[June 02, 2026]

Push Security Launches New Browser Controls to Prevent Sensitive Data and Secrets Leaking Into Unsanctioned AI Tools

Push Security, the most powerful AI-native security tool in the browser, today launched a new set of browser-layer controls designed to prevent security incidents caused by sensitive data leaving the browser.

The new capabilities include file upload and download telemetry, with configurable monitor, warn, and block modes; visibility and control over clipboard actions; and automated app and domain categorization. Together these features give security teams real-time visibility and enforcement when intellectual property, source code, customer records, and other sensitive data move to unsanctioned AI tools, personal cloud accounts, and other high-risk destinations.

"The most common form of sensitive data exposure in the modern enterprise isn't a stolen laptop or misconfigured storage containers in the cloud," said Jacques Louw, chief research officer at Push Security. "Too often it's an engineer integrating an unsanctioned AI assistant with systems that contain source code and secrets, or a customer service agent dragging an exported customer list into a third-party AI tool.

"Each is a security incident in the making, yet none would generate a useful signal in endpoint DLP, CASB, or secure web gateway tooling, because the activity is happening entirely inside the browser session," Louw added.

The scale of the exposure is significant
The 2026 Verizon Data Breach Investigations Report found that 67% of GenAI users on corporate devices are accessing AI tools through non-corporate accounts. Push's own telemetry shows that 37% of file uploads to AI tools come from shadow accounts rather than approved organizational ones, meaning more than a third of the data being shared with AI is moving through accounts outside organizational data governance, retention policies, or basic security oversight.

"The first wave of AI risk was abstract - boards asking CISOs whether employees were using ChatGPT," said Adam Bateman, CEO of Push Security. "This new wave is more concrete. Sensitive data is flowing into AI tools through personal accounts with weak passwords, that often have no MFA, and little to no security oversight. This means they are one phishing attack away from compromise, and that's a security problem, not a governance problem."

New Push browser controls
The same browser telemetry and real-time control architecture that powers Push's threat detectionand identity security now extends to sensitive data exposure:

• File upload telemetry and blocking. Structured event feeds and blocking rules for file uploads, scoped by user group, browser profile, file type, file name, and destination. This stops sensitive documents, source code, or exported data sets from reaching unsanctioned AI tools, personal cloud storage, or other destinations.
• File download telemetry and blocking. The same visibility and control applied in reverse, governing what employees pull out of corporate SaaS, AI tools, and other destinations.
• Clipboard monitoring and control. Real-time visibility into clipboard copy and paste actions, with configurable Monitor, Warn, and Block modes. Regex-based rules flag sensitive data, such as API keys, personal access tokens, and PII at the point of submission, with telemetry forwarded to SIEM.
• Application categorization. Automatic classification of every app Push identifies across the workforce, with category-level blocking for unsanctioned AI tools, personal file sharing, and other risk categories.
• Domain categorization. An 89-category framework spanning personal file sharing, unapproved AI tools, adult content, gambling, and more, configurable by user group with in-browser policy banners and block pages.

Investigation telemetry, not just policy alerts
Enforcement-first AI governance tools record what they stopped. That works for compliance reporting, but the most consequential security events are often the ones that looked normal at the time, such as an approved AI extension that quietly expanded its permissions, or an OAuth consent that was technically permitted but should never have been granted.

Push collects telemetry for permitted events too, not just the ones that triggered a block, and forwards it as structured, context-enriched data to Microsoft Sentinel, Splunk Cloud, Datadog, Panther, Cribl Cloud, or any SIEM reachable by webhook.

"When a developer uploads a production dataset for testing, or a manager uploads a performance report, the security incident is happening inside the browser tab," said Louw. "Network tools see the destination. Endpoint tools see disk writes. Neither sees what was typed, uploaded, or pasted in the session."

Complementing the security stack you already have
Push complements existing DLP, SIEM, and SOC tooling rather than replacing it. Browser-layer enforcement sits alongside endpoint and network DLP, extending the visibility security teams already have into a new control plane.

Category-level controls give security teams a durable policy surface. Block, warn, or monitor responses can be applied to entire categories of apps and domains scoped by user groups, letting engineers use approved generative AI tools while restricting access for other populations, without managing per-URL rules.

These capabilities also run on Push's existing privacy-preserving architecture. Personal browsing is not monitored by default, plaintext credentials are never collected, and sensitive clipboard data can be redacted.

AI visibility and control is a feature, not a separate investment
The AI control problem and the browser threat detection problem share a root cause: Security-relevant activity is happening inside browser sessions that most tools cannot see.

A standalone AI governance tool monitors the AI apps you already know about and tells you whether someone violated a usage policy. But it has no visibility into the unsanctioned tools, personal accounts, and shadow identities where the actual risk concentrates, and it cannot tell you which identity was used, whether that account has MFA, or whether the data just landed in an account the security team has no ability to protect. That is the gap a browser security platform closes.

"AI visibility and control is a feature of the right browser security platform, not a separate solution," said Bateman. "The activity is already happening in the browser. The telemetry to see it, and the controls to act on it, belong there too."

Availability
File upload and download telemetry and controls (with monitor, warn, and block modes), clipboard monitoring and controls (with warn and block modes), and application and domain categorization are available now to Push customers. Push has also provided more details on the importance of AI visibility in the browser on its blog today.

About Push Security
Push Security is the secure enterprise browser extension for security teams. Founded by red team and blue team experts, Push combines high-fidelity browser telemetry, real-time control, and autonomous agents to stop advanced attacks, secure AI usage, harden identities, and prevent data loss - all from your users' existing browsers, no migration required. Push is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors. For more information, visit https://pushsecurity.com or follow @pushsecurity.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260602072519/en/

[ Back To TMCnet.com's Homepage ]