r/aisecurity

I work at a mid sized B2B tech company and management is pushing pretty hard for AI adoption.....

As a result - employees are now allowed to vibe code small internal tools for their own workflows, and we also have a small dedicated AI engineering team building AI into actual business processes.

From security standpoint this is starting to feel very messy.

People can now build little apps with Lovable, Replit whatever else (like they can connect docs, paste customer data, upload spreadsheets, create internal dashboards, build wrappers around ChatGPT or Claude)...

At first we tried to frame this as “which AI tools are allowed”, but we understood that it is too narrow pretty quickly because the bigger issue is where company data moves once someone is already inside a browser session.

Classic DLP feels too far away in some of these cases. Same with normal web filtering. They can tell me someone visited ChatGPT or uploaded something somewhere, but I’m trying to understand what happened inside the actual browser session.

Was sensitive data pasted into a prompt. Was a file uploaded to Claude. Was an internal tool exposed publicly because someone forgot auth. Was an AI wrapper extension reading page content. Was this done from a managed laptop or some contractor/BYOD machine.

I also really do not want to force everyone into a new enterprise browser unless there is no other choice. I know Island/Talon type tools can give deep control, but for our culture and user base that feels like a big change management project.

I’m trying to understand the practical options for GenAI prompt-level DLP / session-level DLP without overbuilding this thing.

From what I see, CASB/SSE/web filtering gives broad visibility but may miss browser session detail. Browser extension security can make sense if we can enforce it through MDM, but that gets weaker for BYOD and contractor access.

The other bucket we are looking at is agentless SSE / web session security, where the control is more around the access/session path instead of forcing a new browser or heavy endpoint rollout.

Red Access is one we are looking at there, mostly because it seems closer to session level DLP / secure web access than a full browser replacement. I’m not assuming it solves everything. There is still identity/routing/session enforcement somewhere. But the idea of controlling the session without making everyone switch browsers is appealing.

For people who already dealt with this, what did you end up using for GenAI data exfiltration prevention?

Did session level DLP actually help, or did you end up back at browser extensions / enterprise browser / blocking tools?

AI coding agents are starting to do more than suggest code: they can run shell commands, read local files, call tools/MCP servers, and modify config using the user’s permissions.

From a security point of view, I’m trying to think through where containment should happen. The risky part seems to be unsafe action before the human notices, not just bad advice.

For people working with coding agents:

What actions would you block by default?

Examples I’m thinking about:

• destructive shell commands
• access to secrets or SSH keys
• modifying security-sensitive config
• network calls to unknown destinations
• installing packages or running downloaded scripts
• MCP/tool calls with broad permissions

Also curious:

What false positives would make this unusable?

Is local pre-execution enforcement the right layer, or should this be handled by sandboxing, identity/permissions, audit logs, rollback/snapshots, or something else?