How to Build a Secure Browser for AI, With Ofer Ben Noon, Former Founder and CEO, Talon Security

For years, large enterprises have built rigorous practices to make sure employees choose and use software that’s secure and compliant. But GenAI tools are throwing a wrench in everything. What does it mean for a GenAI tool to be secure enough for the world’s largest enterprises? How do you make sure employees don’t upload sensitive customer data to a model?

Nobody knows better than Ofer Ben Noon. He built Talon Security, a first of its kind secure browser that was acquired by Palo Alto Networks a few years back. His team is responsible for securing anything an employee could conceivably do in a browser, and has profiled thousands of GenAI tools and their security risks. A few conversation highlights:

On the biggest technical challenge in building a secure enterprise browser:

“Chromium is the largest codebase in the world. It’s a crazy open source project. In a sense, every single day we need to compile over a dozen different browsers across operating systems and environments. And we need to run thousands (and in some cases hundreds of thousands) of unit tests against those browsers. And this just to compile it – then you need to start really building the capabilities that make it secure.”

On the biggest security risks with using AI tools in the browser:

“Privacy is #1. People are asking ChatGPT things like hey, I have this big spreadsheet full of social security numbers, can you rewrite it in a different way? Or a long list of credit card numbers, etc. And at the same time, any companies who want to be category leaders need to be using AI. But they also need to remain compliant, secure, and make sure that employees aren’t uploading sensitive customer data. In the same sense that you wouldn’t let an employee install just any SaaS app, the same is true with GenAI models.”

On how you actually build a secure browser on top of ChatGPT:

“You need to have an army of analysts (some human, some machine) to understand for each service in a browser: is it a GenAI service? How secure is it? What’s it running on? Is it compliant? Each organization is going to have services that they feel comfortable with and don’t feel comfortable with. We give customers a risk level of >1000 GenAI services, with dozens of parameters on each one, so they can make their own decision.”

‍