<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: James Whitfield</title>
    <description>The latest articles on DEV Community by James Whitfield (@james_whitfield).</description>
    <link>https://dev.to/james_whitfield</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3864033%2Fefa15000-f501-4a2a-b806-c1d6ba25d0f9.jpg</url>
      <title>DEV Community: James Whitfield</title>
      <link>https://dev.to/james_whitfield</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/james_whitfield"/>
    <language>en</language>
    <item>
      <title>Why Governing AI at the Device Beats Governing It at the Firewall</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:06:52 +0000</pubDate>
      <link>https://dev.to/james_whitfield/why-governing-ai-at-the-device-beats-governing-it-at-the-firewall-1e0i</link>
      <guid>https://dev.to/james_whitfield/why-governing-ai-at-the-device-beats-governing-it-at-the-firewall-1e0i</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fxpomiuxjudp2krab81j4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fxpomiuxjudp2krab81j4.png" alt="Why Governing AI at the Device Beats Governing It at the Firewall" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;AI governance at the device provides the visibility and control that network-level security is not designed to offer. For teams managing shadow AI, endpoint governance with a tool like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; Edge is the only way to apply policy where the activity actually happens.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The rapid adoption of generative AI has created a significant governance blind spot for most organizations. Employees use desktop AI applications, browser-based chat tools, and coding agents that communicate directly with model providers, bypassing traditional network security controls. This "shadow AI" usage means that sensitive data can leave the company without any oversight, creating substantial compliance and security risks. While many security teams look to firewalls as a control point, governing modern AI traffic requires moving enforcement from the network perimeter to the device itself.&lt;/p&gt;

&lt;p&gt;This article examines the limitations of firewall-based AI governance and explains why a device-centric approach is more effective for managing the security and compliance risks of enterprise AI.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Limits of the Firewall in the AI Era
&lt;/h2&gt;

&lt;p&gt;For decades, firewalls have been a cornerstone of enterprise security, filtering network traffic based on ports, protocols, and IP addresses. However, they were not designed to understand the nuances of AI interactions.&lt;/p&gt;

&lt;h3&gt;
  
  
  Blindness to Content and Context
&lt;/h3&gt;

&lt;p&gt;Traditional firewalls and even Next-Generation Firewalls (NGFWs) are fundamentally blind to the semantic content of AI traffic. They can block or allow a connection to an AI service, but they cannot inspect the prompt a user submits or the response a model generates. A firewall rule cannot distinguish between a developer asking an AI to write a benign unit test and one pasting proprietary source code into a public model. This lack of content awareness makes it impossible to enforce data governance policies at the network level.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Encryption Problem
&lt;/h3&gt;

&lt;p&gt;Most AI traffic is encrypted using TLS, which means that without deep packet inspection (DPI), firewall appliances cannot see the contents of the requests. While some solutions offer TLS interception, it introduces significant performance overhead, can break applications, and raises privacy concerns. Attackers and unapproved applications often use standard encrypted channels like HTTPS, which firewalls are configured to trust and allow, rendering them ineffective at stopping data exfiltration through sanctioned ports.&lt;/p&gt;

&lt;h3&gt;
  
  
  Inability to See Local and Agentic AI
&lt;/h3&gt;

&lt;p&gt;A growing category of AI tools, including local models and endpoint agents, operates without generating easily observable network signals. An open-weight model running directly on a developer's machine, or an AI agent accessing local files and system APIs, is completely invisible to a network firewall. These tools can process sensitive information, interact with other applications, and execute commands without ever sending a packet across the perimeter that a firewall could inspect.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fegn5rzl29ec28jzk1q5q.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fegn5rzl29ec28jzk1q5q.png" alt="A magnifying glass held over a computer network cable, showing encrypted, unreadable data packets flowing through it, il" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The Case for AI Governance at the Device
&lt;/h2&gt;

&lt;p&gt;Governing AI on the endpoint closes the visibility gaps left by network-level controls. By placing an agent on the device, security and platform teams can see and control AI activity at its source.&lt;/p&gt;

&lt;h3&gt;
  
  
  Complete Visibility into All AI Usage
&lt;/h3&gt;

&lt;p&gt;Endpoint governance provides a complete inventory of all AI tools in use across a fleet, including desktop apps, browser extensions, coding agents, and even locally running MCP servers. This visibility is the first and most critical step toward effective governance; you cannot govern what you cannot see. An endpoint agent can identify every AI application, who is using it, and what data it accesses, creating the foundation for policy enforcement.&lt;/p&gt;

&lt;h3&gt;
  
  
  Context-Aware Policy Enforcement
&lt;/h3&gt;

&lt;p&gt;Unlike a firewall, a device-level agent understands the full context of an AI interaction. It can see the user, the application generating the request, the content of the prompt, and the local files or data being accessed. This allows for highly granular, context-aware policies. For example, a policy could allow employees to use a sanctioned AI tool for general queries but block prompts containing personally identifiable information (PII) or source code. This level of control is impossible at the firewall.&lt;/p&gt;

&lt;h3&gt;
  
  
  Real-Time Intervention Before Data Leaves
&lt;/h3&gt;

&lt;p&gt;Governing at the device means policy is enforced before sensitive data ever leaves the machine. An endpoint agent can inspect a prompt or a file upload in real time, block it based on content, and prevent it from being sent to an external AI model. This preemptive control is a significant advantage over network-based data loss prevention (DLP), which can only react after the data has already traversed the internal network.&lt;/p&gt;

&lt;h2&gt;
  
  
  A Unified Approach: AI Gateway and Endpoint Governance
&lt;/h2&gt;

&lt;p&gt;The most effective AI governance strategy combines a centralized control plane with distributed endpoint enforcement. This is the model offered by &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, an &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt;, and its endpoint component, &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt; acts as the central policy engine. It is where administrators configure &lt;a href="https://docs.getbifrost.ai/features/governance/virtual-keys" rel="noopener noreferrer"&gt;virtual keys&lt;/a&gt;, set budgets and rate limits, define routing rules, and apply security &lt;a href="https://docs.getbifrost.ai/enterprise/guardrails" rel="noopener noreferrer"&gt;guardrails&lt;/a&gt;. For traffic configured to route through it, the gateway provides comprehensive control and &lt;a href="https://docs.getbifrost.ai/features/observability/default" rel="noopener noreferrer"&gt;observability&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;However, to address shadow AI, that governance must be extended to the endpoint. &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; is an agent that runs on macOS, Windows, and Linux devices and transparently routes all AI traffic through the organization's Bifrost gateway.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fcoxe6iqddzpkv52dvuos.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fcoxe6iqddzpkv52dvuos.png" alt="A central control tower (representing an AI gateway) emitting policy signals to a fleet of laptops, each with a small, g" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This combined approach delivers several key benefits:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Centralized Policy, Distributed Enforcement&lt;/strong&gt;: Policies are defined once in the Bifrost gateway and enforced consistently everywhere, from backend services to every employee's laptop.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Zero-Configuration for Users&lt;/strong&gt;: Employees continue using their preferred AI tools like Claude Desktop, ChatGPT, and &lt;a href="https://docs.getbifrost.ai/cli-agents/cursor" rel="noopener noreferrer"&gt;Cursor&lt;/a&gt; without changing any settings. Edge automatically handles the routing in the background.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Fleet-Wide Deployment&lt;/strong&gt;: Bifrost Edge is designed for enterprise scale and can be rolled out silently across thousands of machines using existing MDM platforms like &lt;a href="https://docs.getbifrost.ai/edge/deployment-mdm" rel="noopener noreferrer"&gt;Jamf, Intune, or Kandji&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Complete Audit Trail&lt;/strong&gt;: Every AI prompt and response from every device is logged, providing a complete audit trail for compliance and security investigations.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Moving Beyond the Perimeter
&lt;/h2&gt;

&lt;p&gt;Relying on firewalls for AI governance is like trying to secure a modern office building with only a front-door security guard. While essential, it fails to address the activity happening inside. As AI becomes more integrated into daily workflows and more autonomous, security controls must move closer to the data and the user.&lt;/p&gt;

&lt;p&gt;Endpoint governance is not a replacement for firewalls but a necessary evolution of the security stack. By shifting enforcement to the device, organizations can gain the visibility and contextual control required to manage the risks of shadow AI, enabling employees to innovate responsibly without exposing the business. Teams evaluating AI governance solutions can &lt;a href="https://getmaxim.ai/bifrost/book-a-demo" rel="noopener noreferrer"&gt;request a demo of Bifrost&lt;/a&gt; to see how its combined gateway and endpoint approach works.&lt;/p&gt;

</description>
      <category>aioverhauls</category>
      <category>security</category>
      <category>go</category>
      <category>devops</category>
    </item>
    <item>
      <title>What to Look For in an Endpoint AI Governance Agent</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:06:51 +0000</pubDate>
      <link>https://dev.to/james_whitfield/what-to-look-for-in-an-endpoint-ai-governance-agent-c83</link>
      <guid>https://dev.to/james_whitfield/what-to-look-for-in-an-endpoint-ai-governance-agent-c83</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fe8zcyahtjiwq354d0lox.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fe8zcyahtjiwq354d0lox.png" alt="What to Look For in an Endpoint AI Governance Agent" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;As employees adopt desktop AI clients, coding agents, and browser-based tools, organizations need a way to enforce security and compliance policies directly on the device. An endpoint AI governance agent is the solution, but not all agents are created equal. An effective agent must extend a centralized policy engine, govern all forms of AI traffic, and operate transparently without disrupting workflows. &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; and its endpoint agent, Bifrost Edge, provide a complete model for this.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The use of unsanctioned AI tools by employees, often called "shadow AI," has become a primary security and governance challenge for enterprises. When employees use personal accounts for ChatGPT, wire up local Model Context Protocol (MCP) servers, or use unapproved coding assistants, they operate outside of the organization's control plane. This creates significant risks, including data leakage, compliance violations, and intellectual property loss. An &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt; like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; can centralize policy for known traffic, but it cannot govern what it cannot see.&lt;/p&gt;

&lt;p&gt;This is the problem an endpoint AI governance agent is designed to solve. By running directly on employee machines, the agent brings all AI activity—from desktop apps to browser sessions—under a unified policy, closing the visibility gap that shadow AI exploits.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Core Problem: Shadow AI and Ungoverned MCP Servers
&lt;/h2&gt;

&lt;p&gt;Shadow AI is the practice of using AI tools without approval or oversight from IT and security teams. It happens because employees seek to be more productive, adopting tools that fit their workflow, often unaware of the associated risks. A recent Gartner report noted that a significant percentage of employees use personal AI accounts for work, and many admit to uploading sensitive data to these unapproved tools.&lt;/p&gt;

&lt;p&gt;A critical and often invisible component of shadow AI is the proliferation of "Shadow MCP." The &lt;a href="https://www.getmaxim.ai/bifrost/resources/mcp-gateway" rel="noopener noreferrer"&gt;Model Context Protocol (MCP)&lt;/a&gt; is the standard that allows AI agents to interact with external tools, databases, and APIs. Employees, particularly developers, often run local MCP servers to connect AI agents to internal resources. These unmanaged servers create unaudited pathways to sensitive data, operating completely outside of established security frameworks.&lt;/p&gt;

&lt;p&gt;An endpoint agent's first job is to make this invisible activity visible and bring it under a consistent governance model.&lt;/p&gt;

&lt;h2&gt;
  
  
  Key Capabilities of an Effective Endpoint AI Agent
&lt;/h2&gt;

&lt;p&gt;When evaluating an endpoint AI governance solution, teams should look for specific capabilities that address the realities of modern AI usage. A policy document is not enough; effective governance requires technical enforcement on the device itself.&lt;/p&gt;

&lt;h3&gt;
  
