Governing AI in the Browser: ChatGPT, Claude.ai, and Beyond

Bifrost serves as the AI gateway and policy engine for governing AI in the browser, and Bifrost Edge carries those controls out to ChatGPT web, Claude.ai, and beyond.

These days, most enterprise access to generative AI takes place right inside the browser. Menlo Security's 2025 research put roughly 80% of generative AI usage as reaching tools like ChatGPT by way of a web browser, and the browser is also where sensitive data tends to walk out of the company. Of every part of an AI governance program, governing AI in the browser is the toughest to get to: a security team can route its own applications through a gateway, yet it holds no sway over what an employee types into chatgpt.com or claude.ai on a managed laptop. The control plane where AI policy gets defined and enforced is Bifrost, the open-source AI gateway Maxim AI built in Go, and Bifrost Edge stretches that same governance out to the browser on every machine. This post lays out why browser AI is so hard to govern and how the AI gateway and Bifrost Edge draw ChatGPT web, Claude.ai, and other browser AI surfaces under the policies you already run.

Why Browser AI Is the Hardest Surface to Govern

What makes browser AI hard to govern is that its traffic never so much as grazes the systems a security team runs. Open claude.ai or chatgpt.com, paste in a contract, a customer record, or a chunk of source code, and that request travels straight from the browser to the model provider. No gateway lays eyes on it, no audit log notes it, and no guardrail inspects it.

This sits at the heart of the shadow AI problem, and the figures lay bare how common it is. A 2025 report carried by eSecurity Planet found 77% of employees pasting data into generative AI prompts, with over half of those paste events carrying corporate information. IBM's 2025 Cost of a Data Breach Report, summarized by Forcepoint, found breaches involving shadow AI costing organizations an average of $670,000 above other incidents.

Three traits push the browser into being the hardest AI surface for traditional controls:

• The surface keeps changing. Fresh browser AI tools turn up nonstop, so an allow-list drawn up one quarter is already incomplete by the next.
• Personal accounts bypass corporate identity. Consumer AI tools get used under personal logins, which keeps the usage out of enterprise SSO and out of any sanctioned-app inventory.
• The data exfiltration vector is a paste, not a file. A pasted prompt is neither a download nor an email attachment, so file-based data loss tooling simply does not register it.

What you end up with is a governance gap parked in the middle of the organization rather than out at its edge. Closing it calls for bringing browser AI under the very same endpoint AI governance that already guards sanctioned traffic.

How Teams Try to Govern Browser AI Today

When it comes to AI in the browser, most organizations reach for one of three established approaches, and each one leaves a real gap.

• Browser extensions. Controls built on extensions can keep an eye on a particular browser, but their reach stops at the browsers and profiles where they are installed, and a determined user just hops to an unmanaged browser.
• Network proxies and DLP. Inspecting traffic at the network layer can surface some AI domains, yet it stumbles on encrypted sessions and has no way to reason about prompt content. It also falls apart for remote employees who are off the corporate network.
• Blunt blocking. Some teams flatly block consumer AI domains. That drives usage onto personal devices and wipes out any shot at visibility, swapping a governance problem for a bigger blind spot.

One pattern runs through all three: they attempt to intercept browser AI from the outside, lacking any central place to define and enforce policy. A sturdier model plants an AI gateway at the center as the policy engine and extends it to the endpoint, so the controls already governing sanctioned traffic reach the browser too. This is the AI governance model the Bifrost AI gateway and Bifrost Edge are built around.

How the AI Gateway and Bifrost Edge Govern AI in the Browser

Two layers make governing AI in the browser work. The first is Bifrost, the AI gateway, which defines and enforces policy as the control plane. The second is Bifrost Edge, which ferries that policy out to the browser on each machine. At the gateway you set who can use which models, under what budget, behind which guardrails, and with what audit trail. Bifrost Edge is the layer that guarantees browser AI traffic genuinely routes through that control plane in place of heading straight to a provider.

At the gateway, the controls are the ones enterprise teams are already running:

• Guardrails scan prompts and responses for secrets, PII, and unsafe content before they ever reach a model.
• Virtual keys attach identity, permissions, and policy to each user or team, which keeps every request attributable.
• Audit logs capture every governed request for SOC 2, GDPR, HIPAA, and ISO 27001 reporting.
• Budgets and rate limits hold spend and request volume in check per key, team, or customer.

