The AI Security browser plugin lets you inspect and control how users interact with supported AI applications in the browser. You can use it to block prompts or anonymize sensitive content before the prompt is sent to the application LLM. This is useful for browser-based AI usage, primarily for managed devices that are outside your Cato coverage, such as contractor devices or environments that aren't always-on.
The browser plugin intercepts traffic from the supported AI application in the browser. It processes the payload, retrieves the prompt content, and sends it to the backend for inspection. Based on your policy, the plugin enforces the required action, such as blocking or anonymizing content, and shows a pop-up message to the user that provides more information about the action that was taken.
The plugin supports these enforcement actions:
- Block
- Anonymize
- Engage users
For both actions, the plugin modifies the user prompt and masks the relevant content before the prompt is sent to the application LLM.
ABC Company uses external contractors who work on managed devices, but their traffic doesn't always go through Cato. To reduce the risk of sensitive data exposure in browser-based AI applications, you go to the AI Security > Browser Plugin page and follow the instructions to deploy the plugin with Microsoft Intune.
After the plugin is deployed, it enforces the AI Security policy you configured, and inspects prompts submitted in the browser before content is sent to the application LLM. You can block prompts or anonymize sensitive content, and users see a popup message that explains why the action was taken.
The Browser Plugin supports the following browsers:
- Google Chrome
- Microsoft Edge
- Chromium-based browsers
Prerequisites
- To enable communication between the browser plugins and the service, allowlist the TLD catonetworks.com in your third-party SASE solution, such as Zscaler.
Use the AI Security browser plugin when you need browser-based protection for supported AI applications on managed devices that aren't covered by Cato. This is helpful for external contractors and other users who access AI tools in the browser from devices outside your standard Cato enforcement path. It is also useful for organizations that don't enable Always-On and need an additional way to reduce AI security risk.
Use the browser plugin when users access supported AI applications in the browser on managed devices that are outside Cato coverage.
Use the Cato proxy when traffic already goes through Cato, and you want broader enforcement for traffic beyond browser-based AI usage.
0 comments
Please sign in to leave a comment.