  
  1. Unified Policy Engine: The Gateway + Edge Model
&lt;/h3&gt;

&lt;p&gt;An endpoint agent should not be a standalone tool with its own set of rules. It must be an extension of a central policy engine. The most effective architecture is a combined AI gateway and endpoint agent model.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;The AI Gateway as a Control Plane:&lt;/strong&gt; The gateway is where administrators define all governance policies: virtual keys, access controls, budgets, rate limits, audit logging, and security guardrails. It serves as the single source of truth for the entire organization.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;The Endpoint Agent as the Enforcer:&lt;/strong&gt; The agent runs on each machine (macOS, Windows, Linux) and ensures all AI traffic from that device routes through the central gateway. This means the same policies apply everywhere, without needing to configure each app or tool separately.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt; and &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; exemplify this model. Policies configured in the gateway are automatically enforced by the Edge agent on every employee's machine, providing consistent governance for all AI activity.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyniw6russdb6dm30t6k8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyniw6russdb6dm30t6k8.png" alt="A blueprint diagram showing a central hub labeled 'Gateway' with policy lines extending outwards to various endpoint ico" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Comprehensive Application and MCP Governance
&lt;/h3&gt;

&lt;p&gt;An agent must be able to see and control the full spectrum of AI tools used by employees. This includes four key surfaces:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Desktop AI Apps:&lt;/strong&gt; Standalone clients like Claude Desktop and the ChatGPT app.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;AI in the Browser:&lt;/strong&gt; Web-based interfaces such as claude.ai and chatgpt.com.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Coding Agents:&lt;/strong&gt; Tools used in the terminal and IDE, like Claude Code and Codex CLI.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;MCP Servers:&lt;/strong&gt; Local and remote tool servers that agents connect to.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A robust endpoint solution provides a fleet-wide inventory of all discovered apps and MCP servers. From this central dashboard, administrators should be able to approve or deny tools with policies that propagate to every device. With &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt;, administrators can &lt;a href="https://docs.getbifrost.ai/edge/app-governance" rel="noopener noreferrer"&gt;manage application access&lt;/a&gt; and &lt;a href="https://docs.getbifrost.ai/edge/mcp-governance" rel="noopener noreferrer"&gt;govern MCP servers&lt;/a&gt; from a single interface, ensuring that only sanctioned tools can operate.&lt;/p&gt;

&lt;h3&gt;
  
  
  3. Transparent Operation and Zero-Configuration Experience
&lt;/h3&gt;

&lt;p&gt;For an endpoint agent to be successful, it must not create friction for users. The ideal agent is invisible after a one-time setup.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;No Per-App Setup:&lt;/strong&gt; Users should not need to change base URLs, swap SDKs, or reconfigure their tools. The agent should intercept and route traffic transparently at the machine level.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;SSO Integration:&lt;/strong&gt; Initial setup should be seamless, using the organization's existing single sign-on (SSO) provider (Okta, Microsoft Entra, Google Workspace) to link the device to a user and sync their policies.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;User Control:&lt;/strong&gt; While the agent enforces company policy, it should provide a simple interface for users to see their status, active policies, and switch between different virtual keys if their role requires it.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; is designed for this transparency. It lives in the menu bar or system tray, requires a single browser-based sign-in, and automatically governs all &lt;a href="https://docs.getbifrost.ai/edge/supported-applications" rel="noopener noreferrer"&gt;supported AI applications&lt;/a&gt; without any user intervention.&lt;/p&gt;

&lt;h3&gt;
  
  
  4. Fleet-Wide Deployment and Management
&lt;/h3&gt;

&lt;p&gt;Endpoint governance is only effective if it covers every device. An enterprise-grade agent must support silent, large-scale deployment through standard Mobile Device Management (MDM) platforms.&lt;/p&gt;

&lt;p&gt;Look for support for tools like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  Jamf&lt;/li&gt;
&lt;li&gt;  Microsoft Intune&lt;/li&gt;
&lt;li&gt;  Kandji&lt;/li&gt;
&lt;li&gt;  Workspace ONE&lt;/li&gt;
&lt;li&gt;  JumpCloud&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;MDM solutions allow administrators to push the agent to every corporate device with a managed configuration, ensuring consistent rollout and policy enforcement from day one. &lt;a href="https://docs.getbifrost.ai/edge/deployment-mdm" rel="noopener noreferrer"&gt;Bifrost Edge offers full MDM deployment support&lt;/a&gt;, enabling platform teams to secure their entire fleet without manual setup on each machine.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foqb1rzlbm00gm61rluwt.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foqb1rzlbm00gm61rluwt.png" alt="A fleet of laptops arranged in a neat grid, with a single gear icon being placed onto each one by a robotic arm, symboli" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  5. Extension of Existing Security and Compliance Controls
&lt;/h3&gt;

&lt;p&gt;Finally, an endpoint AI governance agent must integrate with and extend the security controls an organization already relies on. Because all traffic is routed through the central AI gateway, every request from the endpoint inherits the same protections.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Guardrails:&lt;/strong&gt; PII detection, secrets scanning, and custom content policies configured in the gateway are applied to prompts and responses from desktop and browser apps. &lt;a href="https://docs.getbifrost.ai/enterprise/guardrails" rel="noopener noreferrer"&gt;Bifrost's guardrail capabilities&lt;/a&gt; are extended to the endpoint via Edge.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Audit Logs:&lt;/strong&gt; All endpoint AI activity is captured in the gateway's &lt;a href="https://docs.getbifrost.ai/enterprise/audit-logs" rel="noopener noreferrer"&gt;immutable audit logs&lt;/a&gt;, providing the documentation needed for compliance with frameworks like SOC 2, HIPAA, and the EU AI Act.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Cost and Access Controls:&lt;/strong&gt; Budgets and rate limits defined by &lt;a href="https://docs.getbifrost.ai/features/governance/virtual-keys" rel="noopener noreferrer"&gt;virtual keys&lt;/a&gt; apply to endpoint usage, preventing cost overruns from unsanctioned tools.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Conclusion: The Endpoint is the New Control Plane
&lt;/h2&gt;

&lt;p&gt;As AI becomes more decentralized, endpoint governance moves from a "nice-to-have" to a core component of any enterprise AI strategy. Written policies are insufficient to manage the risks of shadow AI. Organizations need a technical solution that provides visibility and enforces policy directly on the device.&lt;/p&gt;

&lt;p&gt;An effective endpoint agent works as part of a unified system, extending a central AI gateway's policies to every machine. It governs all types of AI tools, operates transparently for users, and deploys at scale. By adopting a solution like the &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt; with the &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; agent, organizations can turn their endpoint blind spots into a governed, secure, and compliant part of their AI ecosystem. Teams evaluating solutions can &lt;a href="https://getmaxim.ai/bifrost/book-a-demo" rel="noopener noreferrer"&gt;request a Bifrost demo&lt;/a&gt; to see how the gateway and endpoint agent work together.&lt;/p&gt;

&lt;h2&gt;
  
  
  Sources
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;a href="https://docs.getbifrost.ai/edge/overview" rel="noopener noreferrer"&gt;Bifrost Edge Documentation&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.bonadio.com/article/governing-shadow-it-ai-from-reactive-risk-to-proactive-strategy" rel="noopener noreferrer"&gt;Governing Shadow IT &amp;amp; AI - The Bonadio Group&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://blog.gitguardian.com/mcp-governance-framework-at-scale-for-enterprises/" rel="noopener noreferrer"&gt;MCP Governance Framework at Scale for Enterprises - GitGuardian Blog&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.avepoint.com/blog/information-management/shadow-ai-shadow-it/" rel="noopener noreferrer"&gt;Shadow AI is the New Shadow IT - AvePoint&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.paloaltonetworks.com/cyberpedia/what-is-shadow-ai" rel="noopener noreferrer"&gt;What Is Shadow AI? - Palo Alto Networks&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://mcp.ai/governance-and-stewardship/" rel="noopener noreferrer"&gt;Model Context Protocol (MCP) Governance&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aigovernance</category>
      <category>security</category>
      <category>enterprise</category>
      <category>devops</category>
    </item>
    <item>
      <title>Governing AI on Every Company Computer: A Reference Architecture</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:06:06 +0000</pubDate>
      <link>https://dev.to/james_whitfield/governing-ai-on-every-company-computer-a-reference-architecture-2k52</link>
      <guid>https://dev.to/james_whitfield/governing-ai-on-every-company-computer-a-reference-architecture-2k52</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnrlhvyfdlonsc0jsezly.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnrlhvyfdlonsc0jsezly.png" alt="Governing AI on Every Company Computer: A Reference Architecture" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;To effectively govern AI, organizations need a reference architecture that extends from a central gateway to every endpoint. This post outlines a three-plane model for the control plane (gateway), the enforcement plane (endpoint agent), and the management plane (MDM) that closes governance gaps left by shadow AI.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The adoption of generative AI has created a significant governance gap in most organizations. While security and platform teams focus on controlling AI through centrally managed gateways, employees are using unapproved desktop apps, browser-based tools, and coding agents on their company computers. This "shadow AI" operates outside of established controls, creating unmonitored pathways for data exfiltration, compliance violations, and other security risks.&lt;/p&gt;

&lt;p&gt;An effective AI governance strategy cannot stop at the network edge; it must extend to the endpoint where AI tools are actually used. A policy document is not a technical control. Real governance requires an architecture that ensures the rules defined centrally are enforced on every device. This article presents a vendor-agnostic reference architecture for achieving this, composed of three distinct but interconnected planes: a control plane, an enforcement plane, and a management plane.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Challenge: Shadow AI and the Endpoint Blind Spot
&lt;/h2&gt;

&lt;p&gt;Shadow AI refers to the use of AI tools within an organization without IT approval or oversight. It's a modern variant of shadow IT, but with higher stakes due to the ability of AI models to process and retain sensitive data. When an employee pastes proprietary code or confidential customer data into a public AI chatbot, that information can become part of the model's training data, effectively leaking it.&lt;/p&gt;

&lt;p&gt;The core problem is that a gateway-only approach to AI governance is incomplete. An AI gateway can only enforce policies on traffic that is explicitly configured to pass through it. The tools employees download and use on their own—from the ChatGPT desktop app to coding agents like Claude Code—bypass these gateways by default, leaving a massive blind spot. This is where a comprehensive architecture becomes necessary.&lt;/p&gt;

&lt;h2&gt;
  
  
  A Three-Plane Reference Architecture for Endpoint Governance
&lt;/h2&gt;

&lt;p&gt;A robust solution for governing AI across a fleet of computers relies on the clear separation of duties across three architectural layers. This model draws inspiration from established frameworks like the &lt;a href="https://www.nist.gov/itl/ai-risk-management-framework" rel="noopener noreferrer"&gt;NIST AI Risk Management Framework&lt;/a&gt; and Zero Trust principles, applying them to the specific problem of endpoint AI control.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; &lt;strong&gt;The Control Plane (AI Gateway)&lt;/strong&gt;: Where policy is defined.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;The Enforcement Plane (Endpoint Agent)&lt;/strong&gt;: Where policy is applied.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;The Management Plane (MDM)&lt;/strong&gt;: How the enforcement agent is deployed and managed.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;This separation ensures that policy decisions are centralized and consistent, while enforcement is distributed and universally applied.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8bmhhem6oh07j4lxjve7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F8bmhhem6oh07j4lxjve7.png" alt="A visual metaphor of a central lighthouse (the AI gateway) projecting beams of light (policies) towards a fleet of ships" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Plane 1: The Control Plane (The AI Gateway)
&lt;/h3&gt;

&lt;p&gt;The control plane is the centralized policy engine for all AI traffic. This is typically an AI gateway, a specialized proxy that sits between AI applications and the various model providers (like OpenAI, Anthropic, or Google).&lt;/p&gt;

