Security Research
Practical guides for IT and security teams navigating the risks of generative AI in the workplace.
Personal data, IP, source code, and live API keys all leak the same way — pasted into an AI tool. How AIovert stops each one, and the GDPR, EU AI Act, and DORA articles it makes you compliant with.
Read articleNetwork filters can't see what an employee pastes into ChatGPT. GDPR AI paste blocking can — by classifying the text in the browser and cancelling the paste before it's sent.
Your support team is already using ChatGPT. What the EU AI Act and GDPR require of customer service AI compliance, the August 2026 deadline, and the five controls CS managers need.
Every customer email pasted into ChatGPT is a GDPR event. A 5-step playbook to prevent customer data leaks to ChatGPT before they happen — not after the breach report.
European companies have a specific AI DLP problem: GDPR, the EU AI Act, and EU data residency at once. What to look for, and why US enterprise DLP doesn't fit.
CNIL wants a DPIA. The ICO says AI doesn't reduce liability. The EDPB has flagged generative AI in customer-facing roles for 2026. A plain-English summary of the guidance, and what it means for your team.
Developers paste stack traces, .env files, and configs into ChatGPT to debug, and ship live AWS, OpenAI, and GitHub keys to a third party. Why it happens, what it costs, and how to block it on-device.
A 600-person fintech deployed AIovert in an afternoon. In 30 days it blocked 213 sensitive pastes into AI tools (cardholder data, client records, and API keys) and built an audit trail for its DPO.
Contracts, settlement terms, client identities: legal teams feed LLMs the most confidential material in business. What it does to privilege, the ABA's position, and how firms stay safe.
Clinicians paste discharge notes; researchers paste trial data. Under HIPAA and GDPR Article 9 that can be an impermissible disclosure of the most protected data there is, and removing the name doesn't fix it.
Stack traces with live credentials, proprietary code, schemas with real customer rows. The Samsung incident was the warning. Here's what engineering teams leak and how to stop it without banning AI.
Deal terms, client portfolios, unpublished research: exactly the data regulators examine for. Why the 2023 bank ChatGPT bans failed and what supervision-grade control looks like.
Workplace emotion recognition is banned outright, with fines up to €35M or 7% of turnover, and the exposure comes from tools your employees adopted without asking. What to audit this quarter.
One paste of customer data into an AI chatbot can be a personal data breach under Article 4(12), starting the 72-hour clock. The legal analysis, the €15M OpenAI fine (annulled on jurisdiction in 2026), and how to stay compliant.
AI literacy has been mandatory since February 2025 and becomes enforceable on 2 August 2026. What the one-sentence law demands, why annual training fails the test, and what evidence regulators will accept.
National regulators gain enforcement powers and Article 50 transparency applies on 2 August 2026. The Digital Omnibus delayed high-risk rules to 2027–2028. Here's the full timeline, the fines, and a checklist.
Employees are using dozens of AI tools you haven't approved. Here's what shadow AI is, why it's dangerous, and how to get visibility without blocking productivity.
A practical guide for IT and security teams: the tools, policies, and controls that actually work, and why network DLP misses the problem entirely.
Traditional DLP was built for email and USB drives. Generative AI broke the model. This guide explains the gap and how modern AI DLP works.
Using ChatGPT with employee data may already be a GDPR violation. Here's what Article 28, 32, and 83 mean for your AI acceptable-use policy.