Bifrost Edge

Governing AI in the Browser: ChatGPT, Claude.ai, and Beyond

Governing AI in the Browser: ChatGPT, Claude.ai, and Beyond
Bifrost is the AI gateway and policy engine for governing AI in the browser, with Bifrost Edge extending those controls to ChatGPT web, Claude.ai, and beyond.

Most enterprise access to generative AI now happens inside the browser. Menlo Security's 2025 research found that roughly 80% of generative AI usage reaches tools like ChatGPT through a web browser, which is also where sensitive data most often leaves the company. Governing AI in the browser is the part of an AI governance program that is hardest to reach: a security team can route its own applications through a gateway, but it has no control over what an employee types into chatgpt.com or claude.ai on a managed laptop. Bifrost, the open-source AI gateway built in Go by Maxim AI, is the control plane where AI policy is defined and enforced, and Bifrost Edge extends that same governance to the browser on every machine. This post explains why browser AI is so difficult to govern and how the AI gateway and Bifrost Edge bring ChatGPT web, Claude.ai, and other browser AI surfaces under the policies you already run.

Why Browser AI Is the Hardest Surface to Govern

Browser AI is hard to govern because the traffic never touches the systems a security team controls. When an employee opens claude.ai or chatgpt.com and pastes in a contract, a customer record, or a block of source code, that request goes straight from the browser to the model provider. No gateway sees it, no audit log records it, and no guardrail inspects it.

This is the core of the shadow AI problem, and the numbers show how widespread it is. A 2025 report covered by eSecurity Planet found that 77% of employees paste data into generative AI prompts, and more than half of those paste events include corporate information. IBM's 2025 Cost of a Data Breach Report, summarized by Forcepoint, found that breaches involving shadow AI cost organizations an average of $670,000 more than other incidents.

Three properties make the browser the most difficult AI surface for traditional controls:

  • Personal accounts bypass corporate identity. Employees sign in to consumer AI tools with personal accounts, so the usage never appears in enterprise SSO or sanctioned-app inventories.
  • The data exfiltration vector is a paste, not a file. A pasted prompt is not a download or an email attachment, so file-based data loss tooling does not see it.
  • The surface keeps changing. New browser AI tools appear constantly, and an allow-list written one quarter is incomplete the next.

The result is a governance gap that sits in the center of the organization, not at its edge. Closing it requires bringing browser AI under the same endpoint AI governance that already protects sanctioned traffic.

How Teams Try to Govern Browser AI Today

Most organizations reach for one of three existing approaches, and each leaves a meaningful gap when applied to AI in the browser.

  • Network proxies and DLP. Inspecting traffic at the network layer can flag some AI domains, but it struggles with encrypted sessions and cannot reason about prompt content. It also breaks down for remote employees who are not on the corporate network.
  • Browser extensions. Extension-based controls can watch a specific browser, but they only cover the browsers and profiles they are installed on, and determined users can switch to an unmanaged browser.
  • Blunt blocking. Some teams block consumer AI domains outright. This pushes usage to personal devices and removes any chance of visibility, trading a governance problem for a larger blind spot.

The pattern across all three is the same: they try to intercept browser AI from the outside without a central place to define and enforce policy. A more durable model puts an AI gateway at the center as the policy engine and extends it to the endpoint, so the controls that already govern sanctioned traffic also reach the browser. This is the AI governance model that the Bifrost AI gateway and Bifrost Edge are built around.

How the AI Gateway and Bifrost Edge Govern AI in the Browser

Governing AI in the browser works in two layers: Bifrost, the AI gateway, defines and enforces policy as the control plane, and Bifrost Edge carries that policy out to the browser on each machine. The gateway is where you configure who can use which models, with what budget, under which guardrails, and with what audit trail. Bifrost Edge is the layer that makes sure browser AI traffic actually routes through that control plane instead of going directly to a provider.

On the gateway, the controls are the ones enterprise teams already run:

  • Virtual keys assign identity, permissions, and policy to each user or team, so every request is attributable.
  • Budgets and rate limits cap spend and request volume per key, team, or customer.
  • Guardrails inspect prompts and responses for secrets, PII, and unsafe content before they reach a model.
  • Audit logs record every governed request for SOC 2, GDPR, HIPAA, and ISO 27001 reporting.