On each computer, Bifrost Edge runs and routes all AI traffic, browser AI included, through the gateway on its own. Following a one-time browser sign-in via the organization's existing single sign-on, an always-on agent in the menu bar or system tray keeps that machine tied to the company's Bifrost. There is no base URL to change and no SDK to swap. Type a prompt into ChatGPT web or claude.ai and Bifrost Edge routes it, weighs it against the same policies, and only then passes it along to the provider. Governance trails the user rather than waiting on the user to opt in.

Applying Guardrails to ChatGPT Web, Claude.ai, and Beyond

Whatever guardrails you set on the gateway reach browser AI with no extra setup on the endpoint. Since Bifrost Edge routes browser traffic through Bifrost, the very profiles and rules that guard sanctioned traffic now inspect prompts and responses coming out of the browser. The guardrail fires before the prompt reaches a model and before the response heads back, so sensitive content like an API key or a customer record is caught while it is still on the machine.

Take a prompt typed into ChatGPT in the browser: it gets weighed against your guardrails the instant it is submitted. That same protection extends across conversations on claude.ai. You configure guardrail coverage once at the gateway with reusable profiles and rules, choosing from provider options that span native Secrets Detection (Gitleaks-backed), native Custom Regex with a built-in PII Detection template, AWS Bedrock Guardrails, Azure Content Safety, Google Model Armor, CrowdStrike AIDR, GraySwan Cygnal, and Patronus AI.

Beyond guardrails, the gateway and Bifrost Edge bring two further controls to browser AI:

• MCP governance. For the browser-adjacent coding agents that hook into external tools, Bifrost Edge takes inventory of the MCP servers configured inside each app and gives admins an allow or deny call on each one, enforced on the device rather than left as advice.
• App governance. Which AI applications are permitted is the administrators' decision, and Bifrost Edge enforces that decision on each device. Allowed surfaces run as normal and fully governed; disallowed ones are stopped before any data clears the machine.

The roster of browser surfaces Bifrost Edge governs keeps growing. The supported applications right now take in ChatGPT web on chatgpt.com and Claude web on claude.ai, and Bifrost Edge governs traffic to every provider the gateway supports, OpenAI, Anthropic, and Google Gemini among them. A missing browser AI tool can be requested by a team in one click, which is what "and beyond" amounts to in practice: coverage widens to the surfaces your organization genuinely uses.

Rolling Out Browser AI Governance Across the Fleet

Browser AI governance is only worth anything if it lands on every machine, which is the reason Bifrost Edge is built for fleet-wide deployment. Instead of asking users to download and configure a thing, organizations push Bifrost Edge to each computer through an existing device management platform with a managed configuration that aims it at the company's Bifrost.

• No secrets on the device. Only non-sensitive connection settings ride along in the managed configuration, so a machine shows up already pointed at the right Bifrost. The user's SSO sign-in supplies identity and keys.
• MDM-native rollout. Deploy with MDM works with Jamf, Microsoft Intune, Kandji, Omnissa Workspace ONE, and JumpCloud across macOS, Windows, and Linux.
• Central visibility and control. A fleet dashboard lays out every machine running the agent, the AI apps and browser surfaces being used, and the approval status of each, so an organization can at last say which AI tools are running and where.

Why does that visibility matter? Because Cisco's 2025 AI Readiness Index, as reported by industry analysts, found that 81% of organizations lack visibility into how employees use AI tools. Pulling browser AI under the Bifrost platform converts that blind spot into a governed, auditable surface. Bifrost Edge is in alpha at present; teams sign up to be onboarded.

Common Questions About Governing AI in the Browser

Does governing AI in the browser require employees to change how they work?
No. After a one-time SSO sign-in, browser AI traffic is routed through the gateway by Bifrost Edge in the background. People go on using ChatGPT web and claude.ai exactly as they did, now under policy.

How does this differ from blocking AI websites?
A block strips away visibility and shoves usage onto personal devices. The governance approach keeps approved browser AI usable while laying guardrails, budgets, and audit logging over each request.

What about AI usage on personal accounts?
Since Bifrost Edge governs at the machine level, browser AI traffic gets routed through the gateway no matter which account the user signs in under, sealing the personal-account gap that network and identity controls let slip.

Start Governing AI in the Browser with Bifrost

Governing AI in the browser asks for no new policy framework and no separate tool to learn. The AI gateway is the control plane where virtual keys, budgets, guardrails, and audit logs get defined, and Bifrost Edge carries those exact controls out to ChatGPT web, Claude.ai, and the other browser AI surfaces your teams use. Between them, they turn the browser from the least governed AI surface into one that takes on the same compliance and security posture as the rest of your infrastructure. Browse the Bifrost resources hub for the whole picture, or book a demo to see the Bifrost AI gateway and Bifrost Edge govern AI in the browser across your fleet.