Cyberhaven Cookie Policy
This website stores cookies on your computer to enhance your browsing experience, analyze site usage, and assist in our marketing efforts.
Accept
February 4
1pm ET / 10am PT
Save Your Spot
With a TraceCyberhaven Engineering

With a Trace

Security best practices
Published date:
10/28/2025

Browser Agent Security Risk – ChatGPT Atlas Corporate Adoption Trends

Last Tuesday, October 21st, OpenAI released ChatGPT Atlas, an AI-powered browser that allows users to interact with ChatGPT directly from any browser tab. Throughout last week, the Cyberhaven Labs team tracked its adoption in corporate environments and actively investigated its security vulnerabilities.

10/14/2025

Shadow AI and the New Data Defense Paradigm: Insights from Our Data Defense Forum

Last month, we brought together some of the brightest minds in cybersecurity for our Data Defense Forum event. As someone who's been in the trenches of data security for years, I walked away from these conversations with a renewed sense of urgency and optimism about where we're headed.

Industry news
10/9/2025

Pure‑Play DSPM Vendors: What’s their second act?

CSPM tools thrived by making cloud posture issues easy to find, but posture alone didn’t stop breaches. The market evolved into CNAPP – uniting posture, runtime, identity, and shift‑left – to deliver protection, not just visibility. DSPM is on the same trajectory: discovery and classification at rest are necessary but insufficient, especially as AI fragments data into shareable snippets that evade label‑centric controls. The next act for DSPM requires lineage‑driven protection anchored on proven endpoint telemetry, correlated across cloud and SaaS, with real‑time coaching for people and agents.

9/9/2025

What Every CISO Should Know About How DLP Actually Works

For most CISOs, data loss prevention (DLP) has long been a familiar acronym. It’s a category of security technology that has been around for more than a decade, often associated with compliance and the need to keep regulated data under control. Yet while the concept sounds straightforward—preventing sensitive data from leaving the organization—the reality is that modern DLP platforms are far more sophisticated than their early predecessors. Understanding how these platforms actually work is critical for CISOs who need to make informed decisions about deploying, tuning, and operationalizing them across their organizations.

9/5/2025

The Hidden Risk in Enterprise AI, and the Smarter Way to Safeguard Data

AI exploded into the workplace overnight, reshaping how we work. Today, nearly every employee is experimenting with tools to move faster and think bigger. However, that acceleration comes with risk. According to Cyberhaven Labs’ latest research, nearly three-quarters of AI apps in use pose high or critical risks, and only 16% of enterprise data sent to AI ends up in enterprise-ready apps. The rest flows to personal or unvetted tools. This blog post distills the key insights from Cyberhaven’s on-demand session, featuring Cameron Galbraith (Senior Director of Product Marketing) and Dave Stuart (Director of Product Management), on how to enable AI safely without slowing innovation.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Security best practices
9/1/2025

Why Legacy Data Loss Prevention (DLP) Fails: Insights from Cyberhaven's VP of Sales Engineering, John Loya

Confronted with a rise in sensitive data breaches, businesses are under pressure to efficiently protect their information while overcoming myriad technical limitations. In a recent video, John Loya, VP of Sales Engineering at Cyberhaven, shared valuable insights on the challenges of data loss prevention (DLP) and introduced Cyberhaven's cutting-edge strategies for tracking sensitive data within organizations. For those looking to unlock the secrets of effective DLP, this post breaks down Loya's key points from the video.

Product update
7/29/2025

Reimagining Data Security: Four New Capabilities That Make Protection Smarter, Faster, and Easier

Enterprise data has become nomadic. What once lived safely behind corporate firewalls now travels across dozens of cloud applications, gets copied into collaborative documents, flows through AI tools, and transforms as employees work from coffee shops, home offices, and airport lounges.

Cyberhaven news
7/14/2025

How Cyberhaven and Jamf Partner to Deliver Unmatched Data Security

Apple devices have become essential tools for the modern workforce. From engineers coding on MacBooks to designers creating campaigns on iMacs, macOS devices are embedded into daily workflows across industries. However, as Apple adoption continues to grow in the enterprise, so does the challenge of protecting sensitive data that moves across these devices every day.

