Enterprises Block Unauthorized ChatGPT, Gemini, Claude Access

A June 10, 2026 guide from Kaspersky walks enterprises through detecting and blocking unauthorized AI tools such as ChatGPT, Claude, Gemini, and meeting bots. Its checklist centers on network and endpoint controls: blocking the "AI Services" category in NGFW or web filters, rerouting DNS for vendor domains (claude.ai, anthropic.com, *.anthropic.com, api.anthropic.com and the OpenAI equivalents), enforcing browser extension allowlists, and using EDR/EPP or application control to spot desktop apps like claude.exe. Crucially, Kaspersky warns that outright bans push employees toward proxy and third-party services, and recommends offering an approved alternative before enforcing blocks. Commercial tooling takes a similar two-layer shape: TeamPrompt's product page advertises a browser extension for prompt-level data-loss prevention plus Cloudflare Gateway network blocking, with deployment via Google Admin, Microsoft Intune/JAMF, or GPO. The practical tension is enforcement aggressiveness versus false positives and user workarounds.
What happened
Kaspersky published a June 10, 2026 guide on detecting and disabling "shadow AI", employees using unsanctioned AI assistants such as ChatGPT, Claude, Gemini, and meeting bots, which it ties to data-exfiltration and compliance risk. The guide is structured as a practical control checklist rather than a threat report, listing vendor domains and technical indicators alongside the controls that catch them.
The control stack
Kaspersky's recommendations operate at two layers. At the network layer: block the "AI Services" category in the NGFW or web filter, and reroute DNS queries for specific domains, for example claude.ai, anthropic.com, *.anthropic.com, and api.anthropic.com, and the equivalent OpenAI domains, away from production endpoints. At the endpoint: enforce browser extension allowlists through policy, and use EDR/EPP or application control to scan for installed desktop clients such as claude.exe or ChatGPT.exe and to inspect browser history. The guide explicitly notes that a hard ban tends to backfire, driving users to personal devices, third-party wrappers, or proxy services, and recommends standing up an approved, auditable AI option before turning on enforcement.
Vendor tooling
Commercial products converge on a similar architecture. Per its product page, TeamPrompt pairs a browser extension that scans prompts for sensitive data with network-level blocking via Cloudflare Gateway, and advertises deployment through Google Admin, Microsoft Intune/JAMF, or GPO, with Monitor, Restrict, and Full Lockdown modes. The vendor also claims 40-plus detection rules and coverage of roughly 18 AI tools; those figures are vendor-stated and unverified here.
The practitioner read
The hard part is not blocking, it is blocking without breaking work. Broad "AI Services" category enforcement is the fastest control to deploy but generates the most false positives and the strongest incentive to route around IT. The durable pattern in Kaspersky's guidance is to instrument first, run prompt-DLP and category controls in monitor mode to measure real usage and false-positive rates, then enforce, and to pair any block with a sanctioned alternative so the underlying demand has somewhere legitimate to go.
What to watch
- •Adoption of browser-extension prompt DLP versus network-only blocking as the default shadow-AI control.
- •False-positive rates when enforcing broad AI-category blocks, and their effect on user workarounds.
- •Whether enterprises pair enforcement with approved internal AI tools, the mitigation Kaspersky flags as decisive.
Key Points
- 1Kaspersky's June 2026 guide pairs NGFW/web-filter category blocks and DNS reroutes with browser policy and EDR/EPP endpoint detection.
- 2It warns that hard bans drive users to proxies and recommends offering a sanctioned AI alternative before enforcing blocks.
- 3Vendor tools add browser-side prompt DLP atop network blocking, but broad AI-category blocks trade exposure reduction for false positives.
Scoring Rationale
Concrete, implementable guidance on controlling shadow AI is directly useful to security and compliance teams, and adding Kaspersky's original guide as the primary source strengthens the page's authority. It is operational best-practice content rather than a novel technical advance, placing it solidly mid-band.
Sources
Public references used for this report.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems


