TL;DR: Traditional cyber security tools struggle with LLMs because conversational context, hidden entry points, and model-side execution do not fit browser security, DLP, or DSPM assumptions, according to Lasso Security. Existing controls were built for static systems and known data flows, while LLM security now needs identity, context, and interaction-aware governance.
NHIMG editorial — based on content published by Lasso Security: Can Common Cyber Security Tools Handle Large Language Model Risks?
Questions worth separating out
Q: How should security teams govern LLM use when browser security is not enough?
A: Treat browser controls as one layer only.
Q: Why do DLP and DSPM miss many LLM risks?
A: DLP and DSPM were built for static data inspection, not for conversational systems that reveal or transform data over multiple turns.
Q: What do organisations get wrong about Shadow AI discovery?
A: They often look for a single sanctioned platform instead of mapping every way employees can reach LLMs.
Practitioner guidance
- Map all LLM entry points Inventory direct chat use, embedded copilots, vendor apps, and API-connected models so Shadow AI does not remain outside policy, logging, and review.
- Instrument prompt and tool-call logging Capture prompts, responses, and connected tool actions together so investigators can reconstruct context and see where model execution crosses into internal systems.
- Extend DLP beyond outbound inspection Tune controls for incremental disclosure, prompt injection, and risky inbound content entering developer and analyst workflows, not only outbound exfiltration.
What's in the full article
Lasso Security's full research covers the operational detail this post intentionally leaves for the source:
- Side-by-side control limitations for browser security, DLP, and DSPM in LLM environments
- Examples of prompt injection and jailbreak behaviour that defeat static content inspection
- Practical distinctions between web-based LLM use, embedded models, and API-driven workflows
- The vendor's framing of why LLM-focused security requires purpose-built monitoring and context analysis
👉 Read Lasso Security's analysis of common cyber security tools and LLM risk →
LLM risk and the governance gap traditional security tools miss?
Explore further
LLM security exposes a control mismatch, not just a tooling gap. Browser security, DLP, and DSPM each solve a narrower problem than LLM governance requires. The article shows that the risk sits in the interaction layer, where users, prompts, data, and tool execution meet. Practitioners should stop treating LLMs as if they were ordinary web sessions or static data repositories.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can teams decide whether an LLM needs stricter governance?
A: Start with the data it can access, the tools it can call, and whether its responses can influence internal workflows. The more an LLM can read, generate, or trigger inside business systems, the more it belongs under identity, logging, and access governance rather than only content filtering.
👉 Read our full editorial: Traditional cyber security tools fall short for LLM risk
LLM security exposes a control mismatch, not just a tooling gap. Browser security, DLP, and DSPM each solve a narrower problem than LLM governance requires. The article shows that the risk sits in the interaction layer, where users, prompts, data, and tool execution meet. Practitioners should stop treating LLMs as if they were ordinary web sessions or static data repositories.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can teams decide whether an LLM needs stricter governance?
A: Start with the data it can access, the tools it can call, and whether its responses can influence internal workflows. The more an LLM can read, generate, or trigger inside business systems, the more it belongs under identity, logging, and access governance rather than only content filtering.
👉 Read our full editorial: Traditional cyber security tools fall short for LLM risk