For extra security, an intermediary can set Content Security Policy (CSP) headers that instruct browsers to only connect to certain domains. CSP headers aren't a total solution, but they're a good tool in the toolkit for redundancy against exfiltration.
It could be a system without a web ui, like a database or database proxy. Or it could have multiple web and native UIs (that are open source), e.g. a matrix service.
