Web search is currently disabled in the AI assistant to prevent prompt injection-based data exfiltration — we fully understand and support that reasoning.

However, if an organization could whitelist only their own domain(s) (e.g. ourcompany.com), the exfiltration risk effectively disappears: data can only flow to a server the organization already controls.

This would allow the AI to look up product info, pricing, and policies from our own website when drafting replies — saving our team significant time on every customer conversation. Today that requires manually switching to a browser tab for every lookup.