Ken, 

Thanks for that. When you say "a category for AI" in our global access policy where would that be located? Is that something our organization would have to build? I am not finding that. 

So... TalosIntelligence has a Generative AI category, but it doesn't look to have made it to the WSA yet. 

@amojarra any news on that front? 

Hi @Ken Stieers 

Sorry for the late reply 

we have the Generative AI in the WSA: 

there are some customers who might not seeing this, due to some updates Issue, they need to contact TAC to check from the backend. 

on the other hand regarding the question:

Any suggestions on how we can block some AI sites but allow a select few others? 

So WSA, first checks the Custom URL Categories then the Pre-Defined categories, you can block all AI category and define your permitted AI sites in the custom URL category, make sure to add that category in your policy that you are blocking the "generative AI" and set that custom category to Allow or Pass through depends on your policy. 

And in case you are looking for some extra layer of security on your AI access, you can review Cisco's AI Defense: 

https://www.cisco.com/site/us/en/products/security/ai-defense/index.html

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

@Ken Stieers 

Thank you so much for bringing this to my attention. 

I have filed an internal Documentation Correction request  "[Doc] Adding "Generative AI" to the Pre-Defined URL Category table" 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr40214

BR

Amir