Industry Insights

Why SASEs Suck at Controlling AI Use

May 28, 2025

An engineer opens ChatGPT Free in a browser, signs in with a Gmail address, and pastes in code from a recent sprint to troubleshoot an error.

Your SASE logs traffic to OpenAI, but it can’t distinguish between personal and corporate access. From the network’s perspective, ChatGPT Free looks identical to ChatGPT Enterprise.

Most companies believe they’re covered: they buy a few GenAI tool licenses and block the rest with their SASE or CASB tool.

SASE has been great at what it was built for. It just wasn’t built for GenAI. It lacks app context, has no prompt-level visibility, relies on noisy DLP, and treats “AI” as a monolithic category.

Let’s dig in 👇

Zero Visibility into App Plans

45.4% of GenAI usage still happens on personal accounts.

SASE can’t tell which plan or tenant a user is logged into. ChatGPT Free and Enterprise are indistinguishable from the network’s point of view.

Even when companies think they’ve locked things down, sensitive data still flows through unapproved accounts lacking proper controls.

If your tools can’t see login context or plan tier, they can’t enforce your policy.

No Prompt-Level Visibility

Most SASE and CASB tools operate at the network or application level. They can tell you that 37 users visited chat.openai.com last week, or that 500MB of data was sent to a GenAI tool. But that’s about where their insight ends.

They don’t know what was typed into the prompt. Was it marketing copy? Source code? A customer’s financial file? 

There’s no way to know. No ability to review. No way to respond. 

And in GenAI workflows, the risk is in the prompt. This context matters. Is it unreleased product plans, internal metrics, legal language, or regulated customer records?

Once that data hits the prompt field, it’s too late. The model has it. There’s no audit trail, no retraction, and no reliable way to prove what was sent or ensure it’s protected. 

DLP Noise is Unpalatable

So why not just turn on DLP?

Because the noise will bury your team. 99% of alerts are false positives. Analysts spend hours chasing phantoms, and the real risks slip through.

You can’t safely run it in monitor mode either. Once the data is gone, it’s gone. You can’t pull it back from an AI model.

And the user experience? Even worse. Blocking is necessary to prevent leaks, but most organizations aren’t confident enough in their rules or labeling to do it safely.

So users find ways around it. They copy text to personal devices. They email it to themselves. This isn’t a hypothetical; it happens at every company.

You cannot label everything. Even if you could, prompt data is messy and unstructured. Your existing rules were never designed for this.

The Concept of an “AI Category” is Utter Nonsense

Finally, one of the strangest myths in security today is the idea that you can block AI by blocking an “AI category.”

This strategy fails for multiple reasons:

  1. New tools launch constantly. You’re always behind. How long was DeepSeek in use before it showed up in your SASE’s AI category?

  2. Embedded AI is everywhere. SaaS apps increasingly have AI features on the backend or via subprocessors: Grammarly, Gamma, DocuSign, Salesforce, and many others.

Having an “AI category” is like having an “internet” category. It’s absurd.

Harmonic Complements Your SASE

To be clear, this isn’t a teardown of SASE. It’s great at what it was built for. It just wasn’t built for GenAI.

Harmonic complements your CASB tool with prompt-level insights and controls. Its pre-trained data protection models detect sensitive information in real time, even if it’s unlabeled. It also knows whether someone is using ChatGPT Free with a personal login or Claude with a corporate one.

It flags risky behavior before data is exposed and guides users with quiet nudges instead of disruptive blocks. Harmonic handles the messy, unstructured edge cases that DLP and SASE weren’t built for. 

Critically, the outcome for enterprises is that employees feel enabled, not blocked, so that AI adoption thrives.

And the best bit? It’s up and running in 30 mins. If you want to learn more, get in touch with the team: harmonic.security/get-demo

Request a demo

Michael Marriott