Gen-AI Web Security (Selective redirection of Gen-AI Apps)
Cisco Secure Access is introducing Selective Redirection for Generative AI (Gen-AI) Applications, a powerful new feature in Cisco Roaming Module that provides enterprises with granular security and control over Gen-AI traffic. This capability enables customers to steer AI-related traffic selectively to Secure Service Edge (SSE) while keeping all other internet-bound traffic independent.
Key Benefits
Enhanced Visibility & Control
- • Provides deep visibility into Gen-AI traffic, allowing organizations to monitor, control, and enforce security policies on AI-powered applications.
- • Helps mitigate shadow AI risks, preventing unauthorized AI app usage that could lead to sensitive data exposure.
Stronger Security & Compliance
- • Meets legal and data protection mandates by steering AI-related traffic through SSE security controls.
- • Blocks or restricts unapproved AI applications, reducing potential threats from data leakage, malicious AI-generated content, and unauthorized AI access.
Seamless Security – Anywhere, Anytime
- • Protects users on and off the corporate network, ensuring continuous threat prevention even outside VPN coverage.
- • Leverages Cisco Umbrella Roaming to block AI-powered malware, phishing attempts, and command-and-control callbacks, reducing attack surfaces for enterprises.
Strategic Impact
Enables Secure AI Innovation – Enterprises can embrace AI tools while maintaining full control over usage, access, and compliance.
Optimized Network Traffic Routing – Reduces unnecessary network congestion by ensuring only AI traffic is redirected while preserving other internet-bound traffic.
Future-Ready AI Security Strategy – Prepares enterprises for the next wave of AI-driven applications, safeguarding against evolving AI-related threats.
With this release, Cisco reaffirms its commitment to proactive security, data protection, and AI governance, ensuring businesses can leverage Gen-AI safely and efficiently.
What is Needed:
- Customer need download latest version Cisco Secure Client 5.1.8.x
- Customers need request this feature to enabled for their organization with Cisco
How To Configure:
1.. To deploy the Secure Access Internet Security on user devices, first download and install the software package for the Cisco Secure Client or copy the URL for the Secure Access PAC file from Secure Access. For more information, see Set Up Internet Security on User Devices. You can also install custom PAC files in your environment. For more information about deploying PAC files, see Manage PAC Files.
- Configure Destinations to steer through Secure Access
Click Select Destinations under the Connect to Secure Access tab and choose one or more generative AI destinations to steer through SWG and evaluate against Access Policy rules. Note: Once you add a destination to Connect to Secure Access, all endpoint traffic to other destinations will bypass SWG.
Cisco Secure Access curates the list of generative AI destinations.
How to Disable Option
When Connect to Secure Access is enabled, only the endpoint web traffic to these generative AI destinations will be steered through Secure Access web proxy (SWG). All other endpoint web traffic to destinations that are not on this Connect to Secure Access destinations list will bypass SWG. In these conditions, endpoint traffic will continue to be steered through Secure Access DNS resolvers unless the destination is on the Bypass Secure Access list.
To disable click Select Destinations under the Connect to Secure Access tab, uncheck all destinations, and save.
With No destinations selected under Connect to Secure Access, the SWG steering of Bypass Secure Access will be reenabled, steering all endpoint traffic through Secure Access except for the destinations listed under Bypass Secure Access.
Policy Configuration:
Documentation:
Once the Feature is Enabled you can click on https://dashboard.sse.cisco.com/org/”org-id”/connect/user-connectivity/internet-security,
Replace “org-id” with your ID value.