Lasso Security Data Protection Tool Aimed at GenAI Applications – Source: securityboulevard.com

Lasso Security has released a custom policy wizard designed to help companies prevent data and knowledge leaks when they use Generative AI (GenAI) tools and applications. The platform emphasizes contextual data protection (CDP) and it integrates with Lasso’s browser extension and secured gateway.

Unlike traditional pattern-based policies, CDP allows users to tailor data protection measures based on contextual cues, such as recognizing unauthorized topics or inflammatory words.

The wizard is designed to be user-friendly. It requires no coding or data science expertise, Lasso Security says, enabling policy creation through free-form language. The wizard creates a new custom policy that is immediately effective across the organization.

Among its key features are intuitive policy creation and adaptive protection to keep up with the evolving GenAI landscape. The browser extension covers all the organization’s employee touchpoints with GenAI applications on the web.

The company’s secured gateway protects organizations’ internal applications, whether they are intended for internal use (such as employees’ enterprise search) or external use (a website support chatbot). The gateway protects both outgoing requests and incoming responses.

Once the wizard creates a custom policy, it can be enforced on the organization’s applications. “The extension and gateway provide full protection both for the employees and for the organizational applications and models and the custom policies are applicable to both,” explained Ophir Dror, chief product officer at Lasso Security.

Data Protection in the GenAI Era

In the era of GenAI, traditional data protection mechanisms are no longer sufficient, Dror said. CISOs face mounting pressure as complexities surrounding the implementation of GenAI and AI technologies emerge.

Structured data (such as personally identifiable information (PII) or credit card information) is still a concern. However, a new issue is now emerging: knowledge leakage.

Employees of all departments now work with large language models (LLMs), willingly or unintentionally, and they are sharing the company’s knowledge with third parties and those organizations’ AI models.

“Once organizational data leaves the organization, it is gone forever. You don’t have the ‘right to be forgotten’ nor any idea where this data is going to end up,” Dror said. “To solve this emerging problem, we completely shifted how we look at data protection.”

That means no more patterns or pre-defined regular expressions (regexes)—established patterns that are used to match strings of text in a specific, predictable way.

“We are looking to protect the organization’s knowledge and, for the first time ever, we are going to use context,” Dror said. “The real threat is in unstructured data, the kind of problem that requires data scientists and developers to solve.”

For example, imagine the head of security at a major retail brand who wants to create a policy to forbid its designers from sharing images or discussing the future designs of its shoe line. “In a matter of seconds, our AI engine will create and enforce a new policy across all of your employees’ touchpoints with GenAI, forbidding them to leak your most precious assets, while still allowing them to be productive and do their job,” Dror said.

Intuitive Interface, Specific Use Cases

The policy creation is designed to be intuitive: Users write a short sentence in English and the wizard takes care of the rest.

Behind the scenes, a process of enhancement and validation takes place, allowing users to make rapid corrections and fixes if needed. “We also employ exceptions to provide our customers with support for their edge cases within the policy,” Dror added.

The wizard is already used by some of Lasso’s early adopter customers. “A lot of the use cases we see are around the core business of those customers, areas where their most sensitive knowledge is,” Dror said. “A company can now go beyond blocking PII to understanding the context of the conversation and enforce protection around sensitive business flows while letting their employees use the advantages of GenAI.”

Dror noted the world of GenAI is moving faster than anything that has been seen before, which has led Lasso to strengthen policy creation mechanisms and enhancing the platform through building proprietary models. “The AI revolution we now experience is as big as the cloud,” he said. “We expect the advancement of GenAI in combination with the huge adoption to create new and dangerous attack vectors.”

Photo credit: Scott Rodgerson on Unsplash