LayerX Security

🛡️ 𝗡𝗘𝗪: 𝗟𝗮𝘆𝗲𝗿𝗫 𝗜𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲. 𝗧𝗵𝗮𝘁’𝘀 𝗿𝗶𝗴𝗵𝘁. 𝗜𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲. Because after years of policies, trainings, banners, warnings, and “friendly reminders,” we have accepted the truth: 𝗬𝗼𝘂 𝗰𝗮𝗻𝗻𝗼𝘁 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗲𝗺𝗽𝗹𝗼𝘆𝗲𝗲 𝗯𝗲𝗵𝗮𝘃𝗶𝗼𝗿 𝗮𝗻𝘆𝘄𝗮𝘆. 📋 𝗦𝗼 𝗻𝗼𝘄 𝘄𝗲 𝗰𝗼𝘃𝗲𝗿: • “just pasting this for context” • “it’s only one spreadsheet” • “I didn’t upload the whole deck” • “I thought Copilot was private” 𝗣𝗿𝗲𝗺𝗶𝘂𝗺 includes prompt regret protection. 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 includes one free panic per quarter. Emotional support sold separately. Just kidding. It’s included.

The browser has become a critical workspace—and securing it is essential. We're looking forward to teaming up with LayerX Security to help businesses address modern security challenges with confidence and protect what matters most.

Intel Business and LayerX join forces. 🤜🤛 To bring AI security to the endpoint. The Idea behind it? If AI risk happens in real time, AI security has to happen locally too. ⚡ Prompts, uploads, outputs, and live session behavior all happen at the point of action. If the control point is still in the cloud, you are trying to solve a sensitive data problem by sending the data somewhere else first, while also adding latency, reliability gaps, and cost. Local analysis changes that. 🔒 Sensitive data stays on the device, and decisions can happen in real time. That is where Intel comes in. Intel WebGPU frameworks and Intel Core Ultra processors give LayerX the on-device performance needed for local SLM-based protections without disrupting the user experience. In LayerX testing, Intel Core Ultra X7 358H delivered up to 2x faster performance than AMD Ryzen AI 9 365 across three LayerX performance tests. 𝗧𝗵𝗮𝘁 𝗰𝗵𝗮𝗻𝗴𝗲𝘀 𝘄𝗵𝗮𝘁 𝗔𝗜 𝘂𝘀𝗮𝗴𝗲 𝗰𝗼𝗻𝘁𝗿𝗼𝗹 𝗹𝗼𝗼𝗸𝘀 𝗹𝗶𝗸𝗲 𝗶𝗻 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲: true data classification for unstructured business data, understanding user intent across a full session, detection of prompt injection and jailbreaking, and monitoring LLM output before it reaches the user. 🤖 This is AI usage control at the point of action, on-device, in the browser, private, fast, and always on, with real-time decisions and no cloud round trips. Read more 👉 https://lnkd.in/dKtYY3En

RSAC Conference 𝗶𝘀 𝗵𝗲𝗿𝗲. And this week, we’re in San Francisco meeting with security teams to talk about a growing AI governance challenge: how to control prompts, uploads, and in-session actions. At our session, we’ll show what changes when 𝗚𝗼𝗼𝗴𝗹𝗲 𝗚𝗲𝗺𝗶𝗻𝗶 𝗡𝗮𝗻𝗼 𝗿𝘂𝗻𝘀 𝗶𝗻𝘀𝗶𝗱𝗲 𝗖𝗵𝗿𝗼𝗺𝗲 𝘃𝗶𝗮 𝘁𝗵𝗲 𝗣𝗿𝗼𝗺𝗽𝘁 𝗔𝗣𝗜 and why that matters for securing AI interactions. 🎤 𝗙𝗿𝗼𝗺 𝗣𝗿𝗼𝗺𝗽𝘁 𝘁𝗼 𝗣𝘄𝗻: 𝗔𝗯𝘂𝘀𝗶𝗻𝗴 𝗕𝗿𝗼𝘄𝘀𝗲𝗿 𝗦𝗺𝗮𝗹𝗹 𝗟𝗮𝗻𝗴𝘂𝗮𝗴𝗲 𝗠𝗼𝗱𝗲𝗹𝘀 𝗧𝗵𝘂, 𝗠𝗮𝗿𝗰𝗵 𝟮𝟲 | 𝟭𝟮:𝟮𝟬 𝗣𝗠 𝗣𝗧 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 & 𝗧𝗵𝗿𝗲𝗮𝘁𝘀, 𝗛𝗧-𝗥𝟬𝟱 At RSAC and want to talk about securing AI interactions? Book time with us here: https://lnkd.in/e5XggiQc