&lt;p&gt;The gateway serves as the single point for defining and managing the rules of AI engagement for the entire organization. Its key responsibilities in this architecture include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Unified Policy Management&lt;/strong&gt;: Central definition of all AI policies, such as which models are approved, which users or teams have access, and what data is allowed.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Virtual Keys and Budgets&lt;/strong&gt;: Instead of scattering provider API keys across applications, the gateway uses virtual keys to abstract them. These keys are tied to specific projects, teams, or users and can have granular budgets and rate limits attached.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Guardrails&lt;/strong&gt;: The gateway inspects prompts and responses in real-time to block sensitive data (like PII or API keys) from leaving the organization and to prevent harmful or non-compliant content from being returned by the model.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Audit Logging&lt;/strong&gt;: It creates an immutable, centralized log of all AI interactions, which is essential for security audits and compliance with regulations like SOC 2, HIPAA, or GDPR.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Platforms like &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, which combine a gateway with an endpoint component, exemplify this model where the gateway acts as the "brain" of the operation.&lt;/p&gt;

&lt;h3&gt;
  
  
  Plane 2: The Enforcement Plane (The Endpoint Agent)
&lt;/h3&gt;

&lt;p&gt;The enforcement plane's job is to ensure the policies defined in the control plane are applied to every AI tool running on a user's machine. This is accomplished by a lightweight, always-on agent that is installed on each company computer.&lt;/p&gt;

&lt;p&gt;This agent is not a second policy engine. Its sole purpose is to intercept AI-related traffic on the device and route it through the central AI gateway (the control plane). This transparent routing is the mechanism that closes the shadow AI gap.&lt;/p&gt;

&lt;p&gt;Key responsibilities of the enforcement agent include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Application and Tool Discovery&lt;/strong&gt;: The agent identifies all known AI desktop applications, browser-based AI tools, and CLI coding agents running on the machine. This provides administrators with a real-time inventory of AI usage across the fleet.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Transparent Traffic Routing&lt;/strong&gt;: It automatically and transparently routes traffic from these applications to the organization's AI gateway. The user does not need to configure anything; the tools they already use are simply brought under governance.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Policy Enforcement&lt;/strong&gt;: By forcing traffic through the gateway, the agent ensures all policies—budgets, guardrails, audit requirements—are applied, even to previously ungoverned tools.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Block/Allow Capabilities&lt;/strong&gt;: Based on policy from the control plane, the agent can either route an application's traffic or block it entirely, preventing the use of unapproved AI tools on company devices.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This architecture ensures that governance follows the user and the application, regardless of how or where the AI tool is run.&lt;/p&gt;

&lt;h3&gt;
  
  
  Plane 3: The Management Plane (MDM Platform)
&lt;/h3&gt;

&lt;p&gt;The management plane is the mechanism for deploying, configuring, and maintaining the enforcement agent across the entire fleet of company devices. This is the role of Mobile Device Management (MDM) or Unified Endpoint Management (UEM) platforms like &lt;a href="https://www.jamf.com/solutions/ai-governance/" rel="noopener noreferrer"&gt;Jamf&lt;/a&gt;, Microsoft Intune, or Kandji.&lt;/p&gt;

&lt;p&gt;MDM platforms are critical for operationalizing endpoint governance at scale. Their responsibilities include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Silent, Fleet-Wide Deployment&lt;/strong&gt;: Pushing the enforcement agent to all managed devices without requiring any user interaction.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Managed Configuration&lt;/strong&gt;: Securely delivering the initial configuration to the agent, such as the address of the organization's AI gateway. This avoids hardcoding sensitive information and allows for centralized updates.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Health and Status Monitoring&lt;/strong&gt;: Reporting on the installation status and health of the enforcement agent across all devices.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Lifecycle Management&lt;/strong&gt;: Handling updates and uninstallation of the agent as needed.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Using an MDM platform turns the endpoint agent from a tool that must be manually installed into a standard, non-bypassable component of the corporate software stack.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdt6xdmmdqpbgpjd56iil.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdt6xdmmdqpbgpjd56iil.png" alt="A clean, abstract illustration of a factory assembly line. A robotic arm (MDM) places a small, glowing security chip (en" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Putting It All Together: The Governed AI Request Flow
&lt;/h2&gt;

&lt;p&gt;When these three planes work in concert, the flow for governing a request from an employee's laptop looks like this:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; &lt;strong&gt;Deployment&lt;/strong&gt;: The &lt;strong&gt;MDM platform&lt;/strong&gt; (Management Plane) deploys the &lt;strong&gt;endpoint agent&lt;/strong&gt; (Enforcement Plane) to a new company laptop with a managed configuration pointing it to the corporate &lt;strong&gt;AI gateway&lt;/strong&gt; (Control Plane).&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;User Action&lt;/strong&gt;: An employee opens an AI tool on their laptop—for example, the Claude Desktop app.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Interception &amp;amp; Routing&lt;/strong&gt;: The &lt;strong&gt;endpoint agent&lt;/strong&gt; detects the network request from the app, intercepts it, and securely routes it to the &lt;strong&gt;AI gateway&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Policy Adjudication&lt;/strong&gt;: The &lt;strong&gt;AI gateway&lt;/strong&gt; receives the request. It checks the user's identity, attaches the correct virtual key, verifies the request against assigned budgets and guardrails, and logs the entire transaction.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Execution&lt;/strong&gt;: If the request is compliant, the gateway forwards it to the upstream LLM provider. The response is routed back through the gateway, inspected by guardrails again, and then sent to the user's application.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;This architecture creates a system where policy is managed centrally, but enforcement is everywhere. It makes AI usage both safe and visible, eliminating the risks of shadow AI without having to block tools that make employees more productive.&lt;/p&gt;

&lt;h2&gt;
  
  
  Sources
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;a href="https://www.nist.gov/itl/ai-risk-management-framework" rel="noopener noreferrer"&gt;AI Risk Management Framework | NIST&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://zylo.com/blog/shadow-ai/" rel="noopener noreferrer"&gt;Shadow AI: Causes, Consequences, and Best Practices for Control | Zylo&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.crowdstrike.com/cybersecurity-101/shadow-it/shadow-ai/" rel="noopener noreferrer"&gt;What Is Shadow AI? Risks, Challenges, and How to Stay Secure | CrowdStrike&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.getmaxim.ai/bifrost/blog/from-ai-gateway-to-the-endpoint-closing-the-last-mile-of-ai-governance" rel="noopener noreferrer"&gt;From AI Gateway to the Endpoint: Closing the Last Mile of AI Governance | Maxim AI&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.udtonline.com/insights/blog/you-cant-govern-ai-if-you-dont-control-the-endpoint/" rel="noopener noreferrer"&gt;You Can't Govern AI If You Don't Control the Endpoint | UDT&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.microsoft.com/en-us/security/blog/2026/03/19/new-tools-and-guidance-announcing-zero-trust-for-ai/" rel="noopener noreferrer"&gt;New tools and guidance: Announcing Zero Trust for AI | Microsoft Security Blog&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.researchgate.net/publication/381488950_A_Reference_Architecture_for_Structural_AI_Governance_The_Three-Plane_Execution_Model" rel="noopener noreferrer"&gt;A Reference Architecture for Structural AI Governance | Charles R. Rupp via ResearchGate&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aioverview</category>
      <category>security</category>
      <category>architecture</category>
      <category>enterprise</category>
    </item>
    <item>
      <title>The Endpoint Is the New Perimeter for AI Governance</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:05:58 +0000</pubDate>
      <link>https://dev.to/james_whitfield/the-endpoint-is-the-new-perimeter-for-ai-governance-23gh</link>
      <guid>https://dev.to/james_whitfield/the-endpoint-is-the-new-perimeter-for-ai-governance-23gh</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnd2050kjnh338rq0uvuc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnd2050kjnh338rq0uvuc.png" alt="The Endpoint Is the New Perimeter for AI Governance" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;With AI applications running on every device, traditional network security has become insufficient for governance. Effective AI risk management requires extending policies to the endpoint, which tools like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; achieve by combining a central gateway with an endpoint agent.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The adoption of generative AI tools like ChatGPT, Claude Desktop, and various coding assistants is happening faster than most IT and security teams can track. Employees, seeking to be more productive, are connecting to these tools from their work laptops, often using unapproved applications and personal accounts. This trend, known as "shadow AI," creates a significant governance blind spot. When sensitive company data is entered into these unsanctioned tools, it bypasses all traditional security controls, exposing organizations to data leakage, compliance violations, and intellectual property loss.&lt;/p&gt;

&lt;p&gt;For decades, cybersecurity has been centered on the network perimeter. This model is breaking down. With remote work, cloud services, and now AI applications, the perimeter has dissolved and reformed around each individual device. To effectively govern AI, security and platform teams must adopt a new approach that treats the endpoint as the true perimeter. One of the tools built to address this is &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, an &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt; that can be extended with an endpoint agent to enforce central policies on every machine.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why the Network Perimeter Fails for Modern AI Workflows
&lt;/h2&gt;

&lt;p&gt;Traditional security tools like firewalls and network-based Data Loss Prevention (DLP) systems were designed for a world where corporate data stayed within a defined corporate network. Modern AI usage patterns make this model obsolete:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Direct-to-Cloud Connections:&lt;/strong&gt; Desktop applications and browser-based AI tools connect directly to cloud providers, bypassing on-premise network monitoring.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Encrypted Traffic:&lt;/strong&gt; Nearly all AI traffic is encrypted with TLS, making it opaque to passive network inspection without complex and often brittle "man-in-the-middle" decryption.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Dynamic Endpoints:&lt;/strong&gt; Employees work from various locations and networks, meaning their devices are frequently outside the corporate network perimeter where policies could be applied.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This mismatch leaves security teams unable to answer basic questions: Which AI tools are employees using? What data is being sent to them? Are we complying with regulations like GDPR or SOC 2? This lack of visibility is not just a policy gap; it's a critical, unmanaged risk.&lt;/p&gt;

&lt;h2&gt;
  
  
  What is Endpoint AI Governance?
&lt;/h2&gt;

&lt;p&gt;Endpoint AI governance shifts the point of control from the network to the device itself. Instead of trying to inspect traffic as it crosses a central point, policies are enforced directly on the laptops and workstations employees use every day. This approach aligns with the principles of Zero Trust architecture, which operates on the philosophy of "never trust, always verify" for every user and device, regardless of its location.&lt;/p&gt;

&lt;p&gt;By managing AI usage at its source, organizations can gain visibility and enforce rules consistently, whether an employee is in the office, at home, or connected to public Wi-Fi.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fma5hk1th18ybrxby56j0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fma5hk1th18ybrxby56j0.png" alt="A central control tower (representing an AI gateway) emitting policy signals to a fleet of laptops, each with a small, g" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  How Endpoint Governance Works: The Gateway and the Agent
&lt;/h2&gt;

&lt;p&gt;A complete endpoint governance solution consists of two integrated components: a central policy engine and a distributed enforcement agent.&lt;/p&gt;

&lt;h3&gt;
  
  
  The AI Gateway as the Central Control Plane
&lt;/h3&gt;

&lt;p&gt;The foundation of this model is an AI gateway like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;. The gateway serves as the single control plane where all governance policies are defined. This is where administrators configure the rules of AI engagement for the entire organization, including:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;&lt;a href="https://docs.getbifrost.ai/features/governance/virtual-keys" rel="noopener noreferrer"&gt;Virtual Keys&lt;/a&gt;:&lt;/strong&gt; Creating distinct access credentials for different users, teams, or projects.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;&lt;a href="https://docs.getbifrost.ai/features/governance/budget-and-limits" rel="noopener noreferrer"&gt;Budgets and Rate Limits&lt;/a&gt;:&lt;/strong&gt; Controlling costs and preventing abuse.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;&lt;a href="https://docs.getbifrost.ai/providers/routing-rules" rel="noopener noreferrer"&gt;Routing Rules&lt;/a&gt;:&lt;/strong&gt; Directing traffic to approved models and providers.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;&lt;a href="https://docs.getbifrost.ai/enterprise/guardrails" rel="noopener noreferrer"&gt;Guardrails&lt;/a&gt;:&lt;/strong&gt; Implementing security policies, such as detecting and redacting secrets or PII.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This centralized management ensures policies are consistent and easy to update. However, the gateway can only enforce these policies on traffic that is explicitly directed to it.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Endpoint Agent Extends Governance Everywhere
&lt;/h3&gt;

