Built-in URL categories can't keep pace with AI. Create a dedicated "AI Tools" category on any major firewall — populated with 16,024+ classified domains and updated automatically every 24 hours.
Every NGFW ships with a vendor-maintained URL database — PAN-DB, FortiGuard, Talos, or Zscaler's cloud DB. These databases were built for stable, slow-changing threat categories.
Vendors may eventually classify ChatGPT and Claude. They will never systematically classify thousands of niche AI tools your employees are already using.
A typical vendor "AI" category contains ~200 domains. The actual AI landscape has 16,024+ distinct domains — and grows by dozens every day.
Vendor databases update on their own cycle. New AI writing assistants, code generators, image synthesizers, and agent platforms launch daily and slip through.
Two years ago, generative AI was a handful of research projects. Today, new tools launch daily — most too small to appear on any vendor's radar.
Your CISO mandates "block AI tools" — but there is no "AI Tools" category on your firewall, or it only has ~200 entries. Meanwhile, DLP logs show employees pasting source code into unclassified AI assistants, and legal is concerned about confidential text flowing through AI services that launched last month.
Every major firewall supports custom URL categories. The implementation differs by vendor, but the architecture is the same.
Create the custom URL category
Load domains from AI-tool feed
Attach to security policy rules
Schedule daily feed updates
PAN-OS supports two approaches for custom URL categories. For 16,024+ AI domains that change daily, the EDL approach is the only practical option.
Manually add domains. Limited to ~50,000 entries. Requires a commit for every update — impractical for daily automation in production.
PAN-OS polls a remote URL on a schedule. No commits needed for updates. Supports 150K+ entries on current hardware.
Host the AI-tool domain list as an External Dynamic List, configure PAN-OS to consume it, then reference the EDL in a URL Filtering Profile attached to your security policy rules.
Navigate to Objects → External Dynamic Lists in the web interface. Set the type to "URL List," point the source URL at your feed, and set the refresh interval.
Create or modify a URL Filtering Profile that references the EDL. The profile tells PAN-OS what action to take when a session matches a domain in the list.
Start with "alert" for the first week to identify false positives or legitimate business tools. Switch to "block" once you have validated the list against your environment.
# PAN-OS CLI — URL Filtering Profile referencing the EDL set profiles url-filtering AI-Block-Profile \ block-list AI-Tools-EDL set profiles url-filtering AI-Block-Profile \ action block set profiles url-filtering AI-Block-Profile \ block-list-action block # Attach the profile to a security policy rule set rulebase security rules Block-AI-Tools \ from trust \ to untrust \ source any \ destination any \ application any \ service application-default \ action allow \ profile-setting profiles url-filtering AI-Block-Profile commit
After committing, PAN-OS immediately evaluates sessions against the EDL. Any HTTP/HTTPS request to a listed domain is blocked according to your profile action.
The block page is configurable — most organizations customize it with an explanation and a link to an internal exception request process. For a full walkthrough with screenshots, see our Palo Alto AI Blocking Guide.
FortiGate supports custom URL categories through the Web Filter feature. The external threat feed (FortiOS 6.2+) is the recommended method — it supports automatic refresh without a firmware commit for each update cycle.
FortiOS external threat feeds consume a plain-text domain list hosted on an HTTPS URL. Here is what the feed supports:
FortiGate logs every blocked request in the Web Filter log category. Forward logs to FortiAnalyzer or your SIEM to build AI usage dashboards.
Each log entry includes the blocked domain, category name, source IP, and timestamp.
With FortiAuthenticator or FSSO configured, logs include user identity for department-level reporting.
Track which departments generate the most block events and whether block volume is trending up or down over time.
Cloud platforms handle custom categories differently from on-prem firewalls. The core concept is the same — define, populate, enforce — but the mechanics are cloud-native (API upload or portal integration).
Zscaler supports custom URL categories in ZIA. Create a category, add AI domains, then reference it in a URL Filtering Rule with a "Block" action.
