FortiDLP is a cloud-native endpoint data loss prevention solution that combines data protection, insider risk management, SaaS data security, and user education capabilities. The solution uses a lightweight agent that performs localized real-time content and context inspection across all data egress points on managed and unmanaged devices. The platform provides visibility into data flows across endpoints and cloud environments, tracking sensitive information movement and user interactions. It employs machine learning algorithms for data classification and detection, with AI-enhanced functionality for contextualized analysis. FortiDLP includes user behavior analytics to identify insider threats and automatically blocks suspicious activities. The activity feed provides analysts with time-sequenced views of user, data, and device activity, with reporting mapped to the MITRE ENGENUITY Insider Threat TTP Knowledge Base. The solution monitors SaaS application usage, building risk-scored inventories of applications with insights into data ingress, egress, and credentials. It protects against data exposure from unauthorized application usage, including shadow AI tools like ChatGPT and Google Gemini. FortiDLP incorporates risk-informed user education through customized prompts and nudge notifications that reinforce security policy awareness. Policy actions include logging, requiring acknowledgments, blocking activities, or locking endpoints. The platform includes origin-based data identification, manipulation detection, and automated insider risk sequence detection that identifies and scores high-risk activity chains.