I agree the risk is real, and credit to Huntress for recently announcing on Managed ESPM, which brings application control into the platform and will most likely be able to address AI risks originating from desktop apps (e.g., unsanctioned binaries, local model runtimes).

The bigger exposure today is indeed browser-based: SaaS LLMs, prompt-level data leakage, unsanctioned copilots running entirely in a tab. Endpoint and browser are complementary control planes, while ESPM may cover one half; the browser half is still open.

I advise the product teams to consider a capability for the secure browsing layer, or expand Managed SIEM to ingest telemetry from enterprise browsers and SASE/CASB vendors so that correlation happens on Huntress's side instead of being stitched together by the MSP/MSSP.

If both options are available in the future (or any other approach to cover both endpoint level and browser level), the coverage level would be very valuable to both customers and partners.

I've now seen a few services offerings like www.atakama.com spring up to help solve this visibilty issue. I do feel like Huntress could help surface data between it's agent and Defender's data collection instead of requiring the browser add-in but perhaps not and a partnership option could work here instead of Huntress aren't interested in the browser extension play?

Surely EDR (or via Defender) can add in functionality to detect installed apps like Claude and detect URL's being accessed for the web interface AI's?

I don't think Huntress has that level of network visibility, but I could be wrong.