Each of those surfaces carries a distinct risk. Sensitive data goes into prompts. Files get uploaded. Credentials get exposed to browser-based phishing that specifically targets AI session tokens. And because each surface has historically required a different enforcement mechanism, most organizations have patchy coverage at best and no coverage at worst on the desktop side.

LayerX enforces the AI usage policy across both. A lightweight browser extension handles browser-side enforcement across Chrome, Edge, Firefox, and Safari on managed and unmanaged devices, without proxy backhaul or break-and-inspect architecture. A native desktop agent applies the same policy library to applications like ChatGPT desktop, Claude desktop, and Microsoft 365 Copilot. One policy definition covers both, which means that what an organization decides about data sensitivity and AI access does not need to be configured twice or maintained separately per surface.

What the AWS Security Hub Integration Changes

The integration itself sits within the Extended plan in AWS Security Hub, which consolidates enterprise security solutions from AWS and partners into a single procurement and operations model. One contract, one bill, consolidated support, and pay-as-you-go pricing are the commercial mechanics. The security mechanics are that LayerX detects from both browser and desktop stream directly into the AWS Security Hub console that SOC teams are already using.

That last part matters more than it might initially appear. Security operations teams dealing with AI-related incidents do not want to pivot between a dedicated LayerX console and the environment where they handle everything else. Pulling findings into the same investigation workflow removes a context switch that slows response time and creates the kind of coverage gaps that incidents fall through.

Or Eshed, Co-founder and CEO of LayerX Security, described the design intent: “Employees don’t use AI in just one place. They use it in the browser, they use it in native desktop apps, and the volume only grows from here. AWS customers expect a unified security operating model – one console, one set of policies, one team. With LayerX available in the Extended plan in AWS Security Hub, AWS customers can now set one AI use policy and enforce it everywhere their people actually work – from browser to desktop – alongside the workload, identity, and infrastructure layers they already run on AWS.”

Shadow AI Is the Immediate Problem This Solves

Before organizations can enforce any policy on AI usage, they need visibility into what AI tools employees are actually using. That inventory is almost always incomplete when done manually. Shadow AI, tools that employees adopt without IT or security involvement, has grown faster than most security teams have been able to track it, partly because the barrier to using a new AI tool is so low and partly because many of these tools are browser-based and leave minimal traces in traditional network monitoring.

LayerX discovers every AI tool employees access across browsers and desktops in real time, covering both sanctioned and unsanctioned usage, with granular policy application by user, group, and data sensitivity level. For security leaders who have been operating with incomplete AI usage maps and applying policy only to the tools they know about, that visibility shift is the starting point for everything else.

Data loss prevention sits on top of that visibility layer. LayerX enforces DLP on prompts, file uploads, copy and paste actions, and other AI-bound activity before data reaches a model or an untrusted destination. The enforcement happens at the point of action rather than after the fact, which is the only version of DLP that actually prevents leakage rather than just logging it.

Two Ways to Buy Through AWS

LayerX is available through both paths that AWS enterprise programs typically use.

Through AWS Marketplace, organizations get a one-click subscription eligible for AWS Enterprise Discount Program commit drawdown, consolidated billing through an existing AWS account, and standard private offer support. For teams that have already centralized software procurement through their AWS EDP commitment, this is the path that fits without any additional contracting work.

Through the AWS Security Hub Extended plan, procurement, billing, and Level 1 support all run inside the AWS Security Hub console with pre-negotiated pay-as-you-go pricing on a single AWS bill. For security teams that want LayerX treated as part of the AWS security stack rather than a separate vendor relationship, this option keeps the operational model clean.

Where This Fits in the Broader AI Governance Problem

Enterprise AI governance has developed faster as a policy conversation than as an enforcement reality. Most organizations have acceptable use policies for AI tools that were written in the past twelve months and are being enforced inconsistently at best. The gap between what a policy document says and what actually happens when an employee opens a desktop AI application and pastes in a customer contract is where most of the real risk lives.

LayerX’s position is that enforcement has to follow the user across every surface rather than anchoring to a specific tool or network path. As AI usage patterns keep shifting, and they will, a security posture that depends on knowing in advance which applications employees will use is not a posture that holds. Coverage that travels with the user regardless of which AI surface they are on is the more durable version of the same intent.

The AWS Security Hub integration puts that coverage inside the security operating model that enterprise teams are already maintaining, rather than asking them to stand up something parallel.

Research and Intelligence Sources: layerxsecurity, AWS Security Hub, globenewswire, AWS Marketplace

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com