Login

u/Timely-Dinner5772

▲ 4 r/AskNetsec

Why is AI visibility in the browser layer so hard?

we blocked chatgpt and a few others at the network level months ago, but most AI usage just moved into the browser. trying to get visibility there and running into the same issues over and over:

- extensions and sidebars (copilot, claude, random plugins) run client-side or through approved domains, so there’s nothing obvious to block  
- network logs don’t show much since traffic blends in with normal SaaS usage  
- CASB catches some standalone tools but misses local extensions and embedded features  
- chrome enterprise policies help a bit but don’t cover everything, plus users complain about performance  
- no clear way to see what’s being pasted into prompts or what data is leaving  
- devtools show some calls but not something you can realistically monitor across an org  

at this point we know usage is happening just don’t have a clean way to see it.

anyone figured out browser-layer visibility without killing performance or rolling out full endpoint agents. what are you actually running for this?

reddit.com
u/Timely-Dinner5772 — 4 days ago
▲ 2 r/shopify

Repeat visitors showing as new users?

I have been noticing this more and more, the same visitors keep showing up as “new” every time.

They come back to the site, browse again, even check the same products, but because cookies expire or get blocked, they are treated like a completely new user.

It messes up everything:

repeat visitors don't get recognized

flows dont trigger properly

segmentation becomes useless

Feels like were losing all context on people who are clearly interested.

reddit.com
u/Timely-Dinner5772 — 5 days ago
▲ 16 r/AI_Governance

Best AI visibility solutions for browser AI sessions in 2026?

We run these tools in the browser for internal work, and compliance started asking how we audit that usage.

We’re mid SOC 2 Type II prep right now and auditors came back last week asking for evidence of monitoring controls around AI usage. Not a policy doc, actual logs or records.

We have nothing. Not even session metadata.Tried pulling from the proxy, SIEM, CASB. All of it stops at the domain. Nothing shows what was in the session. bigger issue is we don’t even know what’s actually in use. anything outside SSO or managed apps just doesn’t show up for us

Hard to answer audit questions when there’s no record. what are you giving auditors when they ask for proof, like what does that evidence look like

reddit.com
u/Timely-Dinner5772 — 11 days ago