topic Re: Help Needed: GenAI DLP, Harmony Browse, Copilot, and MCP Server Integration with LLMs in Workforce AI Security

Help Needed: GenAI DLP, Harmony Browse, Copilot, and MCP Server Integration with LLMs

Chinmaya_Naik — Wed, 23 Jul 2025 10:01:39 GMT

Hello CheckMates,

We are currently exploring Check Point’s GenAI protection capabilities, especially focused on:
• Harmony Browse Extension
• Harmony DLP Cloud
• Infinity AI Copilot
• The newly open-sourced MCP Server

Our goal is to adopt GenAI tools like ChatGPT, Gemini, Claude, and even internal LLM portals securely — while meeting DLP, compliance, and automation needs.

Below are our key questions and use cases we would appreciate clarification or guidance on:

1. GenAI DLP with Harmony Browse

• GenAI protection is triggered only for whitelisted domains (e.g., chat.openai.com).
• The browser extension captures prompt inputs and file uploads before encryption.
• Harmony DLP Cloud applies AI-powered contextual analysis, beyond just keyword or regex.

Questions:
• Can we also monitor prompts and file uploads on internal AI portals?
• How deep is the contextual detection? Can it understand internal policy documents (e.g., NDA, HR policy)?
• Does the OCR feature also work for images embedded inside PDFs or Word files?

2. File Upload Interception

We understand the extension uses browser-based JavaScript to intercept file uploads before encryption.

Questions:
• Will this work on custom web apps with dynamic UIs (e.g., React)?
• Can we configure the extension to monitor custom form fields?

3. Without Browser Extension

We know that without the Harmony Browse extension, even with SSL inspection on NGFW, GenAI prompt-level visibility is not possible.

Question:
• Are there any other options for AI traffic inspection without an endpoint agent or extension?

4. Infinity AI Copilot Capabilities

We are looking into Copilot’s use for:
• Creating or editing security policies via chat
• Health check queries (CPU, memory, SecureXL)
• Scheduled or API-based automation

Questions:
• Can Copilot make changes directly to policy or objects via natural language?
• Can we integrate Copilot with tools like ServiceNow or use it for daily health reports?

5. MCP Server + LLM Integration

We found that MCP Server is now open source on GitHub. We’re considering using it with GPT, Claude, or local LLMs for:
• Rulebase search (e.g., “Show rules changed last 7 days”)
• Policy simulation (e.g., “What happens if we allow 10.0.0.0/24 outbound?”)
• Compliance mapping (e.g., PCI, SOC2 tags)

Questions:
• Do we need a separate LLM server along with MCP?
• Are there any integration guides, sample scripts, or LLM prompt templates?
• Can MCP support tasks like rule cleanup or optimization suggestions?

Additional Use Cases We’re Exploring:
• Blocking sensitive file uploads to ChatGPT (e.g., scanned payslips, ID cards)
• Detecting PII copy-paste into AI tools
• Using Copilot + MCP for rulebase audits and cleanup

Advance Thank you for your help in making AI usage secure and compliant.

Looking forward to your guidance!

Regards

@Chinmaya_Naik

Re: Help Needed: GenAI DLP, Harmony Browse, Copilot, and MCP Server Integration with LLMs

PhoneBoy — Wed, 23 Jul 2025 14:56:45 GMT

You've asked a whole lot of questions in a single post that should probably be broken into several smaller posts, some of them on different forums.

The first two questions, I defer to product experts or product management .
On the third, without a browser extension or something specific on the gateway for HTTPS Inspection, I'm not sure how you can monitor what people are feeding AIs.
App Control does allow you to block access to these tools (known ones, anyway).
AI Copilot does not currently make changes to your configuration nor is there a public API where you can integrate it elsewhere.

For your last question, we actually released an MCP Server of our own.
We also did a TechTalk on this along with an AI Agent that integrates with ServiceNow.
The Github repo includes MCP Servers for multiple Check Point products/features and includes the use cases that are currently supported.
I'm not clear on the specifics of how this is implemented, but it definitely requires connecting to an LLM of some sort.
The server itself runs in the client that you use to interface with the LLM (Claude Desktop, Github Copilot, etc).
Specific instructions are provided in the Github repo.

Re: Help Needed: GenAI DLP, Harmony Browse, Copilot, and MCP Server Integration with LLMs

Chinmaya_Naik — Thu, 24 Jul 2025 09:11:30 GMT

@PhoneBoy

Thank you so much for your detailed response — it really helped clarify several points.

1. HTTPS Inspection and Browser Extension:

You mentioned that without a browser extension or something specific on the gateway, it’s not possible to inspect what users are submitting to AI tools.

• Is there any plan to support more advanced HTTPS inspection features for AI-related traffic, such as:
• SNI-based dynamic detection (e.g., chat.openai.com)?
• Inline AI-aware SSL decryption policies?

2. Infinity AI Copilot Capabilities

You mentioned Copilot does not currently support policy changes or integration via API.

Questions:
• Can Copilot at least suggest changes (like policy rules or NAT objects) in a way that admins can quickly review and apply?
• Is there a future roadmap where Copilot might allow:
• One-click deployment of suggestions
• Scheduled health reports (e.g., daily CPU/memory/SecureXL checks)?

3.MCP Server and LLM Integration

Thank you for sharing details about the MCP Server and its GitHub repo.

Is there a deployment guide or architecture diagram for running MCP Server with Claude Desktop or other LLMs?

Here are some use cases we’d like to build with MCP + LLM:
• “Show all blocked GenAI file uploads in the last 7 days”
• “List unused firewall rules older than 6 months”
• “Which rules violate PCI-DSS compliance?”

Regarads

@Chinmaya_Naik

Re: Help Needed: GenAI DLP, Harmony Browse, Copilot, and MCP Server Integration with LLMs

AdiGH — Thu, 24 Jul 2025 18:28:01 GMT

Hey, please reach out offline to @tomerbehor and myself (adigo@checkpoint.com & Tomerbeh@checkpoint) and we'll try to assist with all your questions and would be happy to understand usecases.

Re: Help Needed: GenAI DLP, Harmony Browse, Copilot, and MCP Server Integration with LLMs

PhoneBoy — Thu, 24 Jul 2025 18:58:58 GMT

Not sure what you mean by dynamic SNI inspection.
AI Copilot can make suggestions, yes.
Write mode for AI Copilot is something that is in development, but doesn't have a concrete date yet.

The MCP Server and Client run on the same system (as part of Claude Desktop, etc) and communicate to the LLM of course and the Check Point SMS/MDS, which would be a "Remote Service" in the context of the diagram here: https://modelcontextprotocol.io/introduction

The various READMEs in the Github explain what data flows where as well as the use cases that are currently targeted.
Tagging @Amiad_Stern for your feedback on the MCP Server.