# Zscaler ZIA API — Create custom URL category and add AI domains # Step 1: Authenticate and get API token curl -X POST "https://zsapi.zscaler.net/api/v1/authenticatedSession" \ -H "Content-Type: application/json" \ -d '{ "apiKey": "YOUR_ZIA_API_KEY", "username": "[email protected]", "password": "YOUR_PASSWORD" }' # Step 2: Create or update custom URL category curl -X POST "https://zsapi.zscaler.net/api/v1/urlCategories" \ -H "Content-Type: application/json" \ -H "Cookie: JSESSIONID=YOUR_SESSION" \ -d '{ "configuredName": "AI Tools - Blocked", "superCategory": "USER_DEFINED", "urls": [ "openai.com", "chat.openai.com", "claude.ai", "anthropic.com", "midjourney.com", "jasper.ai" ], "dbCategorizedUrls": [], "customCategory": true, "type": "URL_CATEGORY" }' # Step 3: Activate changes curl -X POST "https://zsapi.zscaler.net/api/v1/status/activate" \ -H "Cookie: JSESSIONID=YOUR_SESSION"
Umbrella uses destination lists instead of URL categories. Blocking happens at the DNS layer — before any HTTP connection is established.
Create a destination list, populate it with AI domains, and associate it with a DNS policy set to "block." The client's DNS query returns an Umbrella block page IP instead of the real address — transparent to users, no proxy configuration required.
Umbrella's Management API accepts up to 500 domains per request, so a full update of 16,024+ domains requires batched calls. Our integration scripts handle this automatically.
Both Zscaler and Umbrella enforce the block regardless of user location. Remote workers, branch offices, and mobile devices are covered without VPN hairpinning.
Both platforms expose REST APIs for managing categories and destination lists. Automate daily refreshes with a scheduled script. No manual portal clicks after initial setup.
A custom URL category is only as useful as its last update. An AI-tool list accurate in January is missing hundreds of new domains by March.
The automation strategy depends on your platform, but the pattern is consistent: fetch domains, push to your firewall, verify success.
For Palo Alto and FortiGate on-premises firewalls.
For Zscaler, Umbrella, or when you need custom filtering.
This script is a starting point. For production, add the following safeguards:
A custom AI URL category is a policy building block, not a policy by itself. Attach it to different rules with different actions for different user groups, zones, or time windows.
Our 18-category taxonomy enables granular governance — engineering keeps code assistants, marketing loses AI copywriting tools, and nobody uploads files to AI data extraction services.
Block for all users with no exceptions: "Deepfake & Synthetic Media," "Data Extraction & Scraping," "Adult & NSFW AI." These categories represent tools with no legitimate business use and high risk of misuse or data exfiltration. Action: block, log, alert SOC.
Allow but log and monitor: "Code & Development," "Research & Academic AI." These tools may have legitimate productivity value. Action: allow, log, generate weekly usage report. Revisit quarterly to decide if controls should tighten.
Differentiate by department: block "Text & Language" for finance and legal, allow for marketing. Block "Image & Visual" for all except the design team. Requires user-ID integration (LDAP/AD group mapping) on your firewall.
Some organizations allow AI tool access during lunch hours or outside business hours but block during core working hours. Time-based schedules on your firewall policy rule enable this without changing the custom category itself.
All 16,024+ AI domains in one category. Simpler to maintain — one feed URL, one EDL, one refresh job. Best for getting started quickly.
Separate EDLs filtered by our taxonomy. More feed URLs and EDL objects, but full policy granularity per AI function. Best as governance matures.
Enterprise networks rarely run a single firewall vendor. Without a unified approach, inconsistencies between platforms create policy gaps users will find.
Ansible and Terraform can formalize this. Template the EDL URL into Palo Alto configs, the external resource block into FortiOS, and API calls into Zscaler/Umbrella — all from a single set of variables.
Change the feed URL or rotate an API key in one place. Push the configuration to all platforms simultaneously.
When compliance asks "are we blocking AI tools everywhere?" — one script queries each platform's category and compares domain counts against the feed total. If all platforms report 16,024+ domains, coverage is confirmed. Drift is flagged and auto-resynced on the next run.
Tell us your firewall platform and we will send a ready-to-import domain feed in the exact format your custom URL category expects — EDL, threat feed, API, or plain-text domain list.
Specify your firewall vendor, firmware version, and whether you need a single all-categories feed or per-category filtered feeds. We will respond within 24 hours.