Full Report
Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. [...]
Analysis Summary
# Tool/Technique: Browser-Based Data Exfiltration (DLP Bypass)
## Overview
This technique involves the exfiltration of sensitive organizational data through standard web browser functionalities that bypass traditional network and endpoint Data Loss Prevention (DLP) controls. It exploits the shift toward SaaS-based workflows and generative AI tools, where data is moved via browser-native actions like copying/pasting and direct text input rather than traditional file transfers.
## Technical Details
- **Type**: Technique / Data Exfiltration Vector
- **Platform**: Cross-platform (Windows, macOS, Linux) via Web Browsers (Chrome, Edge, Firefox, etc.)
- **Capabilities**: Clipboard manipulation, direct form injection, unsanctioned SaaS uploads, and AI prompt-based exfiltration.
- **First Seen**: Ongoing; heightened significance noted in May 2026 reports regarding AI integration.
## MITRE ATT&CK Mapping
- **[TA0010 - Exfiltration]**
- **[T1048 - Exfiltration Over Alternative Protocol]** (Exfiltration via HTTP/S to unsanctioned SaaS)
- **[T1567 - Exfiltration Over Web Service]**
- **[T1567.002 - Exfiltration to Cloud Storage]** (Personal Google Drive/Dropbox)
- **[TA0009 - Collection]**
- **[T1115 - Clipboard Data]** (Copying proprietary code/records for pasting into external tools)
## Functionality
### Core Capabilities
- **Clipboard Exfiltration:** Users copy source code, credentials, or PII from internal/sanctioned applications and paste them into unsanctioned external web apps or personal email.
- **Form Input Interception Bypass:** Data is typed directly into web forms or AI prompts (e.g., ChatGPT, Claude), which traditional network filters often permit as legitimate HTTPS traffic.
- **Shadow SaaS Usage:** Uploading sensitive documents to personal versions of sanctioned apps (e.g., uploading a corporate PDF to a personal Google Drive or personal ChatGPT account).
### Advanced Features
- **Contextual Evasion:** The activity mimics legitimate work behavior. Because the browser session is encrypted and the destination (e.g., `chatgpt[.]com`) is often "allowed" by web filters, the content of the data transfer remains invisible to traditional inspection.
- **No-File Exfiltration:** By converting file-based data into text prompts or clipboard events, actors bypass DLP rules that specifically look for file extensions or file-transfer protocols.
## Indicators of Compromise
- **File Hashes:** N/A (Focus is on text-based movement).
- **File Names:** N/A.
- **Registry Keys:** N/A.
- **Network Indicators:**
- `chatgpt[.]com` (Unsanctioned personal instances)
- `drive[.]google[.]com` (Personal accounts)
- `github[.]com` (Personal repositories)
- **Behavioral Indicators:**
- Large "Paste" events within browser sessions.
- Frequent interaction with AI tool API endpoints from sensitive workstations.
- High volume of data sent to `https` destinations not categorized as corporate storage.
## Associated Threat Actors
- **Insider Threats:** Employees (intentional or accidental).
- **External Adversaries:** Threat actors utilizing "Living off the Browser" techniques to exfiltrate gathered intelligence via web-based tools.
## Detection Methods
- **Behavioral Detection:** Monitoring for `paste` events and `POST` requests to AI/SaaS domains that exceed specific character counts.
- **Browser-Native DLP:** Tools like *Keep Aware* that hook into the browser's DOM and clipboard triggers to inspect data *before* it is encrypted and sent to the network.
- **Extension-Based Monitoring:** Using enterprise browser extensions to log activity within web forms.
## Mitigation Strategies
- **Browser-Native Controls:** Implementing DLP solutions that reside within the browser to gain visibility into the clipboard and form inputs.
- **SaaS Instance Awareness:** Distinguishing between corporate and personal instances of platforms like Microsoft 365 or Google Workspace.
- **Clipboard Restrictions:** Disabling copy/paste functionalities on highly sensitive web applications.
- **AI Policy Enforcement:** Utilizing CASB (Cloud Access Security Broker) or Browser Security platforms to block or audit prompts sent to Generative AI platforms.
## Related Tools/Techniques
- **Keep Aware:** A browser-based DLP solution designed to mitigate these specific gaps.
- **Man-in-the-Browser (MitB):** A related attack vector where malware intercepts this same data for malicious purposes.
- **Shadow IT:** The broader category of using unauthorized software/services.