Here is how to keep Claude, ChatGPT, and Gemini in play across the browser and desktop while still governing them. Bifrost sends endpoint AI traffic through one policy layer, so guardrails, budgets, and audit logs reach everywhere.
The route to most enterprise data exposure through AI runs through something completely mundane: someone drops source code, a customer record, or an API key into Claude, ChatGPT, or Gemini on their own laptop. A 2025 LayerX report put numbers to it, finding that 77% of employees who use generative AI paste data into chatbots, with about a fifth of those pastes carrying personally identifiable or payment data. Slam these apps shut at the firewall and the behavior survives untouched; it simply migrates to personal accounts and unmanaged browser tabs where security teams see nothing. There is a workable alternative, which is to govern Claude, ChatGPT, and Gemini without blocking them. Let people hang onto the tools they depend on, and route every request through a policy layer at the same time. For enterprise AI traffic, that policy layer is Bifrost, the open-source AI gateway Maxim AI built in Go, and Bifrost Edge carries it out to the browser and desktop on every company machine.
Why Blocking Claude, ChatGPT, and Gemini Doesn't Work
The reason an outright block on AI assistants falls apart is that demand for them never goes away. Take a sanctioned tool offline and employees reach for a personal account, a phone, or another browser, and the data exits the company regardless. Netskope's research turned up exactly this: 47% of people using generative AI at work do so through personal accounts outside the organization's oversight, leaning on tools like ChatGPT, Google Gemini, and Copilot under credentials with no tie to the business.
That is the shadow AI problem in a sentence. Whatever traffic is configured to flow through a control layer is all it can govern, and hardly any of the AI people genuinely use is configured that way. So sensitive data walks out through tools the security team cannot observe, with no audit trail, no budget control, and no content inspection behind it. Gartner's projection is that by 2030, more than 40% of enterprises will experience security or compliance incidents tied to unauthorized AI use.
Blocking, then, is not the objective. Governance is: hold onto the assistants employees want while drawing every request under a single governance layer.
What It Means to Govern AI Usage Without Blocking It
To govern AI usage without blocking it is to let approved assistants run as usual while each prompt and response travels through a central policy layer that lays down guardrails, budgets, and audit logging before the data ever reaches a model. The app stays perfectly usable. The traffic, meanwhile, turns visible and controlled.
Doing it this way pulls apart two decisions that blocking jams together:
- Govern the traffic. For each app you allow, send requests through centralized AI governance so policy reaches what employees send and what they get back.
- Allow or deny the app. Settle which assistants are permitted on company machines.
The only question blocking ever takes on is the first one, and it handles even that poorly. Governing without blocking handles both: Claude, ChatGPT, and Gemini keep working, and the organization walks away with a usage record, enforced budgets, and content inspection over prompts and responses.
The Control Plane: How the Bifrost AI Gateway Governs AI Traffic
Where AI policy gets defined and enforced is Bifrost, the control plane. Being an AI gateway, it sits between applications and model providers and lays governance over every request flowing through it, no matter which provider or model is being targeted. Its core controls are these:
- **Virtual keys:** scoped credentials that tie usage back to a team, project, or user, so access stays attributable and revocable without ever sharing raw provider keys.
- **Budgets and rate limits:** spend caps and request limits set per key, team, or user to head off runaway cost and abuse.
- **Guardrails:** reusable profiles and rules that scan prompts and responses for secrets, PII, and unsafe content, both before a request lands at a model and before a response comes back.
- **Audit logs:** immutable records of who sent what and when, backing SOC 2, GDPR, HIPAA, and ISO 27001 requirements.
You set these controls up once at the gateway, and from there they apply to every request crossing it. The question still hanging over most teams is the one blocking never resolves: how do you actually get the AI on a laptop, inside a browser tab, or within a coding agent to travel through this control plane to begin with? Closing that gap is the job of Bifrost Edge.
Extending Governance to the Browser and Desktop with Bifrost Edge
At the gateway, Bifrost governs AI traffic; Bifrost Edge is what guarantees the AI on every laptop genuinely routes through it. Edge is the endpoint layer of that very same platform. Running on each machine, it routes all AI traffic through the organization's Bifrost, so that the virtual keys, budgets, guardrails, and audit logs already set at the gateway get enforced right on the device. The policy side asks nothing new of you; Edge simply widens the reach of controls the gateway already supplies.
After a single setup, the experience is built to vanish, and that is precisely what makes "without blocking" workable at scale:
- An always-on agent. Edge sits in the menu bar on macOS or the system tray on Windows and Linux, displaying connection status alongside the active virtual key and its budget.
- One sign-in. On Edge's first run, the user signs in through their browser using the organization's existing single sign-on. That ties the machine to the user and pulls down the policies assigned to them. Nobody copies or pastes a key.
- Every app, automatically. Routing at the machine level lets Edge cover desktop apps, browser AI, and coding agents with no base URL changes and no SDK swaps. Governance trails the user rather than waiting on them to opt in.
