The new AI web filtering category enhances visibility, strengthens data protection, ensures compliance, and promotes the use of in-house AI tools, helping organizations control access, mitigate data leakage risks, and meet regulatory requirements.

Hi there, I’m Dimitra, and I’m here to talk about something that we've recently rolled out – a new AI category in our Secure Web Gateway (SWG) service.

You might be wondering, “What does that mean, and why is it important?” Well, let me break it down for you.

What is the AI category?

In a nutshell, this new category is designed to filter websites that provide artificial intelligence (AI) resources, platforms, applications and AI-driven services. It includes a broad range of Al applications such as chatbots, like ChatGPT, content creation tools for text, images and videos, as well as code generation.

Figure 1: Policies for URL Filter are of the type “deny or allow”.

It’s an important category to add because we’re seeing AI tools pop up everywhere, and many of them can have sensitive implications if not properly managed.

Why did we introduce this category?

You might be curious about what triggered the introduction of this new AI category. The main catalyst was a combination of the growing importance of AI in today’s digital landscape and customer feedback. We started receiving requests from our customers asking for a way to control and monitor AI tool usage. Given how fast technology evolves, it became clear that we must stay current with the latest trends. Adding the AI category aligns with current trends in technology and data security, and it addresses a key need in the industry today.

What does it mean to implement a new category?

It might sound simple, but here’s how we actually do it.

We didn’t come up with this category on our own. We partner with a URL categorization vendor that specializes in grouping websites into categories based on their content. This vendor provides us with categories that we then further moderate internally to ensure they fit the needs of our customers. As soon as the AI category was introduced, we found it essential to support it as part of the URL filter categories of the Secure Web Gateway.

Introducing a new URL filter category means redefining how websites and resources are categorized, which requires a careful, step-by-step approach to ensure a smooth transition. A key consideration was updating policies to seamlessly integrate into the system, minimizing disruption and avoiding unexpected policies changes or blocking critical tools.

From a tech perspective, this is what it meant for us:

• Come up with a mechanism to update the existing URL Filter policies for all user groups of our customers
• Roll out the update in suitable windows globally at all locations

The tricky part: minimizing disruption

One of the trickiest parts of introducing this new AI category was ensuring that we didn’t disrupt our customers’ operations. Our aim was to update the policies so customers wouldn’t even notice the difference and could just get on with their business as usual.

My team analyzed and discussed the mapping of the AI websites so that they would match the existing customer policy scenarios as closely as possible after the migration. It meant gaining more understanding about AI resource categorization, and what it actually means, and we made sure to do so in collaboration with the URL categorization vendor. Most of the AI sites were previously mapped to categories that are mainly allowed by most companies’ existing policies. We needed to be mindful of that.

The solution? We introduced the new category as “allowed” by default , except for deny-all policies where the category was introduced as “deny”, but we also made sure customers could adjust the settings according to their needs.

There are different ways to approach restrictions :

• Deny all and allow per case: The aim of these policies is to be intentionally restrictive. Many customers typically use them for machines that must not have general Internet access. Customers can further control access with exclusion lists.
• Allow all but restrict per case: The aim of these policy groups is to be less restrictive. Customers can further control access with block lists.
• Mixed policy: A combination of the previous two approaches. Customers can further control access with exclusion and block lists.

Figure 2: Self-service for controlling access by using block lists (i.e. deny) or exclusion lists (i.e. allow) in addition to 24x7 support by Mission Control.

“For us, it is important to deploy something so smoothly that customers don’t even notice the difference, ensuring they experience only the added value without disruption.”

Before rolling it out, we made sure our Technical Account Managers (TAMs) reached out to customers to inform them about the new category – as they deemed necessary from their knowledge of each environment, policy volume, granularity and complexity. We wanted to ensure there wouldn’t be any surprises when the policy changes happened.

The value for Open Systems customers

So, where do I see the most value for our customers? There are several key benefits:

Increased visibility: The new category gives customers more insight into how much traffic is being generated towards websites that are categorized as AI tools in our service statistics. This makes it easier for IT teams to monitor usage and understand the flow of data toward these AI platforms.

Data protection & leak prevention: A big concern with AI tools is the potential for data leakage. Employees might unintentionally input sensitive company data, proprietary code, or customer information into AI models. For example, using it to request a diplomatic reply to a confidential email, or deliver meeting minutes, or even analyze company source code. All of a sudden, an employee might realize that customer information has slipped into that global AI cloud. This also includes translation of confidential reports, memos and emails.

With the AI category, organizations can control access to AI tools by setting blocking policies for all or specific groups of employees. This helps mitigate the risk of sensitive data being exposed through AI applications.

Compliance and audit support: With stricter data protection laws in place globally, it’s crucial for companies to make sure that no sensitive data is shared with external AI services. The new category helps organizations enforce compliance and meet their audit requirements.

Promoting in-house AI tools: For organizations that have developed their own internal AI tools, this category can help encourage employees to use these tools instead of external services. It supports the use of sanctioned, trusted solutions within the company.

How Mission Control handles operations

In terms of ongoing management, Mission Control plays a critical role in helping our customers adapt to the new category. The team is responsible for adjusting policies for the AI category, as well as excluding or blocking certain websites as needed.

And if you prefer a more hands-on approach, the self-service options are available for customers to manage this process themselves. In general, we see that Artificial Intelligence tools are mostly allowed (unless they are part of a “deny all” policy), which is not surprising because businesses find them useful. But there are cases where it makes sense to block AI websites, and that is exactly what we see our customers doing.

A really good job when customers don’t notice

The addition of the AI category to our Secure Web Gateway is a significant step in helping organizations stay ahead when it comes to managing new technologies. As AI continues to grow, it's vital for businesses to have the right tools in place to protect their data, comply with regulations, and maintain control over the resources that their employees’ access. With this new category, we’re giving customers the visibility and control they need to manage this evolving technology securely.

All in all, introducing a new URL category is not just technical work, but a lot of it is about the thought process behind it, and knowing how it will impact customers. Then making decisions about how to make the transition smooth in operations, and to ensure that customers’ environments stay safe after changing configurations. We know that we’ve done a really good job when our customers don’t notice anything at all.

I’m eager to see how this will help our customers and how we’ll continue to innovate as technology evolves. If you’re interested in learning more, don’t hesitate to reach out to our team!