Governing AI Across a Global Automotive Manufacturer and Race Team

A global automotive manufacturer and race team with some of the most valuable intellectual property in engineering. A workforce that needed AI to stay competitive. A security team with no visibility into what was leaving through it.

The Starting Position

In industries where even the smallest competitive advantages can make all the difference, the question around AI is never whether to allow it. The business case for adoption is too strong, the productivity gains too real, and the cost of falling behind too obvious. The question is how to enable it without handing that advantage to anyone paying attention.

For this manufacturer, AI had become an integral part of how teams work. From engineers exploring design options, to data analysts working through modeling scenarios, to operations specialists handling complex logistics problems, staff had found tools that made their work faster and better. The organization had no interest in removing that.

What the security team lacked was any visibility into how those tools were being used. Their web gateway could confirm that staff were visiting AI platforms. It could tell them which domains. It could not tell them what was being submitted, which accounts were in use, or whether any of the content involved information that competitors would find valuable. The team needed certainty that they wouldn’t be giving away crucial IP while using the platforms they relied on.

The Gap in Plain Terms

The organization had no way to distinguish between an employee using a corporate-licensed, data-protected AI platform and one using a free consumer tool that trains on everything submitted to it. Both looked the same from the web gateway. Both showed up as a visit to an AI site. The data going in, and where it ended up, was entirely invisible.

Existing DLP controls, built around document classification, file transfers, and pattern matching for structured data, had no coverage over free-text AI prompts. An engineer describing a new suspension geometry to ChatGPT triggers no regex rule. A sourcing strategist asking an AI to model scenarios based on confidential supplier terms matches no classification label. The sensitivity in both cases needs to be derived from the context rather than the format.

What the Proof of Value Found

Harmonic was deployed as a browser extension through the organization's existing device management infrastructure, with no new agents, no infrastructure changes, and no disruption to users. An initial monitoring period ran in silent mode, giving the security team an accurate picture of real behavior before any controls were applied.

The findings validated the concern. AI usage was widespread and distributed across functions, with a significant proportion occurring on platforms that offered no meaningful data protection assurance. According to Harmonic's cross-customer data, 72% of AI tools in active enterprise use either explicitly train on user inputs or operate under terms that provide no clear restriction on doing so. The picture here was consistent with that pattern.

Personal account usage was material, including on platforms where the organization held enterprise licenses. An employee using an enterprise-licensed AI platform is covered by a Data Processing Agreement. The same employee, logged into a personal account on the same platform, is not. The two scenarios are indistinguishable to the user. Without prompt-level visibility, they are indistinguishable to the security team as well.

The data categories appearing in prompts spanned technical and strategic content: design and engineering material, supplier and procurement context, operational and logistical information. None of it carried a classification label. None of it would have been caught by the DLP tooling already in place. All of it was exactly the kind of information that a well-resourced competitor would find useful.

Sensitive technical and strategic content detected across engineering, design, and operations functions

Personal account usage confirmed on enterprise-licensed platforms across multiple teams

72% of AI tools in active use provide no meaningful data protection assurance (Harmonic research, 2025)

Why Pattern-Matching Fails Here

The fundamental problem with applying traditional DLP to AI prompts is that the sensitivity of the content is semantic rather than structural. DLP tools built on pattern matching look for things with a recognizable shape: a Social Security number, a credit card format, a known file classification. They are reliable when data has structure but blind when it does not.

In a manufacturing and motorsport environment, the most valuable data rarely has structure. Technical IP lives in descriptions, in analysis, in the reasoning behind a design decision rather than in a labeled file. Strategic information lives in the framing of a question as much as the answer. The person asking an AI to evaluate a proposed aerodynamic change is not pasting a structured record into a prompt. They are describing their thinking in plain language, and that thinking is the asset.

Harmonic's small language models are trained to read prompts the way a person would, identifying sensitive content from meaning and context rather than from patterns. In environments where the primary risk is technical and strategic IP rather than regulated personal data, that capability is not an enhancement to existing DLP. It is a different approach to a different problem.

Moving from Visible to Governed

Following the proof of value, the deployment moved through three structured phases.

Phase 1: Control High-risk platforms (those operating under data training terms or without enterprise agreements) were blocked at the browser level. For platforms in active use by the widest portion of the workforce, policy controls were applied to intercept sensitive content categories before submission.

Phase 2: Integrate The deployment was connected to the organization's identity provider, enriching alerts with department and role context. Reporting views were configured for the security and governance teams responsible for AI oversight. SIEM integration gave the security operations team access to AI-related events alongside their existing alert pipeline.

Phase 3: Enable Inline interventions were introduced to replace blanket blocks in most scenarios: when a user submits content that triggers a policy rule, the intervention redirects them toward an approved platform or removes the sensitive element from the prompt before submission. The objective is to keep staff productive while keeping sensitive content protected, rather than treating access restriction as the primary control.

The Outcome

Within three weeks, the security team had a complete and accurate picture of AI usage across the organization: which tools were in use, which accounts, which data categories, which teams. None of that had existed before. The findings supported a board-level case for investment in AI governance and provided the baseline from which policy could be written against real behavior rather than assumptions.

For a business where the advantage is built on knowing things competitors do not, the ability to use AI without inadvertently narrowing that gap is fundamental to the business case for AI adoption itself.

To find out more or discuss how this could apply to your organization, visit harmonic.security or get in touch with the team directly.

‍