This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chinmaya_Naik
Advisor
‎2025-07-23 03:01 AM

Help Needed: GenAI DLP, Harmony Browse, Copilot, and MCP Server Integration with LLMs

Hello CheckMates,

We are currently exploring Check Point’s GenAI protection capabilities, especially focused on:
• Harmony Browse Extension
• Harmony DLP Cloud
• Infinity AI Copilot
• The newly open-sourced MCP Server

Our goal is to adopt GenAI tools like ChatGPT, Gemini, Claude, and even internal LLM portals securely — while meeting DLP, compliance, and automation needs.

Below are our key questions and use cases we would appreciate clarification or guidance on:

1. GenAI DLP with Harmony Browse

• GenAI protection is triggered only for whitelisted domains (e.g., chat.openai.com).
• The browser extension captures prompt inputs and file uploads before encryption.
• Harmony DLP Cloud applies AI-powered contextual analysis, beyond just keyword or regex.

Questions:
• Can we also monitor prompts and file uploads on internal AI portals?
• How deep is the contextual detection? Can it understand internal policy documents (e.g., NDA, HR policy)?
• Does the OCR feature also work for images embedded inside PDFs or Word files?

2. File Upload Interception

We understand the extension uses browser-based JavaScript to intercept file uploads before encryption.

Questions:
• Will this work on custom web apps with dynamic UIs (e.g., React)?
• Can we configure the extension to monitor custom form fields?

3. Without Browser Extension

We know that without the Harmony Browse extension, even with SSL inspection on NGFW, GenAI prompt-level visibility is not possible.

Question:
• Are there any other options for AI traffic inspection without an endpoint agent or extension?

4. Infinity AI Copilot Capabilities

We are looking into Copilot’s use for:
• Creating or editing security policies via chat
• Health check queries (CPU, memory, SecureXL)
• Scheduled or API-based automation

Questions:
• Can Copilot make changes directly to policy or objects via natural language?
• Can we integrate Copilot with tools like ServiceNow or use it for daily health reports?

5. MCP Server + LLM Integration

We found that MCP Server is now open source on GitHub. We’re considering using it with GPT, Claude, or local LLMs for:
• Rulebase search (e.g., “Show rules changed last 7 days”)
• Policy simulation (e.g., “What happens if we allow 10.0.0.0/24 outbound?”)
• Compliance mapping (e.g., PCI, SOC2 tags)

Questions:
• Do we need a separate LLM server along with MCP?
• Are there any integration guides, sample scripts, or LLM prompt templates?
• Can MCP support tasks like rule cleanup or optimization suggestions?

Additional Use Cases We’re Exploring:
• Blocking sensitive file uploads to ChatGPT (e.g., scanned payslips, ID cards)
• Detecting PII copy-paste into AI tools
• Using Copilot + MCP for rulebase audits and cleanup

Advance Thank you for your help in making AI usage secure and compliant.

Looking forward to your guidance!

Regards

@Chinmaya_Naik 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2025-07-23 07:56 AM

You've asked a whole lot of questions in a single post that should probably be broken into several smaller posts, some of them on different forums.

The first two questions, I defer to product experts or product management .
On the third, without a browser extension or something specific on the gateway for HTTPS Inspection, I'm not sure how you can monitor what people are feeding AIs.
App Control does allow you to block access to these tools (known ones, anyway).
AI Copilot does not currently make changes to your configuration nor is there a public API where you can integrate it elsewhere.

For your last question, we actually released an MCP Server of our own.
We also did a TechTalk on this along with an AI Agent that integrates with ServiceNow.
The Github repo includes MCP Servers for multiple Check Point products/features and includes the use cases that are currently supported.
I'm not clear on the specifics of how this is implemented, but it definitely requires connecting to an LLM of some sort.
The server itself runs in the client that you use to interface with the LLM (Claude Desktop, Github Copilot, etc).
Specific instructions are provided in the Github repo.

0 Kudos
Chinmaya_Naik
Advisor
‎2025-07-24 02:11 AM
In response to PhoneBoy

@PhoneBoy 

Thank you so much for your detailed response — it really helped clarify several points.

1. HTTPS Inspection and Browser Extension:

You mentioned that without a browser extension or something specific on the gateway, it’s not possible to inspect what users are submitting to AI tools.

So

• Is there any plan to support more advanced HTTPS inspection features for AI-related traffic, such as:
• SNI-based dynamic detection (e.g., chat.openai.com)?
• Inline AI-aware SSL decryption policies?

2. Infinity AI Copilot Capabilities

You mentioned Copilot does not currently support policy changes or integration via API.

Questions:
• Can Copilot at least suggest changes (like policy rules or NAT objects) in a way that admins can quickly review and apply?
• Is there a future roadmap where Copilot might allow:
• One-click deployment of suggestions
• Scheduled health reports (e.g., daily CPU/memory/SecureXL checks)?

3.MCP Server and LLM Integration

Thank you for sharing details about the MCP Server and its GitHub repo.

Is there a deployment guide or architecture diagram for running MCP Server with Claude Desktop or other LLMs?

Here are some use cases we’d like to build with MCP + LLM:
• “Show all blocked GenAI file uploads in the last 7 days”
• “List unused firewall rules older than 6 months”
• “Which rules violate PCI-DSS compliance?”

Regarads

@Chinmaya_Naik 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-24 11:58 AM
In response to Chinmaya_Naik

Not sure what you mean by dynamic SNI inspection.
AI Copilot can make suggestions, yes.
Write mode for AI Copilot is something that is in development, but doesn't have a concrete date yet.

The MCP Server and Client run on the same system (as part of Claude Desktop, etc) and communicate to the LLM of course and the Check Point SMS/MDS, which would be a "Remote Service" in the context of the diagram here: https://modelcontextprotocol.io/introduction

The various READMEs in the Github explain what data flows where as well as the use cases that are currently targeted.
Tagging @Amiad_Stern for your feedback on the MCP Server.

0 Kudos
AdiGH
Employee
Employee
‎2025-07-24 11:28 AM

Hey, please reach out offline to @tomerbehor and myself (adigo@checkpoint.com & Tomerbeh@checkpoint) and we'll try to assist with all your questions and would be happy to understand usecases. 

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events