Cloud Security 22 min read
Catching Shadow AI in the Network: DNS, Egress, and Browser Telemetry with Wazuh
A custom Wazuh rule pack and reproducible Docker lab that catches browser-side shadow AI on developer endpoints — DNS lookups, TLS egress, extension manifests, and native messaging hosts. 4 decoders, 15 rules, MITRE ATT&CK mapped, validated live on Wazuh 4.14.5.