Prevent Generative AI Data Leaks with Chrome Enterprise DLP

Posted Kaleigh Rosenblat, Chrome Enterprise Senior Staff Software Engineer, Security Lead

Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks. From customized content creation to source code generation, it can increase both our productivity and creative potential.

Businesses want to leverage the power of LLMs, like Gemini, but many may have security concerns and want more control around how employees make sure of these new tools. For example, companies may want to ensure that various forms of sensitive data, such as Personally Identifiable Information (PII), financial records and internal intellectual property, is not to be shared publicly on Generative AI platforms. Security leaders face the challenge of finding the right balance — enabling employees to leverage AI to boost efficiency, while also safeguarding corporate data.

In this blog post, we'll explore reporting and enforcement policies that enterprise security teams can implement within Chrome Enterprise Premium for data loss prevention (DLP).

1. View login events* to understand usage of Generative AI services within the organization. With Chrome Enterprise's Reporting Connector, security and IT teams can see when a user successfully signs into a specific domain, including Generative AI websites. Security Operations teams can further leverage this telemetry to detect anomalies and threats by streaming the data into Chronicle or other third-party SIEMs at no additional cost.

2. Enable URL Filtering to warn users about sensitive data policies and let them decide whether or not they want to navigate to the URL, or to block users from navigating to certain groups of sites altogether.


For example, with Chrome Enterprise URL Filtering, IT admins can create rules that warn developers not to submit source code to specific Generative AI apps or tools, or block them.

3. Warn, block or monitor sensitive data actions within Generative AI websites with dynamic content-based rules for actions like paste, file uploads/downloads, and print. Chrome Enterprise DLP rules give IT admins granular control over browser activities, such as entering financial information in Gen AI websites. Admins can customize DLP rules to restrict the type and amount of data entered into these websites from managed browsers.

For most organizations, safely leveraging Generative AI requires a certain amount of control. As enterprises work through their policies and processes involving GenAI, Chrome Enterprise Premium empowers them to strike the balance that works best. Hear directly from security leaders at Snap on their use of DLP for Gen AI in this recording here.

Learn more about how Chrome Enterprise can secure businesses just like yours here.

*Available at no additional cost in Chrome Enterprise Core

Chrome Dev for Android Update

Hi everyone! We've just released Chrome Dev 126 (126.0.6423.0) for Android. It's now available on Google Play.

You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.

If you find a new issue, please let us know by filing a bug.

Harry Souders
Google Chrome

Use annotations to enhance your presentations in Google Meet

What’s changing 

We’re excited to introduce annotation tools in Google Meet. Presenters and their appointed co-annotators can use these tools to highlight content or make other notations over presented content. Annotations will be on by default when you begin presenting — you can open the annotations menu to access various tools such as a pen, disappearing ink, sticker, text box, and more. 


To assign a co-annotator, from the people panel or by hovering over a user’s video tile, select more options (three-dot icon) > add as co-annotator. For more information about who can co-annotators, see the “Additional details” section below. 


Annotating and co-annotating are available for select Google Workspace editions (see availability section below). Anyone can view annotated content during a meeting.


Selecting various annotation tools


Using the pen tool to highlight a specific section of presented content




Who’s impacted

End users


Why you’d use it

Annotation tools can help you better showcase content and engage with your audience while presenting content in Google Meet. They can be useful in a variety of situations, including:

  • Guiding large groups of users through content, such as a new software training
  • Capturing information in real time, like jotting down brainstorming ideas
  • Building on concepts in the classroom, like creating a sentence structure or highlighting key information to help students think through a problem
  • Demonstrating steps to solve a math equation


Additional details

At the time of launch, please note that:
  • Android users can use annotations when they present their screen and select the Entire Screen option. Android co-annotation will follow in a future release.
  • iOS users cannot use annotations when presenting. They can use annotations if they are appointed a co-annotator by a web user.
We’ll provide more information here on the Workspace Updates blog as functionality for mobile devices expands.


Meet hardware availability
Annotations will be available on Series Desk 27 and Board 65 devices during a future release. When support is added, you’ll be able to add these boards as a co-annotator.

Getting started

  • Admins: There is no admin control for this feature.
  • End users: This feature will be available when you initiate a presentation in Google Meet. Visit the Help Center to learn more about using annotations in Google Meet.

Rollout pace


Availability

Available for Google Workspace:
  • Business Starter, Standard, and Plus
  • Enterprise Starter, Standard, and Plus
  • Frontline Starter and Standard
  • Essentials, Enterprise Essentials, and Enterprise Essentials Plus
  • Education Standard, Plus, the Teaching & Learning Upgrade
  • Workspace Individual subscribers


Resources


Google Ads API v14 sunset reminder

Google Ads API v14 will sunset on June 5, 2024. After this date, all v14 API requests will begin to fail. Migrate to a newer version prior to June 5, 2024 to ensure your API access is unaffected.

Here are some resources to help you with the migration: You can view a list of methods and services your project has recently called using the Google Cloud Console:
  1. Open the Dashboard page (found under APIs & Services) in the Google Cloud Console.
  2. Click on Google Ads API in the table.
  3. On the METRICS subtab, you should see your recent requests plotted on each graph. At the bottom of the page, you’ll see the Methods table, where you can see which methods you’ve sent requests to. The method name includes a Google Ads API version, a service, and a method name, e.g., google.ads.googleads.v14.services.GoogleAdsService.Mutate. In this way, you can see all versions that you’ve used recently.
  4. (Optional) Click on the time frame at the top right of the page if you need to change it.
If you have questions while you’re upgrading, reach out to us on the forum or at [email protected].
 - Thanet Knack Praneenararat, Google Ads API Team

How I Learned To Stop Writing Brittle Tests and Love Expressive APIs

This article was adapted from a Google Testing on the Toilet (TotT) episode. You can download a printer-friendly version of this TotT episode and post it in your office.

By Titus Winters

A valuable but challenging property for tests is “resilience,” meaning a test should only fail when something important has gone wrong. However, an opposite property may be easier to see: A “brittle” test is one that fails not for real problems that would break in production, but because the test itself is fragile for innocuous reasons. Error messages, changing the order of metadata headers in a web request, or the order of calls to a heavily-mocked dependency can often cause a brittle test to fail.

Expressive test APIs are a powerful tool in the fight against brittle, implementation-detail heavy tests. A test written with IsSquare(output) is more expressive (and less brittle) than a test written with details such as JsonEquals(.width = 42, .length = 42), in cases where the size of the square is irrelevant. Similar expressive designs might include unordered element matching for hash containers, metadata comparisons for photos, and activity logs in processing objects, just to name a few. 

As an example, consider this C++ test code:

absl::flat_hash_set<int> GetValuesFromConfig(const Config&);


TEST(ConfigValues, DefaultConfigsArePrime) {

  // Note the strange order of these values. BAD CODE, DON’T DO THIS!

  EXPECT_THAT(GetValuesFromConfig(Config()), ElementsAre(29, 17, 31));

}

The reliance on hash ordering makes this test brittle, preventing improvements to the API being tested. A critical part of the fix to the above code was to provide better test APIs that allowed engineers to more effectively express the properties that mattered. Thus we added UnorderedElementsAre to the GoogleTest test framework and refactored brittle tests to use that: 

TEST(ConfigValues, DefaultConfigsArePrimeAndOrderDoesNotMatter) {

  EXPECT_THAT(GetValuesFromConfig(Config()), UnorderedElementsAre(17, 29, 31));

}

It’s easy to see brittle tests and think, “Whoever wrote this did the wrong thing! Why are these tests so bad?” But it’s far better to see that these brittle failures are a signal indicating where the available testing APIs are missing, under-advertised, or need attention.

Brittleness may indicate that the original test author didn’t have access to (or didn’t know about) test APIs that could more effectively identify the salient properties that the test meant to enforce. Without the right tools, it’s too easy to write tests that depend on irrelevant details, making those tests brittle. 

If your tests are brittle, look for ways to narrow down golden diff tests that compare exact pixel layouts or log outputs. Discover and learn more expressive APIs. File feature requests with the owners of the upstream systems.

If you maintain infrastructure libraries and can’t make changes because of brittleness, think about what your users are lacking, and invest in expressive test APIs.




Stable Channel Update for ChromeOS and ChromeOS Flex

The Stable channel is being updated to OS version: 15786.58.0 Browser version: 123.0.6312.132 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

Daniel Gagnon
Google ChromeOS