This blog post is part of a three-part series that explores why companies are choosing Proofpoint Data Security solutions. It focuses on the unique challenges of various industries when it comes to keeping data safe.
When it comes to adopting generative AI (GenAI) tools, organizations can face significant data loss risks. While many business teams want to adopt tools like ChatGPT, Microsoft Copilot and Google Gemini, security teams may not be ready for the added risk. After all, it’s easy for users to inadvertently expose sensitive data and intellectual property (IP) to AI copilots. Many organizations simply lack governance processes and robust data controls to stop them.
In this blog post, we’ll take a look at how one major U.S. retailer safely adopted GenAI tools by using Proofpoint Data Security and ZenGuide to enforce its acceptable AI use policies and protect its data.
Lack of AI governance puts source code at risk
E-commerce is a big part of this retailer’s business. As a result, it relies on internally developed code to support its operations. Recently, the company’s senior manager of data protection and governance was dismayed to discover that software developers were using GenAI tools in ways that exposed sensitive source code and passwords. He also saw that business teams were using tools like Grammarly and ChatGPT to develop content.
To address the risk of data loss, they started to block access to these tools via the company’s secure web gateway (SWG). However, after the security team and business stakeholders discussed the issue, they decided that a more comprehensive approach was needed. That’s how the company’s AI governance project started.
Empowering the workforce with safe GenAI practices
The company wanted to protect its data from being exposed through GenAI tools. It also wanted to maintain its business agility. To do both, the security team implemented the following measures using Proofpoint Data Security, ZenGuide and a third-party SWG:
- Blocked access to unapproved GenAI tools. The team created SWG rules to block general access to a Proofpoint-curated list of over 600 GenAI sites, including ChatGPT, Microsoft Copilot, DeepSeek, Google Gemini, Claude and more. Individual-level exceptions were made after the team spoke with business unit (BU) leaders one-on-one.
- Trained users on GenAI security. A security training and awareness program was launched in collaboration with the legal and HR teams to teach employees about proper GenAI usage. Only users who had completed their Proofpoint ZenGuide training were granted access to GenAI tools.
- Monitored AI prompts. Proofpoint Endpoint DLP and browser extension was used by the team to monitor user and data activity across a list of GenAI sites, which was curated by Proofpoint. If developers did not follow their training or they misused the tools and exposed proprietary code or passwords, alerts were generated and BU leaders were informed.
- Identified the people using GenAI tools. Proofpoint People Risk Explorer was used by the team to understand how employees, business units and other groups were using GenAI tools. This dashboard allowed the Data Protection manager to easily point out risks to BU leaders such as when employees were entering large amounts of data into AI tools or using them without the proper training.
- Identified shadow AI applications. Proofpoint CASB was used by the team to monitor and control OAuth authorizations for unauthorized or risky shadow AI applications like Grammarly.
Balancing innovation and security
Proofpoint provided this retailer with both technology and expertise. As a result, it was able to realize the business benefits of GenAI tools while also minimizing risks to its data security. By combining visibility, training and targeted controls, Proofpoint ensured that GenAI tools were adopted safely and effectively.
Learn more
To find out how other companies are using Proofpoint to protect their sensitive data from risky users, read the other blogs in this series:
- Why a Global Services Company Chose Proofpoint Over Microsoft
- A Chemical Company Had a Microsoft Data Security Problem—Here’s How Proofpoint Fixed It
Want to stop employees from putting your data at risk with GenAI tools? Learn how Proofpoint data security technologies can help you ensure acceptable use of GenAI.
