Browser-Based AI Tools: How To Reduce Data Leak Risks

getty

Browser-based AI tools can streamline workflows, making it much easier for employees to summarize documents, draft content and streamline daily tasks. However, without clear safeguards, sensitive company information can be exposed through prompts, file uploads or integrations employees may not fully understand. And since many of these tools are easy to access outside traditional IT oversight, it can be difficult to track and manage their usage.

The challenge for leaders is reducing the risk of exposure while helping employees continue to realize the daily productivity benefits of AI. Below, members of Forbes Technology Council share steps organizations can take to reduce the risk of data leaks through AI tools accessed via web browsers.

Proxy AI Access Through Internal Systems

Access to AI tools in an enterprise setting could be proxied through internal systems. Sensitive content can be tagged using intelligently trained models that can detect org-sensitive information. This could be really expensive, both in terms of cost and latency. But what’s costlier than frontier labs knowing your sensitive data? - Sriharsha Setty, Scalarity AI

Develop An Acceptable AI Use Policy

Start with an “Acceptable Use of AI” policy. Define approved tools, ban sensitive data (such as customer info, code and financials), and require review of outputs. Then enforce it: Train employees and require company-owned AI accounts only. No personal logins for work. This gives you control and visibility and reduces data leak risk. - Rob Black, Fractional CISO

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Combine Data Governance With Access Controls

One step cannot address this challenge. Adequate governance and protection of data is needed, as well as strong access controls. Governing data starts with standards, classification, nonproliferation, disposal enforcement and so on. Then comes the protection through various channels, from the web to APIs. Excessive access is usually the root cause of data leakage. - Aman Raheja, HPE

Provide Enterprise Versions Of Approved AI Tools

Gain visibility into all the tools employees are using and what they’re using them for. Avoid shadow AI by providing enterprise versions of approved tools, and respond quickly when new ones emerge. Use warning banners that educate and point to better alternatives when you suspect shadow AI. Save interventions for the small percentage who repeatedly expose genuinely sensitive data. - Alastair Paterson, Harmonic Security

Classify And Govern Your Data

Data leakage has been the OG of all security nightmares since the internet became a thing. AI just made it faster and cheaper to do damage. The endgame is data protection. When properly classified and governed, data does not become dangerous because an employee has opened a browser or used an unsanctioned tool (that’s a different fight). Own your data. Everything else is noise. - Sumera Riaz, Telarus

Dynamically Monitor User-Data Interactions

Our research shows that 56% of IT and security professionals are concerned about unintentional data leaks via GenAI tools like ChatGPT. Securing modern egress channels demands dynamic monitoring of user-data interactions. To reduce risk, organizations should deploy modern integrated data loss prevention and insider risk management solutions focused on user behavior, intent and context. - Michael Xie, Fortinet

Implement A Security-Focused Browser

The browser remains the primary workforce-to-AI interface, but AI usage remains opaque. At a bare minimum, start with a security-focused browser solution that provides observability and control over models, data and AI governance policies. Once you understand how users interact with AI, you can apply appropriate controls without disrupting adoption. - Cody Pierce, Neon Cyber Inc.

Govern AI-Delegated Access To Data

Govern delegated access to data, not just direct access. When employees use AI tools in browsers, those tools act on their behalf, inheriting their permissions to sensitive data. Organizations must extend identity governance to this delegated layer: who can access what through which tools and under what conditions. The risk isn’t that employees explore AI; it’s that AI inherits trust it never earned. - Jagadeesh Kunda, Oleria Corporation

Use Real-Time DLP Controls

Implement DLP controls that detect and block sensitive content in real time across any browser-based AI tool. Allowlist approved platforms so employees aren’t wandering into unevaluated tools, and reinforce both with AI-specific training. It’s not a dramatic overhaul. It’s applying proven security fundamentals to a new surface area. The layered approach controls the technology and the behavior. - Shane O’Donnell, Centric Consulting