San Francisco, we’re on our way! 🌉 LayerX will be at RSAC next week, meeting with security teams thinking seriously about AI governance, especially the prompts, uploads, and in-session actions happening across chat tools, websites, and enterprise apps. We’re also taking the stage: 🎤 𝗙𝗿𝗼𝗺 𝗣𝗿𝗼𝗺𝗽𝘁 𝘁𝗼 𝗣𝘄𝗻: 𝗔𝗯𝘂𝘀𝗶𝗻𝗴 𝗕𝗿𝗼𝘄𝘀𝗲𝗿 𝗦𝗺𝗮𝗹𝗹 𝗟𝗮𝗻𝗴𝘂𝗮𝗴𝗲 𝗠𝗼𝗱𝗲𝗹𝘀 A look at Google Gemini Nano inside Chrome, exposed through the Prompt API, and what that means for enterprise AI governance at the interaction layer. 📅 Thu, March 26, 12:20 📍 Hackers & Threats, HT-R05 In town for RSAC? Book time with us to talk about securing AI interactions: https://lnkd.in/e5XggiQc

🔎 𝗬𝗲𝘀𝘁𝗲𝗿𝗱𝗮𝘆 𝘄𝗲 𝘀𝗵𝗮𝗿𝗲𝗱 𝗼𝘂𝗿 𝗣𝗼𝗶𝘀𝗼𝗻𝗲𝗱 𝗧𝘆𝗽𝗲𝗳𝗮𝗰𝗲 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵. 𝗡𝗼𝘄 𝘄𝗲 𝗵𝗮𝘃𝗲 BleepingComputer’𝘀 𝘁𝗮𝗸𝗲. Their coverage breaks down our finding that malicious commands can be hidden from AI tools in the rendering layer, while the underlying HTML still looks harmless to the assistant. 𝗦𝗼 𝘁𝗵𝗲 𝘂𝘀𝗲𝗿 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗮𝘀𝘀𝗶𝘀𝘁𝗮𝗻𝘁 𝗮𝗿𝗲 𝗻𝗼𝘁 𝗮𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝗿𝗲𝗮𝗱𝗶𝗻𝗴 𝘁𝗵𝗲 𝘀𝗮𝗺𝗲 𝗽𝗮𝗴𝗲. Most vendors treated this as out of scope because it relied on social engineering. 𝗧𝗵𝗮𝘁 𝗶𝘀 𝘁𝗵𝗲 𝗴𝗮𝗽 𝗯𝗲𝘁𝘄𝗲𝗲𝗻 𝘄𝗵𝗮𝘁 𝗔𝗜 𝗽𝗹𝗮𝘁𝗳𝗼𝗿𝗺𝘀 𝘀𝗲𝗰𝘂𝗿𝗲 𝗮𝗻𝗱 𝘄𝗵𝗮𝘁 𝘂𝘀𝗲𝗿𝘀 𝘁𝗵𝗶𝗻𝗸 𝘁𝗵𝗲𝘆 𝘀𝗲𝗰𝘂𝗿𝗲. People are starting to use AI assistants as safety validators for web content. But if the model reads page source and not rendered meaning, false reassurance becomes part of the attack path. 𝗧𝗵𝗲 𝘄𝗲𝗯 𝗶𝘀 𝗻𝗼𝘁 𝗷𝘂𝘀𝘁 𝗛𝗧𝗠𝗟, 𝗮𝗻𝗱 𝘁𝗲𝘅𝘁-𝗼𝗻𝗹𝘆 𝗮𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗶𝘀 𝗻𝗼𝘁 𝗲𝗻𝗼𝘂𝗴𝗵. 📰 Thanks to Bill Toulas for the coverage: https://lnkd.in/e6cttdq8

