When you use the AI Security API Integration module, User Interaction Policies support monitoring actions only.
Prerequisites
TLS Inspection must be enabled at the account level for AI Interaction Policies to inspect AI traffic. If TLS Inspection is disabled for the account, User Interaction Policies don't inspect AI traffic.
User Interaction Policy rules inspect matching AI traffic based on the account-level TLS Inspection setting and don't require a specific TLS Inspection rule.
User Interaction Policy rules take precedence over TLS Inspection policies and inspect encrypted traffic even when a TLS bypass rule is configured for the application or destination.
Configuring User Interaction Policies
Before you create rules, enable User Interaction Policies for end users in the Cato Management Application.
To enable User Interaction Policies for end users:
From the navigation menu, select AI Security > User Interaction Policy.
- Enable the User Interaction Policy toggle.
To create an User Interaction Policy rule:
- From the User Interaction Policy page, click New.
- In the General section, configure the fields, for example, Name and Description.
- In the Source section, select the users or groups that the rule applies to, or leave Any to apply the rule to all sources.
- In the Applications section, select the AI applications that the rule applies to, or leave Any to apply the rule to all supported applications.
- In the Engine Profiles section, select the profile used to evaluate AI prompts.
-
In the Action section, select the action to apply when a prompt matches the content profile, such as Block.
If you are creating an API rule, the only action available is Monitor.
- (Optional) Select a Notification Template to notify users when the action is enforced.
- Click Save.
When a prompt matches the configured criteria, the selected action is enforced.
The User Interaction Policy supports the following actions for each rule:
- Block - the prompt is blocked, and no information is sent to the AI vendor
- Monitor - the prompt is sent to the AI vendor, and the interaction is monitored
-
Anonymize and Block - If the Engine Profile you selected includes Detectors that:
- Support anonymizing content, the content is anonymized, and sent
- Do not support anonymizing content; the prompt is blocked
-
Anonymize and Monitor - If the Engine Profile you selected includes Detectors that:
- Support anonymizing content, the content is anonymized, and sent
- Do not support anonymizing content. The prompt is sent to the AI vendor, and the interaction is monitored
0 comments
Please sign in to leave a comment.