DEV Community

Cover image for How Teams Can See What AI Tools Are Used Day to Day
Claire Dubois
Claire Dubois

Posted on

How Teams Can See What AI Tools Are Used Day to Day

#aioverhaul #security #governance #devops

How Teams Can See What AI Tools Are Used Day to Day

Bifrost provides visibility into AI tool usage by discovering and governing applications and MCP servers directly on employee devices, closing the security gap created by shadow AI.

The widespread adoption of AI tools often happens outside of official IT channels. A recent report from Cisco highlights that 80% of employees admit to using unapproved software at work, a practice commonly known as "shadow IT." When applied to artificial intelligence, this "shadow AI" creates a significant blind spot for security, compliance, and finance teams who have no visibility into what applications are running, what data is being shared, and how much is being spent. Without a discovery mechanism, organizations cannot govern the AI tools their employees use every day.

The Challenge of Shadow AI Discovery

Discovering unmanaged AI tools is difficult because they exist outside of centrally managed infrastructure. Employees install desktop applications like Claude Desktop or Cursor, use web-based AI like ChatGPT, and run powerful coding agents in their local development environments. These tools do not route through corporate VPNs or cloud gateways, making them invisible to traditional network monitoring.

This lack of visibility presents several risks:

  • Data Exfiltration: Sensitive corporate data, such as source code, financial documents, or customer PII, can be pasted into prompts without any oversight or audit trail.
  • Compliance Violations: Ungoverned AI usage can violate regulations like GDPR, HIPAA, or SOC 2, which require strict controls over data processing and auditing.
  • Security Vulnerabilities: Many AI tools connect to external Model Context Protocol (MCP) servers to execute tasks, creating a new, unmonitored channel for potential threats.
  • Uncontrolled Costs: Without central tracking, it is impossible to manage the cumulative cost of dozens or hundreds of individual employee subscriptions to various AI services.

A network of glowing, abstract nodes representing different AI applications, with some nodes dark and disconnected from

Endpoint-Based Discovery: A Modern Approach

A more effective approach to discovering shadow AI is to gain visibility directly at the source: the employee's workstation. Endpoint-based discovery agents can inventory the AI-native applications and toolchains running on a machine, providing a real-time, fleet-wide view of AI usage as it actually happens.

This approach bypasses the limitations of network-level monitoring and provides a ground-truth inventory of which tools are installed and which external services they are configured to use. It is a foundational step for building any effective AI governance program.

How Bifrost Edge Provides AI Tool Visibility

Bifrost, an open-source AI gateway from Maxim AI, addresses this visibility challenge through its endpoint component, Bifrost Edge. By deploying the Edge agent, organizations can discover, inventory, and ultimately govern the full spectrum of AI activity on employee machines. The Bifrost AI gateway serves as the central control plane for policy, while Bifrost Edge extends that policy to each device.

Fleet-Wide Application and MCP Server Inventory

Bifrost Edge runs on macOS, Windows, and Linux devices and automatically identifies installed AI applications. The process is designed for enterprise scale, rolling out silently via MDM platforms like Jamf, Intune, and Kandji.

Once installed, it provides a centralized dashboard with a complete inventory of:

  • AI Applications: It detects supported desktop apps (like Claude Desktop and Cursor), coding agents (like Claude Code and Codex CLI), and browser-based AI use.
  • MCP Servers: Critically, Edge inspects the configuration of these tools to discover which MCP servers they are connected to. This uncovers the hidden layer of external tools and services that agents can execute.

The system builds a deduplicated catalog of every application and MCP server found across the entire fleet. Administrators can see exactly which tools are in use, by whom, and on how many devices.

A central, transparent sphere projects a protective field over a fleet of laptop computers, symbolizing centralized poli

From Visibility to Control

Discovery is the first step toward governance. After populating the inventory, Bifrost Edge allows administrators to enforce policy from a central console.

  • Approve or Deny: Every discovered application and MCP server can be reviewed and either approved for continued use or denied. A denied application is blocked on the endpoint, preventing its use.
  • Apply Central Policies: Approved tools automatically have their traffic routed through the Bifrost gateway. This means all existing governance and security controls—such as virtual keys with budgets, guardrails for PII redaction, and immutable audit logs—are applied transparently.
  • Extend Security to the Endpoint: Beyond routing, Bifrost applies governance and security controls centrally, and Bifrost Edge extends that same governance and security to AI traffic on employee machines, with endpoint enforcement on each device.

This model allows organizations to move from a state of zero visibility into a managed environment where they can confidently say which AI tools are in use and know that every request complies with company policy.

Next Steps for Gaining AI Visibility

For organizations struggling to understand their AI footprint, endpoint discovery offers a clear path forward. By inventorying tools directly on user devices, teams can eliminate the blind spots of shadow AI.

Teams looking to gain visibility into their organization's AI usage can request a demo of Bifrost to see how its endpoint discovery and governance capabilities work.

Sources

Top comments (0)