&lt;p&gt;The second component is an endpoint agent, such as &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt;, which is installed on each employee's machine. This agent works transparently in the background to intercept all AI-related traffic from any application and route it through the organization's central AI gateway.&lt;/p&gt;

&lt;p&gt;This combination is powerful. It means the same robust &lt;a href="https://www.getmaxim.ai/bifrost/resources/governance" rel="noopener noreferrer"&gt;governance&lt;/a&gt; and security controls defined in the Bifrost gateway are applied to all AI traffic automatically. Beyond routing, Bifrost applies security controls (virtual keys, budgets, guardrails, audit logs) centrally, and &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; extends that same governance and security to AI traffic on employee machines, with &lt;a href="https://docs.getbifrost.ai/edge/security" rel="noopener noreferrer"&gt;endpoint enforcement&lt;/a&gt; on each device. This closes the shadow AI gap without requiring users to change their behavior or reconfigure their favorite tools.&lt;/p&gt;

&lt;h2&gt;
  
  
  Key Capabilities of an Endpoint AI Governance Solution
&lt;/h2&gt;

&lt;p&gt;When evaluating solutions for endpoint AI governance, organizations should look for a platform like the &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt; with its Edge component that provides comprehensive visibility and control.&lt;/p&gt;

&lt;h3&gt;
  
  
  Visibility and Control over AI Applications
&lt;/h3&gt;

&lt;p&gt;The first step in governing shadow AI is seeing it. An endpoint agent can &lt;a href="https://docs.getbifrost.ai/edge/app-governance" rel="noopener noreferrer"&gt;inventory every AI application&lt;/a&gt; installed on the company's fleet of devices. This data feeds into a central dashboard where administrators can see which tools are being used, by whom, and how often. Based on this visibility, they can create and enforce policies to allow approved applications and block unsanctioned ones directly on the device.&lt;/p&gt;

&lt;h3&gt;
  
  
  MCP Server Discovery and Governance
&lt;/h3&gt;

&lt;p&gt;Modern AI agents and coding tools often connect to Model Context Protocol (MCP) servers to interact with external tools and data sources. These servers represent another vector for ungoverned data exchange. An endpoint solution should provide &lt;a href="https://docs.getbifrost.ai/edge/mcp-governance" rel="noopener noreferrer"&gt;MCP server discovery and governance&lt;/a&gt;, giving security teams a full inventory of these connections and the ability to allow or deny them based on corporate policy.&lt;/p&gt;

&lt;h3&gt;
  
  
  Fleet-Wide Deployment and Management
&lt;/h3&gt;

&lt;p&gt;Manually installing and configuring agents across hundreds or thousands of devices is not scalable. A true enterprise solution must support silent, large-scale deployment through Mobile Device Management (MDM) platforms. Look for support for tools like &lt;a href="https://docs.getbifrost.ai/edge/deployment-mdm" rel="noopener noreferrer"&gt;Jamf, Microsoft Intune, Kandji, and Workspace ONE&lt;/a&gt;, which allow for automated, policy-driven rollouts across an entire fleet of macOS, Windows, and Linux machines.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0u0s99jkkypwiwe1oem1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0u0s99jkkypwiwe1oem1.png" alt="An administrator's hand pushing a single deployment button on a screen, which causes configuration profiles to fly out a" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The Business Impact of Endpoint-First AI Governance
&lt;/h2&gt;

&lt;p&gt;Adopting an endpoint-first approach to AI governance allows organizations to move from a reactive to a proactive security posture. It enables teams to embrace the productivity benefits of AI tools while mitigating the associated risks. The result is a framework that supports secure innovation, provides a clear audit trail for compliance, and protects the organization's most sensitive data, no matter where its employees work.&lt;/p&gt;

&lt;h2&gt;
  
  
  Next Steps for Securing AI
&lt;/h2&gt;

&lt;p&gt;As AI becomes more integrated into daily workflows, the risks associated with ungoverned use will only grow. The traditional network perimeter is no longer a reliable line of defense. By shifting focus to the endpoint, organizations can build a more resilient and comprehensive governance strategy. Teams evaluating how to secure their AI usage can &lt;a href="https://getmaxim.ai/bifrost/book-a-demo" rel="noopener noreferrer"&gt;request a Bifrost demo&lt;/a&gt; to see how a combined gateway and endpoint solution works, or review the &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source repository&lt;/a&gt; to explore the core technology.&lt;/p&gt;

&lt;h2&gt;
  
  
  Sources
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;a href="https://www.ibm.com/topics/shadow-ai" rel="noopener noreferrer"&gt;What Is Shadow AI? - IBM&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint" rel="noopener noreferrer"&gt;The Endpoint: The Foundation of Today's Attack Surface - Palo Alto Networks&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://csrc.nist.gov/pubs/sp/800/207/final" rel="noopener noreferrer"&gt;What Is Zero Trust Architecture? - NIST SP 800-207&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.southwestai.solutions/blog/the-risks-of-ungoverned-ai-a-guide-for-business-leaders" rel="noopener noreferrer"&gt;The Risks of Ungoverned AI - South West AI Solutions&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aigovernance</category>
      <category>cybersecurity</category>
      <category>shadowai</category>
      <category>zerotrust</category>
    </item>
    <item>
      <title>Endpoint AI Governance vs. Network Controls: What Each Can and Can't Do</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:04:39 +0000</pubDate>
      <link>https://dev.to/james_whitfield/endpoint-ai-governance-vs-network-controls-what-each-can-and-cant-do-2mh9</link>
      <guid>https://dev.to/james_whitfield/endpoint-ai-governance-vs-network-controls-what-each-can-and-cant-do-2mh9</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgx91rvujgo34di3v0iyr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgx91rvujgo34di3v0iyr.png" alt="Endpoint AI Governance vs. Network Controls: What Each Can and Can't Do" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;A comparison of network-level and device-level controls for governing AI. Traditional network security is blind to encrypted, semantic threats, making endpoint governance a required layer for visibility into how AI is actually used.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The rapid adoption of generative AI has created a significant blind spot for enterprise security and IT teams: shadow AI. When employees use unapproved AI tools—from desktop clients like Claude and ChatGPT to coding agents in an IDE—they operate outside of established corporate controls. This unsanctioned usage creates risks of data leakage, compliance violations, and uncontrolled costs. Traditional network controls, like firewalls and proxies, were not designed to manage this new traffic, prompting a shift toward endpoint-first governance.&lt;/p&gt;

&lt;p&gt;This article compares endpoint AI governance with traditional network controls, examining what each can and cannot do. It explains why network-level visibility is insufficient for modern AI applications and how an AI gateway combined with an endpoint agent provides a more complete solution. An &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt; like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; acts as a central policy engine, while an endpoint agent extends those policies to the device where AI is actually used.&lt;/p&gt;

&lt;h2&gt;
  
  
  What are Traditional Network Controls?
&lt;/h2&gt;

&lt;p&gt;Network controls are security measures deployed at the boundaries of a corporate network. They are designed to monitor and filter traffic moving between an organization's internal network and the public internet. For decades, these have been the foundation of enterprise security.&lt;/p&gt;

&lt;p&gt;Key types of network controls include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Firewalls:&lt;/strong&gt; These inspect network traffic based on predefined rules, blocking or allowing packets based on IP addresses, ports, and protocols. While modern next-generation firewalls (NGFWs) have more advanced capabilities, their focus remains on network-level data.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Web Proxies/Secure Web Gateways (SWGs):&lt;/strong&gt; These act as intermediaries for internet-bound traffic, enforcing acceptable use policies and filtering for malicious content. They can block access to entire domains, such as known AI service websites.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Data Loss Prevention (DLP):&lt;/strong&gt; Network DLP solutions inspect outbound traffic for sensitive data patterns, such as credit card numbers or social security numbers, and can block transmissions that violate policy.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Cloud Access Security Brokers (CASBs):&lt;/strong&gt; These tools provide visibility and control over an organization's use of cloud services, enforcing security policies as users access cloud-based applications.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Where Network Controls Fall Short with AI Traffic
&lt;/h2&gt;

&lt;p&gt;The architecture of AI applications fundamentally breaks the assumptions that underpin traditional network security. AI traffic is encrypted, contextual, and increasingly initiated by applications that run entirely on the endpoint, bypassing network inspection points.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyx8rt243yhib5kwiw38b.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fyx8rt243yhib5kwiw38b.png" alt="A side-by-side comparison. On the left, a simplified network diagram shows a firewall at the edge, with multiple encrypt" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  1. Blindness to Encrypted Traffic
&lt;/h3&gt;

&lt;p&gt;Nearly all communication with AI services uses TLS 1.3 or other modern encryption protocols. This means that network-level controls like firewalls and legacy DLP systems cannot inspect the content of the prompts or the responses. They can see that a connection was made to &lt;code&gt;api.openai.com&lt;/code&gt;, but have no visibility into &lt;em&gt;what&lt;/em&gt; was sent. While some organizations use TLS inspection (SSL decryption), this practice is becoming less effective due to techniques like certificate pinning and can introduce performance and privacy issues.&lt;/p&gt;

&lt;h3&gt;
  
  
  2. Lack of Semantic Understanding
&lt;/h3&gt;

&lt;p&gt;Traditional security tools are built to analyze structured data and network packets, not the semantic meaning of natural language. A network firewall cannot understand the intent behind a prompt. For example, these two prompts are identical from a network perspective, but represent entirely different levels of risk:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;code&gt;"Summarize the key ideas in the latest public earnings report."&lt;/code&gt; (Benign)&lt;/li&gt;
&lt;li&gt;  &lt;code&gt;"Summarize this internal M&amp;amp;A document and draft a public press release."&lt;/code&gt; (High Risk)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A network DLP solution might catch a specific keyword or pattern, but it cannot interpret the context that makes the second prompt a serious data leak risk.&lt;/p&gt;

&lt;h3&gt;
  
  
  3. The Endpoint Blind Spot: Desktop, CLI, and Local Models
&lt;/h3&gt;

&lt;p&gt;The biggest gap for network controls is the rise of AI tools that run directly on employee machines. This includes:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Desktop Apps:&lt;/strong&gt; The official ChatGPT and Claude applications.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;IDE and CLI Tools:&lt;/strong&gt; GitHub Copilot, Codex CLI, and other coding assistants.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Local Models:&lt;/strong&gt; Open-source models running via tools like Ollama.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Traffic from these applications may never traverse the corporate network perimeter in a way that allows for inspection. An employee on a home network using a desktop AI app is completely invisible to a corporate firewall. This "shadow AI" usage accounts for a growing volume of enterprise AI interactions.&lt;/p&gt;

&lt;h3&gt;
  
  
  4. Inability to Govern Agentic Workflows
&lt;/h3&gt;

&lt;p&gt;Modern AI is moving beyond simple request-response interactions to autonomous agents that can execute multi-step tasks. These agents can access local files, call external APIs, and interact with other applications on the endpoint. Network controls have no visibility into these on-device actions and cannot distinguish between a sanctioned workflow and a compromised agent exfiltrating data.&lt;/p&gt;

&lt;h2&gt;
  
  
  What is Endpoint AI Governance?
&lt;/h2&gt;

&lt;p&gt;Endpoint AI governance shifts the control plane from the network perimeter to the device itself. It uses a lightweight agent installed on each machine (laptop, desktop) to monitor and manage AI usage at the source. This approach provides visibility into all forms of AI activity, regardless of the application, network, or user location.&lt;/p&gt;

&lt;h3&gt;
  
  
  How Endpoint Agents Work
&lt;/h3&gt;

