Cyber Security

What is your strategy for securing "Shadow AI" endpoints within your corporate network?

ED Asked by Edward Norton · 28-01-2025
0 upvotes 6,791 views 0 comments
The question

We have a major problem with "Shadow AI"—employees using unauthorized LLMs or browser extensions that might be leaking sensitive proprietary code to public models. I’m looking for ways to block these without hurting the team's productivity. Has anyone implemented a "Corporate Proxy" for AI that logs all prompts and redacts sensitive info like API keys or PII before sending it to the cloud?

3 answers

0
SH
Answered on 10-04-2025

We faced this exact issue last year. We decided to stop fighting the "blocking" war and instead provided a sanctioned internal "AI Gateway." This gateway uses a Data Loss Prevention (DLP) layer that automatically scans every prompt for regex patterns matching our internal IP addresses, customer emails, and private keys. If a match is found, the prompt is blocked, and the user gets a notification about why. This way, the devs get the tools they want, and the security team gets the visibility they need. It’s a win-win that stopped people from trying to bypass the firewall.

0
PH
Answered on 15-05-2025

Sharon, that sounds like a massive undertaking to build. Did you buy an off-the-shelf solution for that DLP gateway or develop it in-house?

TH 20-06-2025

Philip, we actually started with an open-source tool called "LangChain" to build the basic proxy and then integrated our existing enterprise DLP rules. It took a team of two about a month to get it stable. Since then, we've seen a 90% drop in unauthorized AI traffic because the internal tool is actually faster and more context-aware than the public ones.

0
RE
Answered on 02-07-2025

We just blanket-blocked all AI domains and only whitelisted them for the R&D department. It’s a bit harsh, but it’s the only way to be 100% sure for now.

ED 15-07-2025

Blanked-blocking usually leads to people using their personal phones or VPNs to bypass it. The "Gateway" approach Sharon mentioned is much more effective in the long run.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

World globe icon Country: Canada

Book Free Session