- Prompt Security provides Riskified with visibility into and monitoring capabilities of employees’ GenAI use.
- By syncing Okta’s user groups with Prompt Security, Riskified eliminates the need to manually create such groups or customize policies for individual employees.
“We needed a cutting-edge security solution to stay ahead of GenAI risks, and Prompt Security emerged as the perfect fit.” - Yossi Yeshua, CISO at Riskified
Riskified is a fintech leader in fraud and risk intelligence for ecommerce. Its AI-powered platform protects many of the world’s largest online merchants from Prada to Booking.com from payment fraud and various types of first-party and policy abuse.
For years, the company has adhered to a broad, high-level AI policy focused on preventing sensitive data exposure. This approach allowed tech-savvy employees to use GenAI tools with relative freedom, but as Riskified has grown and AI use has expanded across departments, the need for granular policy enforcement has become more apparent.
Securing Riskified from employee-centric GenAI risks
With AI becoming so widespread throughout its ranks, Riskified recognized the need for visibility into and monitoring capabilities of employees’ GenAI use. Such visibility and monitoring are vital to prevent sensitive data exposure, compliance violations, and other repercussions of shadow AI.
“It got to a point where people in every department were using GenAI tools on a regular basis,” according to Yossi Yeshua, CISO at Riskified. “We needed a cutting-edge security solution to stay ahead of GenAI risks, and Prompt Security emerged as the perfect fit.”
After installing Prompt Security’s browser extension for employee-centric risks, it began serving as a filter, sanitizing data and preventing the unwanted sharing of sensitive information.
Currently, Riskified employees have access to many GenAI tools. As the company’s data loss prevention efforts sharpen, employees may face more restrictions on which GenAI tools they can access. If this happens, Prompt Security will begin flagging the use of tools that are not whitelisted.
Integrating employee authentication data from Okta with Prompt Security
Much of the value Riskified gains from working with Prompt Security comes from integration with other solutions, such as Splunk, Slack, Kandji, and, most notably, Okta – an authentication platform that plays a crucial role in the company’s employee governance.
When Riskified first installed Prompt Security, it integrated its user group data from Okta, where it defines policies and access controls for employees. This integration allows Prompt Security to enforce AI-related policies across different user groups, facilitating a more scalable approach to AI security management.
By syncing Okta’s user groups with Prompt Security, Riskified eliminates the need to manually create such groups or customize policies for individual employees. Instead, the company can leverage Okta’s identity data to establish and apply AI security policies tailored to specific user groups. This allows for more granular, department-specific policies.
For example, if a senior leader is interacting with ChatGPT on strategic topics, the policies applied will most likely differ from those enforced for someone in R&D or marketing. Similarly, while some departments may be authorized to upload documents to Claude, others may not.
Keeping a seamless browsing experience for employees
Installing Prompt Security maintained employees’ experience across their preferred browsers – Google, Safari, Arc, and others.
Yossi affirms that Riskified's installation of Prompt Security was smooth: “Employees have maintained their experience across their preferred browsers – Google, Safari, Arc, and others. I would describe the installation as seamless.”