&lt;p&gt;An endpoint agent for AI governance typically performs several key functions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Application and Process Discovery:&lt;/strong&gt; It identifies every AI application running on the device, including desktop clients, CLI tools, and even custom scripts making calls to AI models.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Traffic Interception:&lt;/strong&gt; The agent transparently routes all AI-related traffic from the device to a central control plane, like an AI gateway, before it goes to the external AI provider. This works for all apps without requiring individual configuration.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Policy Enforcement:&lt;/strong&gt; It enforces centralized policies on the device. For instance, it can block the use of unapproved applications or prevent sensitive data from being sent in a prompt.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Contextual Visibility:&lt;/strong&gt; It captures the full context of an interaction, including the user, the application used, the content of the prompt, and the model's response.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9sklyn1y879li3cexiy6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9sklyn1y879li3cexiy6.png" alt="A central, glowing brain-like orb labeled 'AI Gateway Policy Engine' connected by lines of light to multiple laptops. On" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The Combined Solution: AI Gateway + Bifrost Edge
&lt;/h2&gt;

&lt;p&gt;Neither network controls nor endpoint governance alone provides a complete solution. A truly effective strategy combines a centralized policy engine with endpoint enforcement.&lt;/p&gt;

&lt;p&gt;This is the model used by platforms like &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; &lt;strong&gt;The AI Gateway as the Control Plane:&lt;/strong&gt; The &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt; sits in an organization's infrastructure and serves as the central point for defining all AI policies. This is where administrators configure virtual keys, set budgets and rate limits, enable &lt;a href="https://docs.getbifrost.ai/enterprise/guardrails" rel="noopener noreferrer"&gt;guardrails&lt;/a&gt; for content filtering, and manage routing across different AI providers. The gateway ensures all &lt;em&gt;known&lt;/em&gt; traffic is governed.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Bifrost Edge for Endpoint Enforcement:&lt;/strong&gt; &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; is the lightweight agent deployed to every employee machine. It automatically and transparently intercepts all AI traffic—from desktop apps, browsers, and CLIs—and routes it through the organization's Bifrost gateway. This closes the "shadow AI" gap by ensuring that the policies defined in the gateway are applied to the AI tools employees actually use, with no per-app setup needed.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;This two-layer approach offers several advantages:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Complete Visibility:&lt;/strong&gt; See all AI usage, whether from sanctioned server-side applications or unsanctioned desktop tools.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Consistent Policy:&lt;/strong&gt; A single set of rules for access, security, and cost management applies everywhere.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;User Transparency:&lt;/strong&gt; Developers and other employees can continue using their preferred tools without changing workflows, while the organization maintains governance.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Conclusion: Control Must Follow the Data
&lt;/h2&gt;

&lt;p&gt;Traditional network controls are essential for general cybersecurity but are ill-equipped to govern modern AI. Their inability to inspect encrypted traffic, understand semantic context, and see activity on the endpoint renders them ineffective against the primary risks of shadow AI.&lt;/p&gt;

&lt;p&gt;Endpoint AI governance provides the necessary visibility and control where AI usage actually occurs: on the device. By pairing an endpoint agent like &lt;a href="https://docs.getbifrost.ai/edge/overview" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; with a central policy engine like the Bifrost AI gateway, organizations can enforce consistent security, compliance, and cost policies across every application and every user. For teams looking to get a handle on AI risk, the endpoint is the new perimeter.&lt;/p&gt;

&lt;h2&gt;
  
  
  Sources
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;a href="https://www.modern-security.com/p/ai-firewalls-gateways-and-defensive-architectures-explained" rel="noopener noreferrer"&gt;AI Firewalls, Gateways, and Defensive Architectures Explained - Modern Security&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.astrix.security/blog/ai-native-browsers-demand-ai-native-security-why-legacy-dlp-cant-protect-you" rel="noopener noreferrer"&gt;AI-Native Browsers Demand AI-Native Security - Astrix Security&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.cyberhaven.com/blog/endpoint-ai-agents-the-security-risk-you-cant-ignore/" rel="noopener noreferrer"&gt;Endpoint AI Agents: The Security Risk You Can't Ignore - Cyberhaven&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.gartner.com/en/articles/how-to-overcome-dlp-challenges-posed-by-generative-ai" rel="noopener noreferrer"&gt;How to Overcome DLP Challenges Posed by Generative AI - Gartner&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.paloaltonetworks.com/cyberpedia/what-is-shadow-ai" rel="noopener noreferrer"&gt;Shadow AI - Palo Alto Networks&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.cloudflare.com/learning/access-management/what-is-ztna/" rel="noopener noreferrer"&gt;Zero Trust Network Access (ZTNA) - Cloudflare&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aigovernance</category>
      <category>security</category>
      <category>endpoint</category>
      <category>zerotrust</category>
    </item>
    <item>
      <title>What a Device-Level AI Control Agent Actually Does</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:04:34 +0000</pubDate>
      <link>https://dev.to/james_whitfield/what-a-device-level-ai-control-agent-actually-does-oc2</link>
      <guid>https://dev.to/james_whitfield/what-a-device-level-ai-control-agent-actually-does-oc2</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fe12lurbycwngw56syilx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fe12lurbycwngw56syilx.png" alt="What a Device-Level AI Control Agent Actually Does" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;As AI tools become standard in the workplace, organizations face a critical governance gap. A device-level AI control agent closes this gap by extending security and management policies directly to the endpoint where work happens.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The proliferation of AI tools like ChatGPT, Claude, and GitHub Copilot has created a significant challenge for IT and security teams: employees are using powerful, cloud-based AI on company devices with little to no oversight. This phenomenon, often called "Shadow AI," introduces risks ranging from data leakage of sensitive intellectual property to non-compliance with regulations like GDPR and HIPAA. While some organizations attempt to block these tools outright, a more effective long-term strategy involves governing their use. This is the role of a device-level AI control agent.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Problem: Shadow AI and the Governance Gap
&lt;/h2&gt;

&lt;p&gt;An AI gateway is a common piece of infrastructure used to manage access to large language models (LLMs). It can enforce budgets, apply security guardrails, and audit requests. However, a gateway can only control traffic that is explicitly configured to pass through it. It has a fundamental blind spot: the endpoint.&lt;/p&gt;

&lt;p&gt;Employees often use AI in ways that bypass centralized gateways:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Web-based AI:&lt;/strong&gt; Using services like &lt;code&gt;chatgpt.com&lt;/code&gt; or &lt;code&gt;claude.ai&lt;/code&gt; directly in the browser.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Desktop Applications:&lt;/strong&gt; Installing native clients like Claude Desktop or the ChatGPT app.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Developer Tools:&lt;/strong&gt; Integrating AI agents directly into an IDE or command-line interface (CLI).&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This ungoverned usage means that prompts containing proprietary code, customer data, or strategic plans can be sent to third-party models without any record or control, creating a serious security risk. A 2023 report by Cisco highlighted that company data is being entered into generative AI applications, and many organizations lack adequate controls to monitor this.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Is a Device-Level AI Agent?
&lt;/h2&gt;

&lt;p&gt;A device-level AI control agent is a piece of software installed directly on an employee's computer (macOS, Windows, or Linux) that monitors and controls AI-related activity at the source. It acts as a local enforcement point for the organization's centralized AI policies.&lt;/p&gt;

&lt;p&gt;Instead of being blind to endpoint activity, the agent gives administrators two core capabilities:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; &lt;strong&gt;Visibility:&lt;/strong&gt; It discovers and inventories all AI applications and services being used across the fleet of managed devices.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Control:&lt;/strong&gt; It enforces policies on that usage, such as blocking unauthorized applications or routing traffic from approved tools through the company's secure AI gateway.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;This approach shifts the control plane from a purely network-based solution to one that is endpoint-aware, closing the governance gap left by shadow AI.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fai1698i7nwgaqcw7rdi5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fai1698i7nwgaqcw7rdi5.png" alt="A magnifying glass is held over a laptop, revealing glowing icons representing various AI applications (chat bubbles, co" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  How It Works: The Technical Mechanics
&lt;/h2&gt;

&lt;p&gt;Device-level agents typically work by intercepting network traffic locally on the machine. This is often accomplished by installing a trusted root certificate and establishing a local proxy or network filter that can inspect and reroute traffic before it leaves the device.&lt;/p&gt;

&lt;p&gt;The workflow generally follows these steps:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; &lt;strong&gt;Deployment:&lt;/strong&gt; The agent is deployed silently to all company devices using a Mobile Device Management (MDM) platform like &lt;a href="https://www.jamf.com/" rel="noopener noreferrer"&gt;Jamf&lt;/a&gt;, &lt;a href="https://www.microsoft.com/en-us/security/business/microsoft-intune" rel="noopener noreferrer"&gt;Microsoft Intune&lt;/a&gt;, or Kandji.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Policy Sync:&lt;/strong&gt; Once installed, the agent authenticates the user and machine and syncs the latest AI governance policies from a central control plane (often the organization's AI gateway).&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Traffic Interception:&lt;/strong&gt; The agent monitors network connections originating from the device. When it identifies traffic destined for a known AI service, it intercepts the request.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Policy Enforcement:&lt;/strong&gt; The agent checks the request against its local policy cache.

&lt;ul&gt;
&lt;li&gt;  If the application is &lt;strong&gt;disallowed&lt;/strong&gt;, the connection is blocked on the device.&lt;/li&gt;
&lt;li&gt;  If the application is &lt;strong&gt;allowed&lt;/strong&gt;, the agent transparently reroutes the traffic to the company's secure AI gateway. The gateway then applies its own fine-grained policies (e.g., budget checks, rate limits, PII redaction) before forwarding the request to the LLM provider.&lt;/li&gt;
&lt;/ul&gt;
&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Auditing:&lt;/strong&gt; All actions—both allowed and blocked—are logged for security and compliance auditing.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;This ensures that all AI usage, whether from a browser or a desktop app, is subject to the same set of corporate rules.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjs6m986xw54y81y7ztv2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjs6m986xw54y81y7ztv2.png" alt="A fleet of laptops arranged in a grid, each with a small, glowing shield icon on its screen. Lines connect them all to a" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Key Capabilities of Modern Agents
&lt;/h2&gt;

&lt;p&gt;When evaluating device-level AI control solutions, organizations typically look for a few key features:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Cross-Platform Support:&lt;/strong&gt; The agent must run natively on all operating systems used by the company (macOS, Windows, Linux).&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Broad Application Coverage:&lt;/strong&gt; It should be able to identify and control a wide range of AI tools, including web, desktop, and CLI agents.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Centralized Management:&lt;/strong&gt; The ability to define policies once and have them enforced across the entire fleet of devices.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;MDM Integration:&lt;/strong&gt; Seamless deployment and configuration through existing enterprise device management systems is essential for large-scale rollouts.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Low Performance Overhead:&lt;/strong&gt; The agent must be lightweight and not noticeably impact the user's device performance or network speed.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;User Transparency:&lt;/strong&gt; The agent should provide clear feedback to the user when an action is blocked due to policy, avoiding confusion and helpdesk tickets.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;As enterprise AI adoption matures, managing usage at the endpoint is no longer optional. A device-level control agent provides the necessary visibility and enforcement to allow employees to use AI tools productively while protecting the organization's sensitive data.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>governance</category>
      <category>mdm</category>
    </item>
    <item>
      <title>Endpoint AI Governance: How to Bring Every Laptop App Under Company Control</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:03:50 +0000</pubDate>
      <link>https://dev.to/james_whitfield/endpoint-ai-governance-how-to-bring-every-laptop-app-under-company-control-nbh</link>
      <guid>https://dev.to/james_whitfield/endpoint-ai-governance-how-to-bring-every-laptop-app-under-company-control-nbh</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frqk95ej3mxu63c5st32z.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frqk95ej3mxu63c5st32z.png" alt="Endpoint AI Governance: How to Bring Every Laptop App Under Company Control" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Bringing AI applications on employee laptops under corporate governance requires a new approach that combines a central policy engine with an endpoint agent. Tools like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; and its Edge component provide a blueprint for enforcing security, compliance, and cost controls on the AI people actually use.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The rapid adoption of desktop AI applications and coding assistants has created a significant governance gap in most organizations. Employees use tools like ChatGPT, Claude Desktop, and Cursor to improve productivity, but this activity often happens outside of established security and compliance frameworks. This phenomenon, known as "shadow AI," introduces substantial risk, including the potential for data leaks, compliance violations, and intellectual property loss. To solve this, engineering and security leaders need a mechanism to extend corporate governance to the endpoint. An emerging and effective model combines a centralized AI gateway like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, an &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt; from Maxim AI, with an endpoint agent that enforces the gateway's policies directly on each laptop.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Challenge of Shadow AI
&lt;/h2&gt;

