Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Legacy DLP operates on a fundamental constraint: it identifies sensitive data by matching patterns. Credit card numbers follow the Luhn algorithm. Social Security numbers conform to a nine-digit format. API keys match specific string patterns. This approach works for structured data, but it fails to address a critical reality: Your most sensitive assets aren't numbers. They're documents.

The security landscape is shifting. For the past two years, security teams have focused primarily on what users type into chatbots by monitoring interactions with ChatGPT, Gemini, and Claude. But a new risk vector is emerging, one that operates largely outside traditional security controls: AI agents accessing corporate data autonomously through the Model Context Protocol (MCP).

In May 2025, Coinbase disclosed a data breach that exposed nearly 70,000 customer records—not through a sophisticated external attack, but through bribed customer service agents. The cryptocurrency exchange refused a $20 million ransom demand and instead pledged that amount toward catching those responsible. One arrest has been made in India, but the incident highlights a fundamental problem in modern security: your people can become your greatest vulnerability.

The security landscape has shifted dramatically. Employees now work across dozens of applications, browsers, and devices—often using personal accounts alongside corporate ones. They're adopting generative AI tools at unprecedented rates, and your source code is moving between repositories faster than traditional DLP tools can detect. This creates a fundamental problem: how do you enable productive work while preventing corporate IP from leaving your trusted environment?

Large data breaches rarely begin with dramatic system failures. More often, they start with sustained, unauthorized access to sensitive data that goes undetected for months. The recent breach at Coupang, South Korea’s largest e-commerce platform, illustrates this pattern clearly. Nearly 34 million customer records were likely exposed over an extended period before detection.

DLP solutions have a challenge in detecting standard document types: financial records, source code, and customer lists. Moreover, what happens when your organization needs to protect business-critical documents that don't fit pre-built categories? Or when you need more granular classification to support specific workflows? Traditional approaches force you to choose between brittle regex patterns that generate false positives.

In our recent analysis of AI browser exfiltration risks, we exposed how OpenAI's Atlas and Perplexity's Comet create permanent backdoors to sensitive data through persistent memory, autonomous agents, and cross-platform sync. The challenges with AI native browsers strongly resonated with CISO’s and security leaders we speak with on a daily basis. But the threat extends far beyond Atlas and Comet.

Customer support teams face an impossible paradox: they need to help customers quickly, but customers routinely share sensitive information that creates compliance risks and security exposure. Credit card numbers pasted into chat. Driver's licenses attached to verification tickets. Medical records uploaded to troubleshoot healthcare apps. Social security numbers submitted through web forms. Traditional DLP wasn't built for this reality.

A leading cybersecurity vendor recently terminated an employee who took internal screenshots and shared them with threat actors, who then attempted to pass off the leaked material as evidence of a system breach. While no customer data was compromised and production systems remained secure, the incident exposed a blind spot that should concern every CISO: authorized users with legitimate access becoming your biggest vulnerability.

In finance, protecting customer data isn’t just good practice. It’s a regulatory mandate. The SEC’s Regulation S-P (Privacy of Consumer Financial Information) requires financial firms to guard against unauthorized access, maintain robust data-disposal practices, and have a formal incident response program. As the threat landscape has evolved, so has the regulation. This all means one thing: complacency is no longer an option.