Here is how a question gets answered in 2026. Someone needs to understand a security control, a licensing question, or a configuration risk. They do not open three tabs and weigh the sources against each other. They open an AI assistant, type the question, and take the answer that comes back. It is fast, it sounds confident, and a fair share of the time, it’s close enough to be useful.
I am not going to pretend that it is a poor instinct, because I lean on the same tools every day. But this one is worth sitting with. If you asked an AI assistant whether it was safe to paste your company's confidential data into an AI assistant, you would get a tidy and reasonable-sounding answer. What you would not get is the thing an experienced colleague would give you without being asked. The tool will not stop, push back, and tell you that the convenient habit you are relying on is the exact exposure this article is about. It has no reason to warn you about itself, and it does not know your environment, your contracts, or your regulators.
That is why there still has to be a human behind the keyboard, driving the work rather than simply receiving it. A person decides which questions actually matter. A person notices what the tool quietly left out. A person checks the claims against primary sources and then draws a conclusion. The references at the end of this article exist for that reason. They are not decoration. Every capability described below was confirmed against current vendor documentation by a person, because an answer you cannot trace is an answer you cannot defend to an auditor, a client, or a board.
So here is what that kind of research turns up. For most of the last twenty years, we have built our defenses around the inside of the business. We deployed Data Loss Prevention platforms, endpoint controls, sensitivity labels, conditional access, email filtering, encryption, and detailed logging. None of that effort was wasted, and those controls still protect confidential documents, customer records, financial data, intellectual property, and regulated information.
But there is one part of the environment that many organizations still treat as furniture rather than as a control point. The browser.
That sounds almost too basic to write about. It’s not. The browser has quietly become the modern workstation. Employees live in it for most of their day. They use it to reach Microsoft 365, Google Workspace, Salesforce, banking portals, HR systems, file sharing platforms, customer portals, and a fast-growing list of generative AI tools. The browsers themselves have also changed. Microsoft Edge and Google Chrome are no longer simple windows onto the internet. They now ship with AI assistants that can read, summarize, rewrite, and act on whatever content sits in front of them. In some cases, those assistants reason across multiple open tabs, and newer modes will carry out multi-step tasks on the user's behalf.
That shift creates a governance question that deserves a direct answer. If we have spent years building DLP boundaries around email, SharePoint, OneDrive, Teams, endpoints, and sanctioned SaaS applications, what actually happens when an employee pastes sensitive information into a public AI prompt through an unmanaged browser?
That is the gap. In my experience, it is wider than most leadership teams assume, and it has opened faster than most security programs have adjusted.
The encouraging part of this story is that both major browser vendors have responded, and what they have shipped is substance rather than a slide.
Microsoft now documents data loss prevention built directly into Edge for Business. The controls cover file uploads, clipboard activity, printing, downloads, and inline browser activity, and they reach unmanaged cloud applications and generative AI services. Microsoft is specific about the AI scenario. Edge for Business can inspect content as a user types or uploads it, then block sensitive information from reaching consumer AI tools, with ChatGPT, Google Gemini, and DeepSeek named as the starting set. As of early 2026, this inline protection is built natively into the browser, which means an organization can turn it on without first deploying Endpoint DLP, and the activity flows into Microsoft Purview and the Defender portals for audit and investigation.
Two details matter more than the feature list. First, the protection follows the sign-in rather than the device. When a user signs into Edge for Business with an Entra ID account, the policy applies whether the device is corporate-managed or personally owned. Second, Microsoft built in circumvention controls. If a user tries to defeat the policy by switching to a browser where the protection does not exist, associated Intune policies can block that path. That is an honest acknowledgment of how people actually behave when a control gets in their way.
Google has taken a parallel route. Chrome Enterprise Core gives organizations centralized browser management, policy enforcement, extension control, version management, and security reporting at no license cost. Chrome Enterprise Premium adds the data protection layer, including DLP rules for copy and paste, uploads, downloads, printing, and screenshots, along with content inspection, URL filtering, and context-aware access that ties resource access to user identity and device posture. The DLP engine can scan a sizable amount of text inside a file to detect regulated data such as Social Security or payment card numbers. Google is also direct about the AI use case. Premium can block sensitive corporate data from being pasted into unsanctioned AI tools and give administrators visibility into which AI services employees are using.
The point here is not that Edge is the right answer and Chrome is the wrong one, or the reverse. Both platforms now give you a real control point in the browser. The point is simpler and more uncomfortable. An unmanaged browser is a control failure waiting to happen, and the tools to close that gap already exist.