&lt;p&gt;Shadow AI refers to the use of artificial intelligence tools by employees without the knowledge or approval of their IT and security departments. It's a modern variant of shadow IT, but with unique risks tied to how AI models process data. When an employee pastes proprietary source code into a public web-based chatbot or uses a desktop AI app to summarize a confidential document, that data leaves the organization's control. According to Gartner, this trend is expanding the corporate attack surface in ways that traditional security tools were not designed to handle.&lt;/p&gt;

&lt;p&gt;The core challenges include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Lack of Visibility&lt;/strong&gt;: Security teams cannot see which AI tools are in use, what data is being shared, or how frequently. This makes it impossible to assess risk or apply consistent policy.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Data Exfiltration&lt;/strong&gt;: Sensitive information, from customer data to unreleased financial reports and source code, can be inadvertently uploaded to third-party AI models, where it may be stored or used for training.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Compliance Violations&lt;/strong&gt;: Ungoverned AI usage can violate regulations like GDPR, HIPAA, or the EU AI Act, which hold the organization responsible for how personal and sensitive data is processed.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Inconsistent Security&lt;/strong&gt;: Without a central point of control, there is no way to enforce security measures like data redaction, access controls, or audit logging for AI traffic originating from employee laptops.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Common Approaches to Endpoint Control (and Their Limits)
&lt;/h2&gt;

&lt;p&gt;Organizations traditionally rely on a few methods to control application usage on corporate devices, but these often fall short when applied to the dynamic nature of AI tools.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Acceptable Use Policies (AUPs)&lt;/strong&gt;: Policies are a necessary foundation, but they are not a technical control. They rely on employee awareness and compliance, and they provide no visibility or enforcement mechanism.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Network-Level Blocking&lt;/strong&gt;: Using firewalls or proxies to block domains for known AI services can be a blunt instrument. It can hinder productivity and is easily bypassed with VPNs or by using desktop applications that communicate over standard encrypted channels.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Mobile Device Management (MDM)&lt;/strong&gt;: MDM platforms like &lt;a href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune" rel="noopener noreferrer"&gt;Microsoft Intune&lt;/a&gt; and &lt;a href="https://www.jamf.com/" rel="noopener noreferrer"&gt;Jamf&lt;/a&gt; are powerful tools for managing device fleets. They can be used to deploy software and enforce configurations, including blocking specific applications. However, MDM on its own is often focused on application inventory and blocklists, not on inspecting and governing the content of the API traffic flowing from those applications.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;While these methods have a role, they don't solve the core problem: how to allow productive use of approved AI tools while ensuring all traffic adheres to company-wide security and compliance rules.&lt;/p&gt;

&lt;h2&gt;
  
  
  A Modern Approach: AI Gateway + Endpoint Agent
&lt;/h2&gt;

&lt;p&gt;A more effective strategy for endpoint AI governance pairs a centralized AI gateway with a lightweight agent deployed on each machine. This model separates policy management from enforcement, creating a robust and scalable solution.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt; serves as the central control plane. Here, administrators configure all governance policies:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Virtual Keys&lt;/strong&gt;: Instead of managing raw API keys, teams create &lt;a href="https://docs.getbifrost.ai/features/governance/virtual-keys" rel="noopener noreferrer"&gt;virtual keys&lt;/a&gt; that control access, assign budgets, and set rate limits per user, team, or project.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Guardrails&lt;/strong&gt;: The gateway inspects prompts and responses, using tools like secrets detection or custom rules to prevent sensitive data from reaching an external model.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Routing and Fallbacks&lt;/strong&gt;: Policies can route requests to specific models or providers and configure &lt;a href="https://docs.getbifrost.ai/features/fallbacks" rel="noopener noreferrer"&gt;automatic fallbacks&lt;/a&gt; to maintain availability during an outage.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Audit Logs&lt;/strong&gt;: All AI requests are centrally logged, creating an immutable record for compliance and security reviews.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Bifrost Edge&lt;/strong&gt;, the endpoint agent, extends these gateway policies to every corporate laptop. It runs on macOS, Windows, and Linux, routing all detected AI traffic from desktop apps, browsers, and coding agents through the Bifrost gateway automatically.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9k49zla6gms0j8b9zosb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9k49zla6gms0j8b9zosb.png" alt="A visual metaphor showing a blueprint for a policy (gears, rules, logic gates) being transmitted from a central server t" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  How It Works: Centralized Policy, Local Enforcement
&lt;/h3&gt;

&lt;p&gt;The "AI Gateway + Bifrost Edge" model provides a clear workflow for bringing endpoint AI under governance.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; &lt;strong&gt;Policy Configuration&lt;/strong&gt;: Admins define all security, access, and cost-control policies in the central &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; gateway. This includes setting up guardrail profiles and virtual keys for different teams.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Endpoint Deployment&lt;/strong&gt;: The &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; agent is deployed to all laptops, typically via an &lt;a href="https://docs.getbifrost.ai/edge/deployment-mdm" rel="noopener noreferrer"&gt;MDM solution&lt;/a&gt;. This rollout is silent to the end-user.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Automatic Routing&lt;/strong&gt;: Once installed, Edge identifies AI traffic from &lt;a href="https://docs.getbifrost.ai/edge/supported-applications" rel="noopener noreferrer"&gt;supported applications&lt;/a&gt; and transparently routes it through the company's Bifrost instance. No manual configuration is needed in the AI apps themselves.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Policy Enforcement&lt;/strong&gt;: Because all traffic now flows through the gateway, every request is subject to the centrally defined policies. A developer using Claude Code in their terminal is governed by the same rules as a production service using the gateway's API. This includes Bifrost's governance and security controls, with &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; extending that same &lt;a href="https://docs.getbifrost.ai/edge/security" rel="noopener noreferrer"&gt;endpoint enforcement&lt;/a&gt; to each device.&lt;/li&gt;
&lt;/ol&gt;

&lt;h3&gt;
  
  
  Governing AI Apps and MCP Servers
&lt;/h3&gt;

&lt;p&gt;Endpoint AI governance goes beyond just LLM API calls. Modern coding assistants increasingly use the Model Context Protocol (MCP) to interact with local and remote tools. An effective governance solution must see and control this layer as well.&lt;/p&gt;

&lt;p&gt;Bifrost Edge provides deep visibility into the AI ecosystem on each device. The platform inventories all installed AI applications and configured MCP servers across the fleet. From a central dashboard, administrators can then make allow/deny decisions.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;App Governance&lt;/strong&gt;: Admins can approve specific applications for use and block others. This &lt;a href="https://docs.getbifrost.ai/edge/app-governance" rel="noopener noreferrer"&gt;application policy&lt;/a&gt; is enforced directly on the device by Edge.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;MCP Governance&lt;/strong&gt;: Edge discovers which MCP servers are configured in tools like Cursor or Claude Code. Admins can then create an allowlist of approved servers, blocking potentially risky or unknown tool providers. This capability is critical for preventing data exfiltration through agentic workflows.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Fleet-Wide Deployment with MDM
&lt;/h3&gt;

&lt;p&gt;Rolling out an endpoint agent across hundreds or thousands of devices requires integration with existing IT infrastructure. &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; is designed for managed deployment through standard MDM platforms like Jamf, Microsoft Intune, Kandji, and others.&lt;/p&gt;

&lt;p&gt;The MDM platform pushes the Edge agent and a managed configuration file to each device. This ensures that every agent is pre-configured to connect to the organization's Bifrost gateway. The user experience is seamless: after a one-time single sign-on (SSO) authentication, the agent runs in the background, providing continuous governance without interrupting workflows.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fqeou55kgx5u0creupl52.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fqeou55kgx5u0creupl52.png" alt="A fleet of laptops arranged in a neat grid, with a single command from a central console simultaneously deploying a smal" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Getting Started with Endpoint AI Governance
&lt;/h2&gt;

&lt;p&gt;Bringing all AI activity under a unified governance framework is becoming a critical function for security and engineering teams. The combination of a central AI gateway and an endpoint agent provides a scalable and effective solution to the challenge of shadow AI. By enforcing policies at the point of use, organizations can enable employees to leverage powerful AI tools while protecting sensitive data and maintaining compliance.&lt;/p&gt;

&lt;p&gt;Teams evaluating solutions for endpoint AI governance can &lt;a href="https://getmaxim.ai/bifrost/book-a-demo" rel="noopener noreferrer"&gt;request a Bifrost demo&lt;/a&gt; to see how the gateway and Edge agent work together, or review the &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source repository&lt;/a&gt; to explore the gateway's core capabilities.&lt;/p&gt;

&lt;h2&gt;
  
  
  Sources
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;a href="https://www.gartner.com/en/peer-insights/infographics/generative-ai-security-and-risk-management" rel="noopener noreferrer"&gt;Gartner, "Generative AI Security and Risk Management"&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.ibm.com/topics/shadow-ai" rel="noopener noreferrer"&gt;IBM, "What Is Shadow AI?"&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune" rel="noopener noreferrer"&gt;Microsoft, "Endpoint management at Microsoft"&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.paloaltonetworks.com/cyberpedia/what-is-shadow-ai" rel="noopener noreferrer"&gt;Palo Alto Networks, "What Is Shadow AI?"&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aioverflow</category>
      <category>governance</category>
      <category>security</category>
      <category>devops</category>
    </item>
    <item>
      <title>Device-Level AI Policy Enforcement Explained for Security Teams</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:03:39 +0000</pubDate>
      <link>https://dev.to/james_whitfield/device-level-ai-policy-enforcement-explained-for-security-teams-2hi9</link>
      <guid>https://dev.to/james_whitfield/device-level-ai-policy-enforcement-explained-for-security-teams-2hi9</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbvzdcf29ytzvs2sm1xjv.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbvzdcf29ytzvs2sm1xjv.png" alt="Device-Level AI Policy Enforcement Explained for Security Teams" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Device-level AI policy enforcement extends centralized security and governance controls to the endpoint, closing the visibility gap created by shadow AI. For security teams, tools like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; Edge provide the necessary mechanisms to discover, govern, and secure AI usage on every company machine.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The adoption of generative AI has introduced a significant security blind spot for most organizations: the endpoint. While security teams focus on governing AI traffic from production applications, employees are independently using desktop AI clients, browser-based AI tools, and coding agents that bypass centralized controls. This ungoverned usage, often called "shadow AI," creates unmonitored pathways for data exfiltration and introduces serious compliance risks. To address this, organizations are turning to device-level AI policy enforcement, a strategy that extends security policies directly to every employee's computer. One of the leading tools in this space is &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, an &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt; from Maxim AI, which uses its Bifrost Edge component to apply gateway-level policies on the endpoint.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Security Risk of Ungoverned Endpoint AI
&lt;/h2&gt;

&lt;p&gt;When employees use tools like ChatGPT, Claude Desktop, or integrated coding agents without oversight, they operate outside the organization's security perimeter. This creates several critical risks:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Data Leakage:&lt;/strong&gt; Sensitive information, such as intellectual property, customer data, or PII, can be inadvertently pasted into prompts, with no mechanism to prevent or audit its transmission to third-party AI providers.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Compliance Violations:&lt;/strong&gt; For organizations subject to regulations like SOC 2, HIPAA, or GDPR, the absence of &lt;a href="https://docs.getbifrost.ai/enterprise/audit-logs" rel="noopener noreferrer"&gt;audit logs&lt;/a&gt; and access controls for AI usage on endpoints can lead to non-compliance and significant penalties.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Lack of Visibility:&lt;/strong&gt; Security teams cannot answer fundamental questions about AI usage across the company: Which AI tools are in use? Who is using them? What kind of data is being submitted?&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Inconsistent Security:&lt;/strong&gt; Policies applied to official, sanctioned AI applications are rendered ineffective if employees can simply use an ungoverned alternative on their local machine.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  What is Device-Level AI Policy Enforcement?
&lt;/h2&gt;

