|
By Cyberhaven
You approved the AI tools. You funded the infrastructure. Now your teams want to deploy AI agents, and the ask sounds reasonable: automate the research workflow, connect the agent to the CRM, let it draft and send. The productivity case is clear. What is less clear is who owns the security exposure when that agent starts moving data across systems it was never explicitly authorized to touch. The answer, increasingly, is you.
|
By Iulia Stefoi-Silver
Anthropic has selected Cyberhaven for its Cyber Verification Program, an application-based program that supports legitimate defensive cybersecurity work involving advanced AI capabilities. The approval gives designated Cyberhaven teams access to advanced AI capabilities with fewer interruptions from default safeguards for certain high-risk, dual-use cybersecurity tasks, subject to Anthropic's applicable policies and program requirements.
|
By Cyberhaven
A manufacturer's most valuable assets rarely sit in a vault. They live in CAD files, chemical formulations, process parameters, supplier contracts, and tooling specifications that move every day between engineers, plants, partners, and contractors. That movement is what makes the business run, and it is also what makes trade secrets easy to lose. A departing engineer copies a design folder. A contractor forwards a spec sheet to a personal account.
|
By Cyberhaven
SOC 2 audits are won or lost on evidence. When an auditor asks how an organization controls access to sensitive data, prevents unauthorized exfiltration, and monitors for anomalous behavior, the answer has to be documented and defensible. For most security and GRC teams, that answer depends heavily on whether their data security tooling is configured to produce audit-ready outputs, not just enforce policies.
|
By Cyberhaven
Most insider risk programs stall at the same place: they can see what data exists, but not what users are doing with it. Data security posture management (DSPM) tools catalog sensitive files, flag misconfigured permissions, and surface overexposed repositories. What they often cannot communicate is whether that overexposed file was accessed, copied, renamed, and uploaded to a personal cloud account by an employee who put in their resignation last week.
|
By Franklin Nguyen
Organizations are not choosing between AI adoption and data security. Rather, they are discovering, often after the fact, that these two priorities are pulling in opposite directions. The engineering team has been using GitHub Copilot for six months. Finance is running variance analysis through ChatGPT. Legal is pasting contract language into Gemini for redlining. According to Cyberhaven Labs research, 39.7% of the data employees share with AI tools is sensitive.
|
By Cyberhaven
Clinicians are pasting patient summaries into ChatGPT to draft discharge instructions. Billing staff are uploading claim data to AI writing tools to speed up appeals letters. Nurses are using consumer AI assistants to look up drug interactions between patient visits. None of this was approved by the security team, and most of it would surprise the compliance officer.
|
By Cyberhaven
AI agents are connecting to enterprise systems right now. Whether a developer wired up Claude to an internal Confluence instance, a vendor shipped an agentic workflow that calls the CRM, or an employee enabled a browser-based AI assistant that reads email, Model Context Protocol (MCP) is rapidly becoming the integration layer between large language models (LLMs) and corporate data. Most security teams have no visibility into any of it.
|
By Cyberhaven
HR teams manage every stage of the employee lifecycle, from hiring and onboarding to performance management and offboarding. Security teams manage data access, behavioral monitoring, and incident response. Insider risk lives at the intersection of both. When HR and security operate independently, the gaps between them are exactly where data loss happens, and the moments of highest exposure are almost always HR events, such as a resignation submitted, a role change processed, a termination decision made.
|
By Cyberhaven
Most enterprise security programs were built around a simple assumption, not invalid assumption that data moves when a person decides to move it. AI agents have broken that model, and now act autonomously, reading files, calling APIs, executing code, and transferring data across systems without waiting for a human to approve each step. Many of these agents were never sanctioned by IT or security.
|
By Cyberhaven
Autonomous AI agents are running on enterprise endpoints right now, accessing files, processing sensitive data, and executing actions outside the visibility of most security programs. This is Part 1 of Cyberhaven's four-part AI Security product launch series. What this video covers: Most AI security tools were built for browsers and SaaS apps. They cannot see agents operating at the OS level, coding assistants running in IDEs and CLIs, or MCP servers executing in the background. Cyberhaven's AI Security platform was built to close that gap.
|
By Cyberhaven
Security teams cannot govern what they cannot see. This is Part 2 of Cyberhaven's four-part AI Security product launch series, focused on Shadow AI Discovery and how Cyberhaven automatically inventories every AI app and agent running across your organization.
|
By Cyberhaven
Visibility without enforcement is just an alert backlog. This is Part 4 of Cyberhaven's four-part AI Security product launch series, covering how Cyberhaven enforces risk-based controls at the data level, not the tool level, using Data Lineage as the foundation.
