We’re a fully EPM Cloud shop. Our company has been entertaining AI and the various LLM approaches. The AI world tells EVERYONE to use their tool(s) to help them work smarter and increase productivity. The InfoSec world cringes at the possible probable data sharing stealing when not properly regulated.
We already have a data loss prevention (DLP) approach with InfoSec regarding 3rd party and unapproved file sharing and hosting solutions. At this point, it mainly centers around InfoSec’s scans and research regarding said solutions, and we implement the block policies if needed. We already block installers via Admin Approval, so these explicit DLP block policies are to help avoid any unauthorized elevations. We’re working through LLMs and wondering if there’s a better approach than what we are currently doing with DLP.
Do you have any already tested approaches or best practices for LLM blocking? Any already curated lists of known LLM agents, installs, frontends, etc.? LLM and AI agents pose a slightly different problem than other “installers” due to their command line options. E.g. Python has LLM installation options that work with Python libraries. Sure, at some point there’s probably a DLL, EXE, etc. that we could target, but this “feels” different than the other EPM policies we’ve been building.
I get what you’re after; that would be a cool project to do… “Round up all the LLMs and agents and stuff and try to make a battery of rules to smack them down.”
I dont know if we have the actual bandwidth to do that though; the XML examples we provide for PPLPM are examples to use and not guaranteed of course.
But that being said, two things: One, if we do increase that coverage with example XMLs we can let you know and TWO, our sister product ENDPOINT PROTECTOR (also agent based) is about to ship AI-smart features. So instead of just BLOCKING all AI… (using PPLPM or whatever) you can “trap” for the stuff you want to trap for and dont let the good stuff out.
We plan to highlight this in Ignite next week and release some accompanying videos. Yes, yes, yes, I get it.. maybe you don’t want to install a whole new product to augment PPLPM; but, on the other hand, it IS trying to do something different.
Lets pause this for now, and you can check out the EPP release notes and videos when they come out and see if a small scale trial is interesting.
That’s kind of what I expected but had to ask. Thanks! Also… I see what you did there… nice plug for Endpoint Protector I’m intrigued enough that I’ll definitely watch the videos
I’m intrigued enough that I’ll definitely watch the videos 