Stop data leaks to AI in the browser.

Most AI use happens in a browser tab your security team never sees. Bastion catches sensitive data on paste, upload, and prompt, before it reaches ChatGPT, Claude, or any of a thousand web AI tools.

[Problem]

The browser is where the company actually works.

Tools that watch only agents miss the surface where most leaks happen: a chat tab, a personal login, a quick paste of customer data.

01

Employees paste sensitive data.

Customer records, internal docs, and source code go straight into ChatGPT, with no warning and no record.

02

Personal accounts bypass everything.

A personal ChatGPT or Claude login sidesteps every corporate control and sends company data to a consumer account.

03

Shadow AI you have never inventoried.

Dozens of web AI tools are in use across teams, and no survey will ever catch them all.

[How it works]

Catch it on the page, before it sends.

Bastion governs the browser through the same on-device proxy as the rest of your AI surfaces, so protection follows the user, not the tool.

Inline DLP on the page

Block or redact secrets, PII, and source code on paste, upload, and prompt, before the data ever leaves the browser.

Shadow AI discovery

Auto-inventory every web AI tool your team uses through behavioral analytics. Identify 1,000+ AI services and sort sanctioned from unsanctioned.

Personal vs. company accounts

Keep company data on company accounts. Steer users to sanctioned logins and block personal AI accounts on managed devices.

Real-time alerts

Get notified the moment a new web AI tool appears or a risky upload is attempted, and hold it until you approve.

[Discovery]

See every AI tool in the browser.

From the obvious chatbots to the niche tool one team adopted last week, Bastion maps the full picture of browser AI use across the company in hours, not months of surveys.

ChatGPT
modelChatGPT
DeepSeek
modelDeepSeek
Hermès
agentHermès
Claude Code
clientClaude Code
mcprogue-db-mcp

[Trust]

Works everywhere. Leaks nothing.

Privacy by design

Detection runs locally in the browser. Nothing leaves your network by default, and logging is opt-in.

  • >Detection engine runs locally on the endpoint
  • >Nothing leaves your network by default
  • >Request and response logging is opt-in
  • >Your intellectual property stays yours

Deploy with any MDM

Push browser protection to every endpoint in your org instantly through Jamf, Intune, Kandji, or any MDM.

  • >Fleet-wide deployment in minutes
  • >One-click install and removal
  • >No manual setup per device
  • >Coexists with your VPN and DNS proxy

Managed and current

Our threat intelligence team keeps detections current as new web AI tools launch every week.

  • >New AI tools detected as they emerge
  • >Configurable actions: block, redact, warn, or log
  • >Custom data patterns and regex rules
  • >Evidence mapped to ISO 27001, ISO 42001, EU AI Act, and SOC 2

[FAQ]

Frequently asked questions

It is configurable. Detection runs locally, so by default nothing is stored or transmitted to our servers. You decide whether anything is logged, so you can keep it fully local or enable an audit trail when you need one.

Your choice. You can block personal AI accounts on managed devices outright, or allow them while redacting and blocking only sensitive data. Most teams redact rather than block, so work keeps moving.

Fleet-wide through any MDM, with one-click install and removal. There are no network changes and it coexists with your VPN and DNS proxy.

Behavioral analytics detect new AI services as they appear, and our threat intelligence team ships detections continuously. A brand-new tool is flagged and held until you approve it.

[Coverage]

One proxy. Every surface.

This is one of four layers in Bastion's AI governance module. Explore the rest.

[Get Started]

Find the AI hiding in your browser tabs.

Get a full inventory of browser AI use in hours, then switch on the DLP and account controls that matter most.