Browse Docs

Enforcing AI Protections for ChatGPT

In this document

Overview
How it works?
Configuration
Blocking Fat Clients

Overview

DefensX AI Protections are a security feature designed to prevent the unauthorized sharing of sensitive commercial data with generative AI services like ChatGPT. This is critical because some AI services, including ChatGPT, have a default setting that allows them to use user-submitted data to "Improve the model for everyone." This default setting can expose confidential company information.

How it works?

ChatGPT doesn’t offer a built-in method (like a DNS or HTTP header) to control its data-sharing settings. Because of this, DefensX uses a browser-based approach via its extension. The extension can access the web page’s content and check the data-sharing setting during each ChatGPT session. If the setting is on, the extension will block all requests to ChatGPT until the user manually turns it off. This ensures that no data is shared with the AI model without the user’s explicit consent.

Note: The user is responsible for changing this setting. DefensX cannot automate this action but provides a clear error message to guide the user.

Configuration

Tip	DefensX AI Protections feature is available for CORE+ and higher packages.

You can enable it by navigating to Settings → AI Protections and turning on the feature. Changes may take up to 5 minutes to take effect due to caching.

Blocking Fat Clients

To ensure comprehensive protection, it’s important to block access from "fat clients" or any browsers that don’t have the DefensX extension installed. This is achieved by using DefensX Web Filter policies.

Create a restrictive policy: Create a web filter policy that targets Agent DNS and Cloud DNS (not browsers). This policy should be set to block the Artificial Intelligence category or a custom URL group containing *.chatgpt.com. This policy should be configured to execute before other, more permissive policies. This effectively blocks ChatGPT at the DNS level for all devices without the DefensX extension.
Create a permissive policy: Create a subsequent policy (or use the existing Default policy) that allows access to ChatGPT, perhaps using a custom URL group.

How it works together:

Users with the DefensX extension: When a user with the extension tries to access ChatGPT, the web request is processed by the later, more permissive policy, bypassing the restrictive DNS-level block. The extension then takes over, enforcing the data-sharing controls.
Users without the DefensX extension (fat clients): These users will be blocked by the initial, restrictive DNS-level policy, preventing them from accessing ChatGPT and potentially sharing sensitive data.

Knowledge Base

Browse Docs

Introduction

Management

Deployment

Secure Access (ZTNA)

Integrations

Policy Management

Questions & Answers

Training Videos

MSP Automation