LLM risk and the governance gap traditional security tools miss

TL;DR: Traditional cyber security tools struggle with LLMs because conversational context, hidden entry points, and model-side execution do not fit browser security, DLP, or DSPM assumptions, according to Lasso Security. Existing controls were built for static systems and known data flows, while LLM security now needs identity, context, and interaction-aware governance.

NHIMG editorial — based on content published by Lasso Security: Can Common Cyber Security Tools Handle Large Language Model Risks?

Questions worth separating out

Q: How should security teams govern LLM use when browser security is not enough?

A: Treat browser controls as one layer only.

Q: Why do DLP and DSPM miss many LLM risks?

A: DLP and DSPM were built for static data inspection, not for conversational systems that reveal or transform data over multiple turns.

Q: What do organisations get wrong about Shadow AI discovery?

A: They often look for a single sanctioned platform instead of mapping every way employees can reach LLMs.

Practitioner guidance

• Map all LLM entry points Inventory direct chat use, embedded copilots, vendor apps, and API-connected models so Shadow AI does not remain outside policy, logging, and review.
• Instrument prompt and tool-call logging Capture prompts, responses, and connected tool actions together so investigators can reconstruct context and see where model execution crosses into internal systems.
• Extend DLP beyond outbound inspection Tune controls for incremental disclosure, prompt injection, and risky inbound content entering developer and analyst workflows, not only outbound exfiltration.

What's in the full article

Lasso Security's full research covers the operational detail this post intentionally leaves for the source:

• Side-by-side control limitations for browser security, DLP, and DSPM in LLM environments
• Examples of prompt injection and jailbreak behaviour that defeat static content inspection
• Practical distinctions between web-based LLM use, embedded models, and API-driven workflows
• The vendor's framing of why LLM-focused security requires purpose-built monitoring and context analysis

👉 Read Lasso Security's analysis of common cyber security tools and LLM risk →

LLM risk and the governance gap traditional security tools miss?

Explore further

View Full Forum →  |  NHI Foundation Course →