Bifrost Edge runs on each computer and routes all AI traffic, including browser AI, through the gateway automatically. After a one-time browser sign-in through the organization's existing single sign-on, an always-on agent in the menu bar or system tray keeps that machine connected to the company's Bifrost. There are no base URLs to change and no SDKs to swap. A prompt typed into ChatGPT web or claude.ai is routed through Bifrost Edge, evaluated against the same policies, and only then forwarded to the provider. The governance follows the user instead of waiting for the user to opt in.

Applying Guardrails to ChatGPT Web, Claude.ai, and Beyond

The guardrails you configure on the gateway apply to browser AI with no additional setup on the endpoint. Because Bifrost Edge routes browser traffic through Bifrost, the same profiles and rules that protect sanctioned traffic now inspect prompts and responses from the browser. A guardrail is applied before the prompt reaches a model and before the response returns, so sensitive content such as an API key or a customer record is caught before it leaves the machine.

A prompt typed into ChatGPT in the browser, for example, is evaluated against your guardrails the moment it is submitted. The same protection covers conversations on claude.ai. Guardrail coverage is configured once on the gateway using reusable profiles and rules, with provider options that include native Secrets Detection (Gitleaks-backed), native Custom Regex with a built-in PII Detection template, AWS Bedrock Guardrails, Azure Content Safety, Google Model Armor, CrowdStrike AIDR, GraySwan Cygnal, and Patronus AI.

Alongside guardrails, the gateway and Bifrost Edge add two more controls for browser AI:

  • App governance. Administrators decide which AI applications are permitted, and Bifrost Edge enforces that decision on each device. Allowed surfaces run normally and fully governed; disallowed ones are blocked before any data leaves the machine.
  • MCP governance. For browser-adjacent coding agents that connect to external tools, Bifrost Edge inventories the MCP servers configured inside each app and lets admins allow or deny each one, enforced on the device rather than advisory.

The list of browser surfaces Bifrost Edge governs is growing. The supported applications today include ChatGPT web on chatgpt.com and Claude web on claude.ai, and Bifrost Edge governs traffic to every provider the gateway supports, including OpenAI, Anthropic, and Google Gemini. Teams can request support for a missing browser AI tool in one click, which is what "and beyond" means in practice: coverage expands to the surfaces your organization actually uses.

Rolling Out Browser AI Governance Across the Fleet

Browser AI governance only works if it reaches every machine, which is why Bifrost Edge is built for fleet-wide deployment. Rather than asking users to download and configure anything, organizations push Bifrost Edge to every computer through an existing device management platform with a managed configuration that points it at the company's Bifrost.

  • MDM-native rollout. Deploy with MDM supports Jamf, Microsoft Intune, Kandji, Omnissa Workspace ONE, and JumpCloud across macOS, Windows, and Linux.
  • No secrets on the device. The managed configuration delivers only non-sensitive connection settings, so machines arrive pre-pointed at the right Bifrost. Identity and keys come from the user's SSO sign-in.
  • Central visibility and control. A fleet dashboard lists every machine running the agent, the AI apps and browser surfaces in use, and the approval status of each, so an organization can finally answer which AI tools are running and where.

This visibility matters because Cisco's 2025 AI Readiness Index, as reported by industry analysts, found that 81% of organizations lack visibility into how employees use AI tools. Bringing browser AI under the Bifrost platform turns that blind spot into a governed, auditable surface. Bifrost Edge is currently in alpha; teams register to be onboarded.

Common Questions About Governing AI in the Browser

Does governing AI in the browser require employees to change how they work? No. After a one-time SSO sign-in, Bifrost Edge routes browser AI traffic through the gateway in the background. People keep using ChatGPT web and claude.ai exactly as before, now under policy.

How does this differ from blocking AI websites? Blocking removes visibility and pushes usage to personal devices. The governance approach keeps approved browser AI usable while applying guardrails, budgets, and audit logging to every request.

What about AI usage on personal accounts? Because Bifrost Edge governs at the machine level, browser AI traffic is routed through the gateway regardless of which account the user signs in with, closing the personal-account gap that network and identity controls miss.

Start Governing AI in the Browser with Bifrost

Governing AI in the browser does not require a new policy framework or a separate tool to learn. The AI gateway is the control plane where virtual keys, budgets, guardrails, and audit logs are defined, and Bifrost Edge extends those exact controls to ChatGPT web, Claude.ai, and the other browser AI surfaces your teams use. Together they turn the browser from the least governed AI surface into one that inherits the same compliance and security posture as the rest of your infrastructure. Explore the Bifrost resources hub for the full picture, or book a demo to see how the Bifrost AI gateway and Bifrost Edge govern AI in the browser across your fleet.

Read next