GenAI adoption in the enterprise is no longer experimental. Daily use has grown by nearly 60% in just one year, and weekly use has tripled in the past two, according to Wharton research. But employees are embracing AI faster than security teams can keep up.
Traditional security tools weren’t designed for the full visibility and granular controls needed to secure GenAI use in the browser, where employees spend more than 80% of their workday. Every new browser-based GenAI app an employee adopts is a potential blind spot in terms of visibility, compliance, and data control. As the perimeter moves to the browser, the focus of security must follow.
What security teams can’t see
Many security platforms can see established apps such as ChatGPT and Gemini because vendors offer built-in integrations. But new GenAI applications are entering the market daily, and employees are not waiting for security tools to catch up.
More than three-quarters of AI users bring their own AI tools to work. These shadow AI tools that security teams can’t see, track, and control are now responsible for one-fifth of data breaches, according to IBM’s 2025 Cost of a Data Breach Report.
Traditional data security tools that often rely on network-level scanning don’t provide granular visibility into browser activities. For example, a traditional data security platform may have a hard time detecting activities such as:
- Employees directly pasting or uploading sensitive or proprietary data into a new, emerging GenAI app
- AI copilots accessing assets such as email and documents
- Employees using personal rather than company accounts on GenAI platforms
The consequences of these blind spots go beyond data privacy. Regulators worldwide are paying attention, introducing new requirements for how organizations govern data that’s used in AI tools. Adapting to these compliance requirements requires audit trails, forensics capabilities, and session recordings that traditional data security tools may not be able to provide comprehensively.
High-accuracy data control: the missing link
Visibility only solves one part of the challenge. Controlling sensitive data leakage is the next critical step. To ensure these controls don’t hinder productivity and avoid falsely blocking legitimate use, the control actions must be highly accurate and driven by context, and allow just-in-time approvals for unforeseen scenarios.
Traditional tools such as network security can’t see the data being shared until it’s already in the network and entered into the AI tool. They are also blind to encrypted data. Putting data security in the browser solves this challenge. The browser can block sensitive data in the prompts before it’s submitted to the GenAI and enables just-in-time submissions. Prompts can also be monitored for inappropriate topics and risky content, and responses can be blocked in real time.
How does this look in practice? Let’s say you run a startup whose entire value is built around proprietary code. Your engineer wants to refine the code and uses an unvetted GenAI coding assistant that just hit the market. With a purpose-built secure browser with built-in enterprise DLP, the engineer can use the coding assistant. But the moment the browser detects the attempt to paste sensitive proprietary code, it blocks it before the intellectual property can leave the browser.
Enhancing data protection with a secure browser
IBM’s report found that 61% of breached organizations don’t have AI governance technologies. As shadow GenAI continues to surge, secure browsers are emerging as a new control point to protect AI data interactions. These tools, such as Palo Alto Networks’ Prisma Browser, embed enhanced security features directly into the browser. Secure browsers give security teams what traditional tools can’t: visibility into every GenAI interaction, granular control over user actions, and the audit trails needed for compliance.
New security tools are only as good as their adoption. That’s why high-accuracy data detection and classification are paramount. Prisma Browser, for instance, includes more than 1,000 pre-defined data classifiers out of the box, reducing the manual work of defining sensitive data types and greatly improving the speed of implementation. And because detection happens at the browser level with full context, false positives are significantly reduced by Palo Alto Networks’ enterprise DLP, which has a 10x lower false positives rate compared to traditional DLP solutions. Employees can work freely, and controls only kick in when it matters.
Getting ahead of the risk
GenAI has reached mainstream adoption faster than any previous technology, including smartphones and the internet. This rapid pace extends into the workplace. It means even more unsanctioned GenAI apps and greater security risks. And threat actors are taking advantage of these trends: The browser is now a primary point of attack.
GenAI runs in the browser, and that’s where data moves and risk lives. Security leaders who act now can close the gap and avoid falling farther behind the threat.
Discover how Prisma Browser enables your organization to stay in control as GenAI adoption grows, without sacrificing productivity.