For the assistants we are talking about here, that translates into allowed apps running normally and staying fully governed. Edge governs Claude Desktop and Claude on the web, the ChatGPT desktop app and ChatGPT on the web, plus coding agents such as Claude Code. And since Edge governs traffic to every provider Bifrost supports, Google Gemini and Vertex AI among them, any request aimed at Gemini stays under policy too, while Edge discovers the MCP servers configured inside the Gemini CLI. The supported application list keeps growing, and a missing app is one click away from being requested. Bifrost Edge is in alpha at the moment, so teams sign up to be onboarded instead of rolling it out as a generally available product.
Guardrails for Claude, ChatGPT, and Gemini Prompts
Since Edge routes endpoint AI traffic through the gateway, every guardrail already configured applies automatically to the prompts and responses moving through Claude, ChatGPT, and Gemini. Type a prompt into ChatGPT in a browser tab and Edge routes it, weighing it against the organization's rules before it touches a model, so a leaked secret or a chunk of PII is caught while it is still on the machine. The endpoint takes no extra setup; the same profiles guarding gateway traffic now guard endpoint AI.
Guardrail coverage set at the gateway and enforced on the device takes in:
- **Secrets detection:** Gitleaks-backed detection of leaked API keys, tokens, private keys, and credentials.
- Custom regex: organization-specific redaction or rejection patterns, including a built-in PII detection template.
- Third-party providers: AWS Bedrock Guardrails, Azure Content Safety, Google Model Armor, CrowdStrike AIDR, GraySwan Cygnal, and Patronus AI.
Here is the piece blocking can never hand you. A blocked app inspects nothing, because no traffic ever moves. An app that is allowed and governed gives the security team inspection on each prompt and response, across every assistant employees touch.
Governing the MCP Servers Behind Your AI Assistants
More and more, AI assistants hook into MCP servers, which are external tools able to read files, call APIs, and act on a user's behalf. Which MCP servers employees have wired into Claude Desktop, Claude Code, or the Gemini CLI is something most organizations have no visibility into at all. Edge shuts that blind spot by inventorying the MCP servers configured inside each app and assembling a live, fleet-wide list of which servers are in use and across how many devices.
From there, administrators issue per-server allow or deny decisions, and the decision lands as enforcement on the device rather than as advice. A denied server stays unusable even within an app that had it configured before the policy existed. Discovery reaches the major MCP-capable AI apps in use today, Claude Code, Claude Desktop, Gemini CLI, OpenCode, Codex, and Cursor included. For teams looking to standardize tool access more broadly, an MCP gateway centralizes how those connections get authenticated and governed across all AI traffic.
Rolling Out Endpoint AI Governance with MDM
Endpoint AI governance is only any good if it touches every machine, which is why Edge is built for fleet-wide deployment through device management tooling you already run. Instead of asking users to download and configure a thing, an organization pushes Edge to every machine via its MDM platform with a managed configuration that aims it at the organization's Bifrost. The supported platforms run to Jamf, Microsoft Intune, Kandji, Omnissa Workspace ONE, and JumpCloud.
What the managed configuration delivers is only non-sensitive connection settings, so machines show up already pointed at the right gateway with no secrets sitting on the device. Identity and keys arrive from the user's SSO sign-in on first launch. Out of the devices dashboard, administrators take in every machine running Edge, the AI apps installed on it, and the MCP servers configured, then approve or deny apps and servers across the fleet from one spot. For regulated industries and demanding enterprise requirements, this plugs straight into the wider Bifrost Enterprise story of air-gapped deployments, VPC isolation, and on-prem control.
Common Questions About Governing AI Assistant Usage
Can employees keep using Claude, ChatGPT, and Gemini after governance is in place?
Yes. Governing without blocking exists precisely so approved assistants go on working exactly as they did. In the background, Edge routes their traffic through the gateway, which leaves the user experience untouched while policy reaches every request.
How is governing AI usage different from blocking it with a firewall?
A firewall block halts traffic and inspects nothing, which nudges employees toward personal accounts and unmanaged browsers. Governing usage instead routes the traffic through a policy layer, so the organization holds onto visibility, applies guardrails and budgets, and keeps an audit trail, all while the app stays usable.
Does this require changing settings in each AI app?
No. Because Edge routes at the machine level, there are no base URLs to change and no SDKs to swap. Following a one-time SSO sign-in, governance covers supported desktop apps, browser AI, and coding agents on its own.
Getting Started with Governed AI Usage
Governing Claude, ChatGPT, and Gemini usage without blocking them boils down to one architecture: a gateway serving as the control plane where policy is set, plus an endpoint layer that ferries that policy to every machine. The control plane is Bifrost, carrying virtual keys, budgets, guardrails, and audit logs, and Bifrost Edge widens that governance out to the browser and desktop so the AI employees genuinely use stays under the same controls. What you get is visibility and compliance across every assistant, with nobody forced to surrender the tools that make them productive. For a closer look at the policy controls under this model, the Bifrost governance resources walk through virtual keys, budgets, and access control in depth.
Want to see Bifrost and Bifrost Edge pull endpoint AI usage under governance across your fleet? book a demo with the Bifrost team.
Top comments (0)