The Consider a few situations that play out every week.
A finance employee downloads a confidential spreadsheet from a managed SharePoint site. Inside Microsoft 365, the file is protected and may even carry a sensitivity label. The employee then opens a personal browser profile, signs into a public AI tool, and uploads the spreadsheet for analysis. From where that person sits, they are simply trying to work faster. From an audit and compliance standpoint, the organization may have just lost both visibility and control over regulated data.
Now picture a salesperson preparing for a client meeting. They copy account notes out of the CRM, paste them into a browser-based AI assistant, and ask for a summary of the relationship history. Those notes can contain pricing, contract terms, internal strategy, and customer-specific details. If that browser session is unmanaged, the company has little ability to say where the data went, whether the action was logged, or whether it broke policy.
The same exposure applies to personal devices. Many companies allow access to corporate resources from home computers, tablets, and contractor-owned systems. That can be a reasonable arrangement, but only when the access path is controlled. If the browser is unmanaged, the organization is extending trust to the user, the device, the browser profile, every installed extension, and whatever AI tools happen to be active in that session. That is a great deal of trust for a business that otherwise claims to follow Zero Trust principles.
A managed browser closes most of that gap. It lets an organization define which browser is permitted for corporate access, which profiles are allowed, which extensions can run, what data can be copied or uploaded, and which AI services are sanctioned. It also produces something auditors increasingly ask for, which is a record of what happened.
For years, an assessment could focus on the platform. Show that SharePoint, the email tenant, and the file shares were configured correctly, and that much of the data protection conversation was satisfied.
That is no longer enough. Auditors and examiners have caught up to the fact that a secure platform means little if the person at the keyboard can move the same data into an uncontrolled browser session a moment later. They want to understand how access is governed, how data movement is restricted, how exceptions are captured, and how the organization prevents users from quietly working around the controls. A managed browser gives you a defensible answer to each of those questions. An unmanaged browser leaves you explaining a blind spot.
AI raises the stakes again. Microsoft states that Copilot Chat in Edge can use the context of the page a person is viewing when they consent, and that users signed in with an Entra account receive enterprise data protection, including tenant isolation and the exclusion of that content from model training. Microsoft has also confirmed that existing browser DLP policies now extend to its newer contextual and agentic browsing features, with additional controls layered on for the more autonomous Agent Mode. Google states that Gemini in Chrome can use the context of the current tab, and up to ten additional tabs, when the user turns sharing on, and that administrators control the feature through Chrome Enterprise policy. These assistants are genuinely useful. They are also a reminder that the browser is now a place where sensitive data is actively read and processed, not just displayed.
I would not be doing my job if I implied that turning on browser DLP solves the problem outright. It does not, at least not yet.
The inline AI protections in Edge for Business currently cover a short list of consumer AI tools rather than the entire field, although Microsoft has been steadily expanding that list. New AI services appear constantly, and policy coverage will always lag behind them to some degree. Agentic browsing, where the assistant takes actions on its own, introduces a control surface that is still maturing on both platforms. None of this is a reason to wait. It is a reason to treat browser governance as an ongoing program rather than a one-time project, and to pair it with user education, since a control the workforce does not understand is a control the workforce will try to bypass.
The practical guidance is straightforward, and it does not require a transformation program. Company-owned equipment should use a managed browser with DLP, extension control, and reporting enabled. Personal equipment used for company business should reach corporate data through a governed path, whether that is a managed browser profile, a virtual browser, browser isolation, or another approved access method. Public, unmanaged browser sessions should not be treated as an acceptable route into sensitive business data. Alongside the technical controls, give people a sanctioned AI option and tell them plainly which tools are approved and why, because most data loss through AI is convenience rather than malice.
DLP inside the platform still matters. Endpoint security still matters. Identity controls still matter. But if the browser remains unmanaged, the organization has left a side door open while it reinforces the front entrance.
In the age of AI, the browser is no longer a convenience tool. It is a data control point. The organizations that treat it that way will spend far less time explaining themselves later.
One closing thought, because it returns to where this piece began. The discipline I am asking for around the browser is the same discipline that should govern how we answer our own questions. The tools will help you move quickly, and that is real value. They will not tell you what they left out, and they will not warn you when the shortcut you are taking is the risk itself. That judgment still belongs to the person at the keyboard. Use the tools, then trace the answer to a source you can stand behind.
Reach out today to speak with an iCorps expert and get started with a practical plan for stronger browser governance, Microsoft 365 security, and AI readiness.