Enforce Browser Isolation For AI Tools

Remote browser isolation runs AI tool sessions in a sandboxed cloud environment, preventing data from being copied, downloaded or exfiltrated locally. It matters because employees can still work productively, but the organization controls what leaves the session, cutting off the most common accidental leakage path without blocking access entirely. - Michael Flickinger, Bizowie

Map Data Pathways Before Building Guardrails

You can’t secure what you can’t see. Most AI data leaks happen in “shadow workflows” between browsers and legacy systems. Visualizing the literal path of sensitive info can help you build surgical guardrails that protect data without killing productivity. Use process intelligence to map how work factually moves across your ecosystem. Security should follow the process, not fight it. - Kerry Brown, Celonis

Offer Sanctioned AI Tools Before Banning Others

Give employees a sanctioned AI tool before banning the others. Blocklists push usage to personal accounts and phones, where no one can see what data is going in. Organizations should offer an enterprise AI option with clear data protections, then pair it with browser-level controls that flag sensitive content leaving approved channels. Safe defaults beat strict policies. - Nitin Agarwal, Luminace

Redact Sensitive Data At The Browser Layer

Assume the leak has already happened, and then design backward. Most firms block tools and call it “governance.” Employees route around blocks within a week. The smarter move is a browser layer that redacts sensitive data before it reaches any AI prompt, regardless of which tool is used. Control the input, not the application. You cannot police curiosity, but you can sanitize what leaves the building. - Sarah Choudhary, Ice Innovations

Use Enterprise APIs With Zero-Retention Agreements

Provide secure, easy-to-use internal tools. One way to do this is to use a mix of enterprise cloud APIs with strict zero-retention and no-training agreements for general tasks and self-hosted open-source models to keep sensitive data on-site. A security gateway can then direct prompts to the appropriate model based on data sensitivity, giving employees a safe and convenient way to use AI at work. - Konstantin Klyagin, Redwerk

Minimize Data Access Before AI Interaction

One step is enforcing data minimization before AI interaction. Most controls focus on blocking data at the browser, but risk starts earlier—when employees access raw, sensitive data. Organizations should provide sanitized, role-based data views so AI tools are used on safe inputs, reducing leakage risk at the source. - Arun Goyal, Octal IT Solution LLP

Deploy Local Token Obfuscation

As an AI researcher, I advise deploying local token obfuscation. Instead of futilely blocking external LLMs, deploy small on-device models that intercept and mathematically anonymize sensitive entities before the prompt ever leaves the browser. This lets employees leverage frontier AI while keeping proprietary data physically contained. - Dhyey Mavani, Amherst College

Establish Role-Based Prompt Permissions

Establish role-based prompt entitlements that restrict what categories of data each employee can include in AI interactions based on their access profile. Instead of blanket controls, prompts are validated against role context before submission. This reduces overexposure risk by aligning AI usage boundaries directly with the least-privilege principles already defined in the organization. - Jagadish Gokavarapu, Wissen Infotech

Capture Prompt Content In Auditable Logs

Most monitoring tells you which AI tools employees opened. That is the wrong layer. You need visibility into what they actually pasted in. Capture prompt content in an auditable log the same way you would treat outbound email. The point is not to police every query. It is to know what walked out the door when something does go wrong. - Marc Fischer, Dogtown Media LLC

Use Synthetic Twins For ‘Prompt Mirroring’

Implement client-side “prompt mirroring” with synthetic twins. As employees type, the system instantly creates a privacy-safe synthetic version of the prompt (replacing real data with statistically equivalent fictional placeholders) that gets sent to the external AI tool. The original stays local and logged, delivering relevant answers with zero raw sensitive data exposure and no user friction. - Durga Krishnamoorthy, Cognizant Technology Solutions

Train Employees On Safe AI Usage

Beyond all technical limits, cybersecurity must include training. Organizations must raise awareness regarding the shortcomings of AI, share successes and failures, and make users understand that AI isn’t a friend. Otherwise, any technical solutions will fight against human ingenuity in circumventing the restrictions. - Kevin Korte, Univention