What I should know, what I should see, is what Lasso gave me. We are proud customers of Lasso, and are now expanding our usage to ensure our customer-facing AI services are protected against bias and data leaks.
The Challenge:
Navigating the “Chaos” of Shadow AI
Optibus, as an adopter of innovative technologies and approaches, is working continuously to empower its employees with effective ways to continue providing the best cloud-native solutions for public transportation operators and agencies across the world.
Optibus moves fast, and their team was quick to incorporate generative AI in their own workflows and in the features they build for customers. But that speed created a major blind spot for the security team.
They knew AI was everywhere, but they didn’t actually know which tools or agents were being used by which teams. Developers were leaning on AI for code, while employees in Marketing and HR were experimenting with all sorts of different LLMs. Without a clear view of what was happening, it was impossible to ensure that sensitive company data was staying where it belonged.
The security team discovered a fragmented landscape where:
- Employees used a mix of personal and professional accounts
- Certain AI resources in use were not configurable for enterprise security requirements
- Sensitive data, like PII, source code, and network tokens, were at risk of being leaked into public LLM models
The #1 thing I wanted was to see what the actual usage of AI was throughout the company. We had no visibility on what tools were being used or how.
The Solution:
A Unified Guardrail for the AI Era
Optibus partnered with Lasso Security to regain control of their AI ecosystem. Lasso provided a comprehensive security layer that integrated seamlessly with Optibus's existing security stack.
Visibility and Shadow AI Discovery
Through Lasso’s web extension, Lasso immediately solved the visibility gap by mapping out every AI resource Optibus uses across the web and local desktops. For the first time, Optibus could see which business units were using which agents, their risk levels, and usage trends based on each AI provider.
AI Application Protection with an AI Gateway
Looking forward, Optibus plans to implement Lasso’s AI Gateway for their customer-facing services. Acting as a middleman between the LLM and Optibus’ AI application, Lasso ensures that every customer prompt and response is safe, filtered for bias, and free from misconfigurations.
Department-Level Governance and Policy Enforcement
Once they had visibility, Optibus transitioned to a granular, group-based access model. Instead of a "one-size-fits-all" approach, the security team created specific user groups based on departments to dictate exactly which AI resources were appropriate for which employees.
Custom Access by Role
For example, the R&D team was granted access to specific AI coding assistants and technical agents necessary for their workflow, while those same tools were restricted for departments like Marketing or HR, where they weren't needed.
Global Usage Policies
Beyond just choosing the tools, Optibus implemented company-wide guardrails. They set clear policies on what is and isn’t allowed in AI interactions, covering everything from content moderation (to prevent bias or inappropriate outputs) to strict data protection rules.
Real-Time Enforcement
If an employee tried to input sensitive data or use an unapproved agent, Lasso’s governance layer stepped in to ensure compliance with the company’s security standards and either blocked, alerted on, or masked the prompt.
Seamless Deployments and Integrations
Lasso works with the security stack you already have. For Optibus, this meant they didn't have to overhaul their infrastructure to become AI-secure. Lasso simply plugged into their existing workflow, providing the guardrails necessary to innovate with confidence.
Lasso monitors every AI interaction in the background, which is exactly the safety net we needed. If a piece of sensitive code or PII is about to leave our environment, Lasso catches it instantly. We regained our confidence to finally scale with AI and continue supporting security as a business enabler because we know the guardrails are actually working.
The Result:
Total AI Visibility & Control
By deploying Lasso, Optibus moved from zero visibility into AI usage to complete, organization-wide enforcement, all without adding latency to their transit-critical platform.
About Optibus
Optibus is a leading software-as-a-service (SaaS) platform for planning and operating public transportation. Using high-performance computing and AI, Optibus helps cities and operators around the world improve the efficiency and reliability of their transit networks.