&lt;p&gt;Device-level AI policy enforcement is the practice of installing a lightweight agent on endpoint devices (laptops, desktops) to intercept and manage all outbound AI traffic. Instead of relying on application-level SDKs or network-level proxies, this approach enforces policy directly on the machine where the AI interaction originates.&lt;/p&gt;

&lt;p&gt;The core principle is to extend the same robust governance framework used for production AI traffic to the endpoint. This is achieved through a combined-platform approach. A central AI gateway like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; serves as the control plane for defining all security and governance policies. An endpoint agent, &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt;, is then deployed to the fleet of devices, where it enforces those central policies transparently.&lt;/p&gt;

&lt;h2&gt;
  
  
  How Endpoint AI Governance Works
&lt;/h2&gt;

&lt;p&gt;Implementing AI governance at the device level involves a few key components working in concert. The process is designed to be largely invisible to the end-user while providing comprehensive control for security administrators.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Endpoint Agent
&lt;/h3&gt;

&lt;p&gt;The foundation of this model is a lightweight agent that runs natively on macOS, Windows, and Linux. This agent is installed on every company-managed machine, typically as part of a standard device build. Its primary job is to monitor for and intercept traffic directed at known AI services and models. The &lt;a href="https://docs.getbifrost.ai/edge/how-it-works" rel="noopener noreferrer"&gt;Bifrost Edge agent&lt;/a&gt;, for example, detects traffic from a wide range of &lt;a href="https://docs.getbifrost.ai/edge/supported-applications" rel="noopener noreferrer"&gt;supported applications&lt;/a&gt;, including desktop clients, browser-based AI, and developer-focused coding agents.&lt;/p&gt;

&lt;h3&gt;
  
  
  Centralized Policy Engine
&lt;/h3&gt;

&lt;p&gt;The endpoint agent does not make policy decisions on its own. It connects to a central AI gateway, which acts as the policy engine. Administrators use the gateway's interface to configure all governance rules:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Virtual Keys:&lt;/strong&gt; Access is managed through &lt;a href="https://docs.getbifrost.ai/features/governance/virtual-keys" rel="noopener noreferrer"&gt;virtual keys&lt;/a&gt;, which associate usage with specific users, teams, or projects.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Access Control:&lt;/strong&gt; Administrators can create allow and deny lists for specific AI applications or the powerful external tools they connect to via the Model Context Protocol (MCP). Bifrost provides dedicated controls for both &lt;a href="https://docs.getbifrost.ai/edge/app-governance" rel="noopener noreferrer"&gt;app governance&lt;/a&gt; and &lt;a href="https://docs.getbifrost.ai/edge/mcp-governance" rel="noopener noreferrer"&gt;MCP governance&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Guardrails:&lt;/strong&gt; Data loss prevention is handled by &lt;a href="https://docs.getbifrost.ai/enterprise/guardrails" rel="noopener noreferrer"&gt;guardrails&lt;/a&gt; that can detect and redact secrets, PII, or other sensitive patterns before a prompt leaves the device.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Budgets and Rate Limits:&lt;/strong&gt; Cost controls and usage limits are defined centrally and enforced for every request, regardless of its origin.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fz5usduyly2fux41znbwq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fz5usduyly2fux41znbwq.png" alt="A stylized illustration of a laptop with multiple application icons floating around it. A single agent icon sits on the " width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Transparent Traffic Routing
&lt;/h3&gt;

&lt;p&gt;Once a policy is synced from the gateway, the agent begins enforcing it. When a user attempts to use an AI tool, the agent intercepts the outbound request. If the application and the request content comply with policy, the agent securely routes the traffic through the organization's central AI gateway. If the application is denied or the prompt violates a guardrail, the request is blocked on the device before any data is transmitted. This entire process happens transparently, requiring no changes to the user's workflow or applications.&lt;/p&gt;

&lt;h2&gt;
  
  
  Key Security Benefits of Endpoint Enforcement
&lt;/h2&gt;

&lt;p&gt;Adopting a device-level enforcement strategy provides immediate and tangible security benefits. It moves AI governance from a reactive, partial solution to a proactive, comprehensive one.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Complete Visibility:&lt;/strong&gt; The system creates a real-time inventory of all AI applications and MCP servers being used across the organization. Security teams finally have a definitive dataset to understand the company's AI footprint.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Mitigation of Shadow AI:&lt;/strong&gt; By enforcing allow/deny lists, organizations can standardize on approved AI tools and block the use of unsanctioned or high-risk applications, effectively eliminating shadow AI.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Consistent Data Protection:&lt;/strong&gt; The same &lt;a href="https://docs.getbifrost.ai/edge/security" rel="noopener noreferrer"&gt;security guardrails&lt;/a&gt; protecting production AI traffic are extended to every endpoint. This ensures that policies for redacting sensitive data are applied universally.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Comprehensive Audit Trails:&lt;/strong&gt; Every AI prompt and response from an endpoint is logged centrally. This provides the immutable audit trail required for security investigations and compliance with standards like SOC 2.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1nhuh7ltwlfclqty8kvo.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1nhuh7ltwlfclqty8kvo.png" alt="A clean, abstract representation of a security dashboard. On the left, a list of newly discovered, unknown application i" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Integration with Existing Security Infrastructure
&lt;/h2&gt;

&lt;p&gt;A critical feature of any enterprise-grade security solution is its ability to integrate with existing operational workflows. Modern endpoint AI governance platforms are designed for this. Agents like &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; are deployed and managed using standard Mobile Device Management (MDM) tools.&lt;/p&gt;

&lt;p&gt;This allows for seamless, silent rollout across an entire fleet of devices using platforms that IT and security teams already manage, such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  Jamf&lt;/li&gt;
&lt;li&gt;  Microsoft Intune&lt;/li&gt;
&lt;li&gt;  Kandji&lt;/li&gt;
&lt;li&gt;  Omnissa Workspace ONE&lt;/li&gt;
&lt;li&gt;  JumpCloud&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This &lt;a href="https://docs.getbifrost.ai/edge/deployment-mdm" rel="noopener noreferrer"&gt;MDM-native deployment&lt;/a&gt; model means that device-level AI governance becomes a scalable and manageable component of an organization's broader endpoint security strategy, not a siloed tool requiring separate processes.&lt;/p&gt;

&lt;h2&gt;
  
  
  Conclusion: Securing the Last Mile of AI
&lt;/h2&gt;

&lt;p&gt;As AI becomes more integrated into daily workflows through a diverse set of endpoint tools, securing only the infrastructure layer is no longer sufficient. Device-level AI policy enforcement closes the "last mile" security gap, bringing the ungoverned world of shadow AI under centralized control. By combining a powerful AI gateway as a policy engine with a transparent endpoint agent, security teams can gain full visibility, enforce consistent data protection, and ensure compliance across every application on every device.&lt;/p&gt;

&lt;p&gt;Security teams evaluating solutions in this space can &lt;a href="https://getmaxim.ai/bifrost/book-a-demo" rel="noopener noreferrer"&gt;request a Bifrost demo&lt;/a&gt; to see its endpoint governance capabilities or review the &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source repository&lt;/a&gt; to understand the underlying gateway technology.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>governance</category>
      <category>devops</category>
    </item>
    <item>
      <title>Why Network-Level AI Filtering Is Not Real AI Control</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:02:49 +0000</pubDate>
      <link>https://dev.to/james_whitfield/why-network-level-ai-filtering-is-not-real-ai-control-20ch</link>
      <guid>https://dev.to/james_whitfield/why-network-level-ai-filtering-is-not-real-ai-control-20ch</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbi72w4mfylxwumd4h1o2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbi72w4mfylxwumd4h1o2.png" alt="Why Network-Level AI Filtering Is Not Real AI Control" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Many organizations attempt to govern AI usage with network-level filtering, but modern encryption and AI-specific protocols render this approach ineffective. A dedicated AI gateway like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; combined with endpoint visibility provides the deep control required for genuine security and governance.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;As organizations grapple with the rapid adoption of AI tools, a common first instinct is to control their use at the network perimeter. The thinking is straightforward: if all traffic passes through a central firewall or proxy, it should be possible to inspect that traffic, identify requests to AI services, and block them. However, this approach, which relies on traditional network-level filtering, consistently falls short of providing meaningful AI control. Modern application protocols and the specific nature of AI traffic make it nearly impossible for network devices to see, understand, or act on AI requests with any reliability.&lt;/p&gt;

&lt;p&gt;This analysis examines the technical limitations of network-level AI filtering and contrasts it with a purpose-built approach. Solutions like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, an &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt;, combined with endpoint agents, offer a more robust method for governing AI by operating at the correct layer of the technology stack.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Limits of Network-Level Inspection
&lt;/h2&gt;

&lt;p&gt;Network security appliances like firewalls and secure web gateways have historically relied on techniques such as deep packet inspection (DPI) to analyze and filter traffic. These tools inspect the content of network packets to identify signatures, keywords, or destinations associated with prohibited applications. While effective for simpler protocols of the past, this method is fundamentally breaking down against modern, encrypted web traffic.&lt;/p&gt;

&lt;h3&gt;
  
  
  Challenge 1: Pervasive Encryption (TLS 1.3)
&lt;/h3&gt;

&lt;p&gt;The vast majority of web traffic, including virtually all API calls to AI providers like OpenAI and Anthropic, is encrypted with Transport Layer Security (TLS). The current standard, TLS 1.3, significantly enhances privacy and security by encrypting more of the handshake process than its predecessors.&lt;/p&gt;

&lt;p&gt;A key change in TLS 1.3 is the encryption of the server certificate, which means that even the Server Name Indication (SNI) extension, previously a reliable indicator of the destination hostname, can be hidden through Encrypted Client Hello (ECH). As ECH adoption grows, network devices lose the ability to reliably determine which service a user is connecting to without decrypting the traffic.&lt;/p&gt;

&lt;p&gt;Decrypting TLS traffic, often called "TLS inspection" or "man-in-the-middle" interception, is a resource-intensive process with significant drawbacks:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Performance Degradation:&lt;/strong&gt; Decrypting and re-encrypting every connection adds substantial latency and requires powerful, expensive hardware.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Security Risks:&lt;/strong&gt; It weakens end-to-end security by creating a central point of failure and can break applications that use certificate pinning for security.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Maintenance Overhead:&lt;/strong&gt; Managing the trusted certificates required for interception across an entire organization is a complex operational burden.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Without full TLS decryption, a network filter is mostly blind. It can see an encrypted connection to an IP address owned by a major cloud provider like AWS or Google Cloud, but it cannot know if that connection is for an AI service or any of the thousands of other services hosted on that same infrastructure.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fk2qckxws04twe7mwlafm.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fk2qckxws04twe7mwlafm.png" alt="A magnifying glass attempting to inspect a solid, unbreakable data pipeline labeled 'TLS 1.3 &amp;amp; QUIC', showing the imposs" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Challenge 2: The Rise of HTTP/3 and QUIC
&lt;/h3&gt;

&lt;p&gt;The web is also shifting from TCP to the QUIC protocol, which underpins HTTP/3. Unlike TCP, which can be inspected at the transport layer, QUIC is encrypted by default. Its headers, which contain critical session information, are part of the encrypted payload. This design choice was made explicitly to prevent network middleboxes from interfering with the protocol's evolution and to enhance user privacy.&lt;/p&gt;

&lt;p&gt;As a result, network appliances that rely on analyzing TCP headers are completely unable to interpret QUIC traffic. They cannot distinguish between different streams within a connection or identify the application-layer protocol being used. For a network filter, a QUIC connection is an opaque, encrypted UDP stream. According to Google, over 60% of their client traffic is already over QUIC, and its adoption is accelerating across the web. This shift renders signature-based network filtering increasingly obsolete.&lt;/p&gt;