🤖 𝗜𝘁’𝘀 𝘀𝗼 𝗲𝗮𝘀𝘆 𝘁𝗼 𝘁𝗿𝗶𝗰𝗸 𝗔���� 𝘁𝗵𝗮𝘁 𝘄𝗲 𝗴𝗼𝘁 𝗶𝘁 𝘁𝗼 𝘁𝗲𝗹𝗹 𝗮 𝘂𝘀𝗲𝗿 𝘁𝗵𝗲 𝗽𝗮𝗴𝗲 𝘄𝗮𝘀 𝘀𝗮𝗳𝗲, 𝗲𝘃𝗲𝗻 𝘄𝗵𝗶𝗹𝗲 𝗱𝗶𝗿𝗲𝗰𝘁𝗶𝗻𝗴 𝘁𝗵𝗲𝗺 𝘁𝗼 𝘀𝘁𝗲𝗽𝘀 𝘁𝗵𝗮𝘁 𝘄𝗼𝘂𝗹𝗱 𝗹𝗲𝗮𝗱 𝘁𝗼 𝗮 𝗿𝗲𝘃𝗲𝗿𝘀𝗲 𝘀𝗵𝗲𝗹𝗹. In our latest research, we built a page where the DOM looked harmless, mostly Bioshock fanfiction and an encoded blob, while the browser rendered something very different: terminal-style instructions visible only in the rendering layer. 🔍 That is the blind spot: text-only parsers see benign content, while users see attacker-controlled instructions. What the user sees is not what the AI assistant sees. This creates a structural disconnect between how AI assistants interpret a page and how people experience it in the browser. In our testing, every non-agentic assistant failed to detect the hidden text. AI-assisted social engineering gets easier when the assistant gives false reassurance. AI-assisted security workflows develop a blind spot when they analyze page source, not rendered meaning. 𝗔𝗜 𝘀𝗵𝗼𝘂𝗹𝗱 𝗻𝗼𝘁 𝗯𝗲 𝘆𝗼𝘂𝗿 𝘃𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻 𝗳𝗼𝗿 𝘄𝗲𝗯 𝗰𝗼𝗻𝘁𝗲𝗻𝘁. It does not reliably see what the user sees. 📎 Read the research: https://lnkd.in/egRDt-nD

Shadow AI isn't just employees opening ChatGPT on their own. It's the AI quietly embedded in your SaaS apps, browser extensions, and everyday workflows - often invisible to security teams entirely. Our VP Sales David S. spoke at the e-Crime & Cybersecurity Congress Events Series in London this week, and the packed room said it all: Organizations are waking up to this challenge fast. The browser is where AI interactions happen. It's where sensitive data is exposed - often unintentionally. And it's where security teams need visibility most. Enabling AI safely isn't about blocking it. It's about seeing it. https://lnkd.in/dh8UVzid 

Great insights from our own David Besnainou featuring a conversation with Lane Bess - a leader who helped scale Palo Alto Networks and Zscaler, and now leads Deep Instinct. Lane shares timeless lessons on building and scaling cybersecurity companies: ✅Disruption happens when infrastructure becomes outdated - and that's where opportunity lives. ✅Great companies start by solving large problems, not narrow ones. ✅Early teams need a different DNA than growth-stage teams - know when to evolve. ✅Channel partners are shifting from distributors to strategic solution advisors. ✅AI is changing both the attack and defense landscape - prevention is the future. ✅Innovation keeps coming from new ecosystems - including AI Usage Control (👏 that's us). At LayerX, we're proud to be part of the next wave of cybersecurity innovation Lane highlights - building the AI Usage Control category from the ground up. https://lnkd.in/et4rRw5z

Our Co-Founder & CEO, Or Eshed, wrote a Dark Reading commentary on why banning AI browsers backfires, plus what controlled enablement looks like for security teams. Gartner recently recommended that enterprises ban AI browsers. The impulse makes sense. AI browsers integrate AI sidebars that risk sensitive data exposure, backend connections to third-party services, plus prompt injection vulnerabilities that manipulate browser behavior. 🔒🤖 But banning something people want to use won't make it go away. Prohibition already ran this experiment once. The browser now accounts for more than 85% of the workday, and LayerX research shows 20% of enterprise users already have a GenAI browser extension installed. Claude in Chrome hit 800,000 downloads, and Perplexity’s Comet passed 1 million on Google Play. Adoption is not waiting for policy. 🔍 Banning AI browsers will not limit the risk they pose. The likely outcome is lost visibility into real cyber risks as they unfold, right in the last mile, inside the browser session where prompts, uploads, and identity choices happen. Read the Dark Reading commentary: https://lnkd.in/ebQqUiN2