Browse Docs
ONLINE DOCUMENTATION
|
||
Managing AI Tool AccessIn this document
AI web and desktop applications can be blocked and managed directly through DefensX, giving your organization granular control over how and which AI tools are accessed across your environment. Depending on your organization’s security requirements, DefensX supports multiple approaches to managing AI application access. You can choose the method that best fits your policy needs. Two common configuration examples are provided below for reference.
Method I - Block All AI Tools While Allowing Specific Ones in the Browser (Recommended)Navigate to Custom URL Groups and create a new group. 
Add the following domains:
Go to Policy Management → Policies and create a new policy. 
Select all Policy Targets (Browser, Agent DNS, Cloud (Anycast) DNS). 
In the Web Filter tab and set the Computing/Technology - Artificial Intelligence action to Block. 
Then, create another policy and select only Browser as the Policy Target. 
Set the Custom URL Group action to Allow in the Web Filter tab. 
This method allows you to block all AI tools across all policy targets (Browser, Agent DNS, Cloud (Anycast) DNS), while allowing access only to the specific AI tools (Chat GPT & Claude) defined in the Custom URL Group through the browser. Please keep in mind that this method will also block any built-in CoPilot capabilities for Word, Excel, Powerpoint, etc. Fat clients. Method II – Block Specific AI Desktop Applications While Allowing Others in the Browser and Desktop AppsFollow the first two steps in Method I. Go to Policy Management → Policies and create a new policy. Select Agent DNS and Cloud (Anycast) DNS as the Policy Target. 
In the Web Filter tab and set the Custom URL Group action to Block. 
In the Default or following policy, please make sure the Default Action or Artificial Intelligence Category is set to Allow in the Web Filter tab. With this method, you can block only the specified AI desktop applications (Chat GPT & Claude) while allowing access to other AI tools across all policy targets (Browser, Agent DNS, Cloud (Anycast) DNS). Once the allow/block configurations are completed, you may further tighten and optimize enforcement by applying the following steps either individually or in combination. Disable Data Sharing for Model Improvements (Needs minimum Core+ SKU)You can control whether data from sessions is used to improve the models. Navigate Management → Settings → AI Protections. 
Enable the relevant protections for ChatGPT and Claude. 
For more information, refer to the AI Protections articles. Apply PII Restrictions on Browser Prompts (Needs minimum Core+ SKU)You can restrict the content users are allowed to submit as prompts in the first place by applying PII rules. Navigate Policy Management → Policies → PII Rules. 
Create keyword rules for specific restricted terms. 
Create regex rules for sensitive data patterns (e.g. credit card numbers, social security number). 
Open the relevant policy and activate the PII Protection. (For Method 1 you can enable PII in the policy where you are allowing access through browser and for Method 2 you can set the action for that Custom URL Group in the Default Policy as Allow and enable PII rules.) 
For more information, refer to the PII Protection article. Enable Prompt Logging (Needs minimum Premium SKU)You can also enable full visibility into what users are submitting by activating prompt logging. Navigate to Management → Settings → LLM Prompt Logger. 
Activate the AI Prompt Logger. 
For more information, refer to the LLM Prompt Logger article. |
||