7/11/2025

Fireside Chat: Breaking Free from Legacy DLP

There’s a silent frustration building inside security teams today. It’s the fatigue of defending critical data with tools that can’t keep up. The friction of investigating endless false positives. The anxiety of not knowing what sensitive data is actually doing across your environment. And the sinking realization that despite massive investments, DLP tools are failing at the one thing they were designed to do–prevent data loss.

7/9/2025

Lineage Over Labels: A Better Way to Protect Data

Labels don’t protect what they can’t see—especially in a world where data moves, morphs, and escapes traditional boundaries. Static tags and keyword scans fall apart as sensitive information flows across apps, devices, and formats. Data lineage solves this by tracing how data is created, modified, and shared—giving security teams the context to spot threats, reduce false positives, and enforce smarter, real-time protection without disrupting work.

7/8/2025

5 Reasons You Can’t Afford to Ignore False Positives

False positives are killing your DLP. In this overview, we reveal how legacy tools create noise, drain productivity, and leave real threats undetected. Discover the 5 hidden risks of outdated DLP—and why a smarter, context-aware approach is the key to protecting data without slowing down your business.

7/7/2025

How Legacy DLP Leaves You Exposed

Legacy DLP tools are blind to how data moves in today’s cloud-first world—leaving gaps attackers exploit. From shadow IT and SaaS sprawl to insider threats and misused personal devices, outdated solutions miss the subtle, high-risk behaviors that matter most. True protection requires context-aware visibility, behavioral insight, and data lineage that follows sensitive information everywhere it goes—not just where it started.

7/1/2025

The Evolution of Data Loss Prevention: From Perimeter to Insider Risk

Data loss prevention, or DLP as most of us know it, began as a strategy to control how information was stored and moved within organizations. Ultimately the goal was to prevent data from leaving. The premise was simple – identify where sensitive data was stored, define what could or couldn’t happen to it, and enforce those rules through network and endpoint controls. These early DLP tools relied heavily on static content inspection and then blocking or alerting based on pre-configured rules.

Cyberhaven news
5/13/2025

The Next Chapter in Cyberhaven's Journey

Today, I'm both honored and excited to share that I've stepped into the role of interim CEO at Cyberhaven, as Howard Ting transitions to our Board of Directors.

Product update
4/29/2025

Security for AI: enabling secure AI adoption across the enterprise

AI is transforming productivity across every industry—from marketing and design to legal and engineering. But while employees rush to embrace tools like ChatGPT, Gemini, and Microsoft Copilot, many are using other tools without oversight from IT or security. As this grassroots usage grows, so does the volume—and sensitivity—of data flowing into AI tools. Companies now face a critical challenge: how to capture the enormous potential of AI while managing the risks it can introduce to their data.

Industry news
4/23/2025

AI Usage at Work Is Exploding — But 71% of Tools Put Your Data at Risk

As AI becomes deeply integrated into critical business operations and adopted by increasing numbers of departments and employees, the volume and sensitivity of data flowing into these systems has grown exponentially. Companies now face a dual challenge: harnessing AI's potential while managing the substantial data risks it introduces.

Security best practices
3/28/2025

Breaking silos: How to align GRC, cybersecurity, and privacy teams

Over the years, I’ve learned a few lessons (some the hard way) about how to bring security, GRC, and privacy teams together. At the core of these efforts is a simple truth—data is an organization’s most important asset. Securing and governing it effectively requires a cross-functional approach. Spoiler alert: it’s not just about tools and frameworks; it’s also about people and how we work together.

Security best practices
3/28/2025

How CISOs can justify their cybersecurity budget

Every year, companies reevaluate their budgets, making tough calls on where to invest for the most impact. In many organizations, cybersecurity spending is often seen as a cost center. However, without adequate security investments, companies put themselves at greater risk for data breaches that could disrupt business operations and damage customer trust, ultimately costing the company a lot more in the end. To minimize these risks, it’s important to quantify them through risk assessments and metrics. When security investments are tied to business priorities and backed by data, they become easier to justify and far more effective in preventing costly incidents down the road.