|
By Cyberhaven
Knowing an AI tool exists is not the same as knowing what it did with your data. This is Part 3 of Cyberhaven's 4-part AI Security product launch series, covering Agentic AI Visibility and AI Risk IQ, Cyberhaven's evidence-based risk scoring system for every AI app and agent in your environment.
|
By Cyberhaven
In this video, you will learn why agentic browsers like ChatGPT Atlas, Perplexity Comet, and Arc have turned the browser into a double agent inside your enterprise, how shadow adoption is bypassing MDM and endpoint controls in days, and why indirect prompt injection creates an attack surface your file-based DLP cannot see. You will also learn how data lineage replaces noisy content inspection with origin-and-destination tracking, so you can stop the leak without blocking the tools your business depends on.
|
By Cyberhaven
In this video, you will learn why static domain-blocking strategies fail against the modern Shadow AI ecosystem, how Generative AI wrappers, browser extensions, and personal accounts bypass corporate firewalls without triggering an alert, and why network-layer inspection cannot distinguish proprietary code from public Stack Overflow snippets. We break down the limitations of traditional DLP at the clipboard layer, explain how data lineage replaces application allow-lists, and show how the "Glass House" model lets enterprises enable AI productivity while strictly gating sensitive data movement.
|
By Cyberhaven
In this video, you will learn how lightweight OS-level instrumentation binds lineage metadata to clipboard content the moment data is copied, how that tag survives edits, reformatting, and translation across applications, and how provenance-based policy replaces pattern matching with precision rules tied to the actual source of the data. You will also learn how pairing network tools with a browser extension captures user intent before encryption, eliminating the alert fatigue that buries real risk in noise.
|
By Cyberhaven
In this video, you will learn why agentic browsers like ChatGPT Atlas, Perplexity Comet, and Arc have turned the browser into a double agent inside your enterprise, how shadow adoption is bypassing MDM and endpoint controls in days, and why indirect prompt injection creates an attack surface your file-based DLP cannot see. You will also learn how data lineage replaces noisy content inspection with origin-and-destination tracking, so you can stop the leak without blocking the tools your business depends on.
|
By Cyberhaven
In this video, you will learn why legacy DLP tools go blind when sensitive data is copy-pasted into generative AI tools, how Data Lineage fingerprints information at its origin to track it across transformation within an environment, and how operating system-level monitoring eliminates the encryption blindness that limits browsers and firewalls. You will also see how to build context-aware paste policies that allow productive AI use while blocking high-risk data flows from sources like source code repositories, Salesforce, and internal wikis.
|
By Cyberhaven
Your developers are leaking IP into generative AI— and your DLP can't see it. This is the Shadow AI gap breaking legacy Data Loss Prevention's capabilities.
|
By Cyberhaven
Dive into our expertly curated DLP program checklist that will align with your organization's ambitious business and catapult them forward.
|
By Cyberhaven
In this guide we demystify DLP to distill the basics of DLP program development. Learn the essentials required to create scalable data security and data protection programs.
|
By Cyberhaven
Data is leaving your company in ways that didn't exist years ago-AirDrop, generative AI, and more. Legacy DLP hasn't kept up; now it's time to invest in more forward-looking solutions.
|
By Cyberhaven
DDR makes it possible to stop data exfiltration across all channels with one product and one set of policies.
- June 2026 (12)
- May 2026 (29)
- April 2026 (14)
- March 2026 (11)
- February 2026 (9)
- January 2026 (11)
- December 2025 (10)
- November 2025 (6)
- October 2025 (3)
- September 2025 (6)
- August 2025 (7)
- July 2025 (10)
- June 2025 (1)
- April 2025 (8)
- March 2025 (6)
- February 2025 (2)
- January 2025 (2)
- November 2024 (1)
- October 2024 (1)
- September 2024 (5)
- August 2024 (3)
- July 2024 (3)
- June 2024 (2)
- May 2024 (1)
- April 2024 (1)
- March 2024 (2)
- February 2024 (2)
- January 2024 (2)
- November 2023 (1)
- April 2023 (1)
Cyberhaven detects and stops the most critical insider risks to your most important data.
Let’s face it, data security products never lived up to our expectations and now that the way we work is changing they can’t keep up. Cyberhaven solves these challenges so companies can finally protect their data.
Data Detection and Response:
- Understand how data flows: See what systems store different types of data and how data moves within the company to new places and people.
- Stop data exfiltration anywhere: Block important data from leaving your control via cloud, web, email, removable storage, Bluetooth/AirDrop, and more.
- Accelerate internal investigations: Quickly understand an incident to determine user intent with a complete record of events before and during an incident.
- Detect and stop risky behavior: Instantly detect when a user handles important data in a risky way, stop them in real time, and coach them.
Trace your data to protect it like never before.