I wanted to reach out if anyone else has had to fight with this.  So we have established a policy that we would block all AI web tools except for Copilot since we are in the cloud now.  I built an inline rule that when matched to the category AI, go through this inline rule, allow co-pilot, block everything else.  As per best practice since this rule might not be hit as much, it's been placed lower than some.  What we found is that some AI tools were still accessible such as Google Gemini.  When I inspected this, Google Gemini was allowed because of 2 rules that allowed "Google Services" and "Google Ads".  I ended up moving the rule higher above these rules for this to catch.  I don't understand why 'gemini.google.com' would still be categorized or use the objects Google Services or Google Ads.  I can understand the possibility of Google Services, but Google Ads and the web advertisements category?  Really?  That's strange to me and I don't follow the logic that Gemini would fall under this particular one. 

Is there anything that can be done to limit certain sites to only 1 category or object?  Or if this has come up what have others done to mitigate allowance of sites/services that match other categories and potentially match other rules allowing or blocking access which is not intended?