Security best practices
3/28/2025

Secure employee offboarding isn’t happening fast enough to prevent employee data theft

Departing workers can pose significant risks to data. Let me share a story about an individual who stole and deleted valuable research data right before submitting his resignation: six weeks after a contingent worker left the company, the FBI contacted us. It turned out that the individual had tried to sell the company’s confidential data to a third party. When he left, everything seemed normal. However, he had transferred some of his work to a personal account before leaving—an activity most companies struggle to detect. Just 24 hours before an employee resigns—or when a mass layoff is looming—data theft spikes dramatically. To reinforce this point, in the 24 hours before a layoff organizations see a jaw-dropping 720% surge in data exfiltration activity compared to the norm. Employees may download sensitive files, forward emails, or copy customer lists—actions that can have lasting consequences, especially if that data ends up with competitors or malicious actors.

Security best practices
3/28/2025

Managing shadow AI: best practices for enterprise security

The rush to work faster with artificial intelligence (AI) risks encouraging employees to accidentally put sensitive data at risk. Take this scenario: someone in the procurement team has a tight deadline, so they upload a confidential contract into an AI tool to review a few redlines. It’s unclear if the AI system is storing the data from the contract, how long it’ll be retained, and if the data will resurface in a future prompt to someone else. There was no malicious intent here, but there’s no visibility into what happened or will happen to the data and a lack of controls on compliant usage of AI tools. This isn’t just an issue with one department—it’s happening throughout organizations. Employees are using AI tools in the shadows, leaving companies with little control over their data. In this blog, we’ll explore how to manage data exfiltration risks when dealing with unsanctioned AI tools.

Security best practices
3/21/2025

How cert pinning and E2EE broke your CASB — and why endpoint is the new cloud control point

Cloud adoption among enterprises accelerated around 10 years ago. During this time, network-based tools emerged as solutions that could protect data as it traveled to the cloud. These solutions, including Security Service Edge (SSE) and Cloud Access Security Brokers (CASB), utilized network-based proxy architectures that could intercept and control traffic. By inspecting data in transit, it ensured that data was controlled according to security policies, effectively preventing exfiltration of confidential data.

Security best practices
3/12/2025

The file and SaaS data perimeter is broken: data security needs data lineage

We are in the midst of a major technological shift. And when shifts happen, new industry-defining companies emerge. The winners aren’t just those with great ideas—they are the ones who adapt and respond to change the fastest.

Product update
2/4/2025

Smarter than ever: Linea AI’s next leap forward in data security

Last year, Cyberhaven introduced a revolutionary solution that changed how companies protect their most valuable data: Linea AI. Today, we’re excited to share its progress, success stories, and the advancements shaping its future.

Security best practices
11/4/2024

Why data security needs a platform: what recent DSPM and DLP acquisitions tell us about the future of cybersecurity

In recent years, we've witnessed an acceleration of consolidation across the cybersecurity industry, with data security at the heart of this evolution. The rise of AI use cases has accelerated the need for protecting sensitive data for most enterprises. Major acquisitions like Dig Security and Laminar in the Data Security Posture Management (DSPM) space, alongside acquisitions of DLP (Data Loss Prevention) companies like Next DLP, Trail, Mimecast, and Code42, signal that we are entering a new phase in how enterprises secure their most sensitive asset—their data.

Security best practices
10/29/2024

Don’t be fooled: data security requires global data lineage, not “local lineage”

Securing data today requires the context provided by data lineage: where data came from, who interacted with it over time, which systems have used it, and more. But buyer beware: many vendors now claim to offer “data lineage” that only provides a tiny fraction of the context of true, global data lineage.

Guide

The 15 Top Data Detection and Response UseCases

Download
Live demo

See our product in action

The best way to understand the magic of Cyberhaven is to see a live product demo.
Request a demo

Trace your data to protect it like never before