&lt;h3&gt;
  
  
  Challenge 3: Lack of AI-Specific Context
&lt;/h3&gt;

&lt;p&gt;Even if a network device could decrypt and inspect the traffic, it lacks the context to make intelligent governance decisions. An AI gateway operates at the application layer and understands the structure of an AI request. A network firewall does not.&lt;/p&gt;

&lt;p&gt;Consider these critical governance questions that are impossible to answer at the network level:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Model Usage:&lt;/strong&gt; Is this request for &lt;code&gt;gpt-4o&lt;/code&gt; or a much cheaper, less capable model?&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Prompt Content:&lt;/strong&gt; Does the prompt contain personally identifiable information (PII), credentials, or intellectual property?&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Budget Control:&lt;/strong&gt; Has this specific user or project team exceeded its allocated budget for the month?&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Tool Usage:&lt;/strong&gt; Is the AI agent attempting to use a high-risk external tool via Model Context Protocol (MCP)?&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Failover Logic:&lt;/strong&gt; If a request to Anthropic's Claude 3.5 Sonnet fails, should it be retried on Google's Gemini 1.5 Pro?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;A network filter sees a stream of text going to an endpoint. It cannot parse the JSON payload to identify the model, analyze the prompt for sensitive data with &lt;a href="https://docs.getbifrost.ai/enterprise/guardrails" rel="noopener noreferrer"&gt;guardrails&lt;/a&gt;, or associate the request with a specific &lt;a href="https://docs.getbifrost.ai/features/governance/virtual-keys" rel="noopener noreferrer"&gt;virtual key&lt;/a&gt; to enforce a budget. This lack of context makes granular control impossible.&lt;/p&gt;

&lt;h2&gt;
  
  
  A Better Approach: AI-Native Governance
&lt;/h2&gt;

&lt;p&gt;Effective AI governance requires moving control from the network perimeter to a dedicated layer that understands AI traffic. This is the role of an AI gateway like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, which acts as a central control plane for all AI requests.&lt;/p&gt;

&lt;p&gt;An AI gateway is a specialized service that sits between applications and AI providers. Because it operates at the application layer, it can terminate the TLS connection cleanly and analyze the full request payload. This enables a level of control that network filtering cannot achieve.&lt;/p&gt;

&lt;h3&gt;
  
  
  Key Capabilities of an AI Gateway
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Granular Routing:&lt;/strong&gt; Direct requests to specific models or providers based on payload content, user identity, or other metadata using advanced &lt;a href="https://docs.getbifrost.ai/providers/routing-rules" rel="noopener noreferrer"&gt;routing rules&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Budget and Rate Limit Enforcement:&lt;/strong&gt; Apply fine-grained &lt;a href="https://docs.getbifrost.ai/features/governance/budget-and-limits" rel="noopener noreferrer"&gt;budgets and rate limits&lt;/a&gt; to users, teams, or projects.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Content Guardrails:&lt;/strong&gt; Inspect prompts and responses for sensitive data, secrets, or policy violations before they reach the model or the user.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Automatic Failover:&lt;/strong&gt; Ensure application reliability by automatically rerouting requests when a primary provider experiences an outage or performance degradation.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Unified Observability:&lt;/strong&gt; Maintain detailed &lt;a href="https://docs.getbifrost.ai/enterprise/audit-logs" rel="noopener noreferrer"&gt;audit logs&lt;/a&gt; of every request, including prompt content, model used, cost, and latency, for compliance and analysis.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Semantic Caching:&lt;/strong&gt; Reduce costs and improve latency by caching responses to semantically similar queries, a concept completely foreign to network-level tools.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Feyjv85loyi3trbtyrf9j.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Feyjv85loyi3trbtyrf9j.png" alt="A smart, multi-lane highway interchange for data packets, with signs directing traffic based on content ('Model A', 'Pro" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Closing the Loop with Endpoint Control
&lt;/h3&gt;

&lt;p&gt;An AI gateway governs traffic that is configured to pass through it. However, a significant amount of AI usage happens directly on employee machines through desktop apps like Claude Desktop, browser-based tools like ChatGPT, and coding agents in the terminal. This "shadow AI" bypasses any central gateway.&lt;/p&gt;

&lt;p&gt;This is where an endpoint agent like &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt; becomes essential. Edge is a lightweight agent deployed on employee machines that automatically routes all AI traffic through the organization's central &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt;. This combined approach ensures that the same governance, security, and observability policies apply everywhere, whether the AI request originates from a production server or a developer's laptop.&lt;/p&gt;

&lt;p&gt;With &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt;, organizations can discover which AI apps and MCP servers are in use across the fleet, and enforce centralized allow/deny policies on the device itself. This extends the gateway's control to the last mile, providing comprehensive visibility and enforcement that network-level filtering cannot match.&lt;/p&gt;

&lt;h2&gt;
  
  
  Conclusion: Use the Right Tool for the Job
&lt;/h2&gt;

&lt;p&gt;Attempting to control modern AI applications with traditional network filters is an exercise in futility. The convergence of strong encryption, modern protocols like QUIC, and the need for application-specific context renders network-level inspection ineffective. It provides a false sense of security while failing to address the real risks of ungoverned AI usage.&lt;/p&gt;

&lt;p&gt;A purpose-built AI gateway offers a superior solution by operating at the correct layer of abstraction. It understands the nuances of AI requests and provides the granular control over routing, security, and costs that organizations require. When combined with an endpoint agent to govern shadow AI, this approach delivers a complete, reliable, and future-proof platform for AI governance. Teams evaluating AI control solutions can &lt;a href="https://getmaxim.ai/bifrost/book-a-demo" rel="noopener noreferrer"&gt;request a Bifrost demo&lt;/a&gt; or explore the &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source repository&lt;/a&gt; to learn more.&lt;/p&gt;

&lt;h2&gt;
  
  
  Sources
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;a href="https://blog.cloudflare.com/announcing-encrypted-client-hello" rel="noopener noreferrer"&gt;How Encrypted Client Hello (ECH) Works&lt;/a&gt; - Cloudflare&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.rfc-editor.org/rfc/rfc9000.html" rel="noopener noreferrer"&gt;QUIC Protocol Specification (RFC 9000)&lt;/a&gt; - Internet Engineering Task Force (IETF)&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://blog.chromium.org/2020/10/chrome-is-deploying-http3-and-ietf-quic.html" rel="noopener noreferrer"&gt;Google's Adoption of QUIC&lt;/a&gt; - The Chromium Projects&lt;/li&gt;
&lt;li&gt;  &lt;a href="https://www.ssl.com/article/tls-1-3-is-here-to-stay/" rel="noopener noreferrer"&gt;An Overview of TLS 1.3 and its Advantages&lt;/a&gt; - SSL.com&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aigateway</category>
      <category>security</category>
      <category>governance</category>
      <category>devops</category>
    </item>
    <item>
      <title>What Endpoint AI Governance Is and Why It Matters in 2026</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Wed, 24 Jun 2026 18:02:44 +0000</pubDate>
      <link>https://dev.to/james_whitfield/what-endpoint-ai-governance-is-and-why-it-matters-in-2026-1h5e</link>
      <guid>https://dev.to/james_whitfield/what-endpoint-ai-governance-is-and-why-it-matters-in-2026-1h5e</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fc02h18oyuzob0ru3qzey.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fc02h18oyuzob0ru3qzey.png" alt="What Endpoint AI Governance Is and Why It Matters in 2026" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Endpoint AI governance is the practice of monitoring and controlling the AI tools employees use directly on their devices. With the rise of "shadow AI," where unapproved tools access sensitive data, governing the endpoint has become a critical security and compliance function for enterprises in 2026.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;The use of AI in the enterprise is no longer centralized. Employees across every department use a mix of sanctioned and unsanctioned AI tools on their company laptops to analyze data, write code, and draft documents. While these tools increase productivity, they also create a significant blind spot for security and compliance teams known as "shadow AI." This is the use of AI systems outside of established organizational controls, and it’s why endpoint AI governance has shifted from a niche concept to an operational necessity.&lt;/p&gt;

&lt;p&gt;Recent industry data highlights the scale of the problem. According to one 2026 report, 91% of AI tools used in enterprises are unmanaged by IT. Another notes that 80% of organizations report moderate to pervasive shadow AI use. This ungoverned activity creates substantial risk, including data leakage, compliance violations, and intellectual property loss. Endpoint AI governance addresses this risk directly by applying policy and visibility where the activity occurs: on the user's device.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Is Endpoint AI Governance?
&lt;/h2&gt;

&lt;p&gt;Endpoint AI governance is the set of policies, tools, and controls used to manage AI applications on employee devices. It brings the laptop, desktop, and mobile device into the scope of an organization's AI governance strategy, recognizing that this is where many AI interactions now happen.&lt;/p&gt;

&lt;p&gt;A complete approach covers the primary ways employees interact with AI today:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Desktop AI Apps:&lt;/strong&gt; Standalone applications like Claude Desktop or the ChatGPT app.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;AI in the Browser:&lt;/strong&gt; Web-based interfaces such as claude.ai and chatgpt.com.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Coding Agents:&lt;/strong&gt; Tools used in a developer's terminal and IDE, like Claude Code and other copilots.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Unlike traditional network-based security, which can be bypassed, endpoint governance places the control directly on the machine. This allows organizations to see and manage AI usage regardless of network location, whether an employee is in the office, at home, or connected to a public hotspot.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Rise of Shadow AI and Its Inherent Risks
&lt;/h2&gt;

&lt;p&gt;Shadow AI is the AI-era evolution of shadow IT. It describes employees using AI tools for work-related tasks without the approval or oversight of their organization. This behavior isn't malicious; it's driven by a desire for efficiency. However, it introduces significant risks:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Data Exposure:&lt;/strong&gt; Employees frequently paste sensitive information—including customer PII, financial data, and proprietary code—into public AI tools. These platforms may use inputs for model training, creating an uncontrolled data outflow that most data loss prevention (DLP) tools are not configured to catch.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Compliance Violations:&lt;/strong&gt; Industries with strict data handling regulations (like healthcare and finance) face enormous compliance risks from ungoverned AI. Using unapproved tools can violate standards like GDPR, HIPAA, and CCPA before the organization is even aware.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Intellectual Property Loss:&lt;/strong&gt; The terms of service for many AI tools grant the provider rights over user-generated content, potentially compromising a company's ownership of its own intellectual property.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Expanded Attack Surface:&lt;/strong&gt; Unregulated AI tools can introduce new security vulnerabilities, including prompt injection attacks and malicious code generation, expanding the enterprise attack surface in ways traditional security tools don't address.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The scale of this problem is significant. A 2025 IBM report found that breaches involving shadow AI cost companies an average of $670,000 more than standard breaches. Gartner predicts that by 2030, 40% of enterprises will suffer an AI-related security breach directly caused by shadow AI.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbb6e6na2w6qxhko9t6s4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbb6e6na2w6qxhko9t6s4.png" alt="A network of glowing lines connecting a central hub, representing an AI gateway, to numerous individual laptops and desk" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  How Endpoint AI Governance Works
&lt;/h2&gt;

&lt;p&gt;Effective endpoint AI governance is not about blocking AI tools outright. Attempts to ban popular tools often fail, pushing usage further into the shadows as employees find workarounds like personal accounts and unmanaged devices. The more sustainable approach is to govern usage by routing all AI traffic—from both approved and unapproved applications—through a central control plane.&lt;/p&gt;

&lt;p&gt;This is typically achieved with a lightweight agent installed on each endpoint. The agent works transparently to:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; &lt;strong&gt;Discover and Inventory:&lt;/strong&gt; It first identifies all AI applications and services being used on the device, providing a clear picture of the organization's actual AI footprint.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Route Traffic:&lt;/strong&gt; It transparently redirects all AI-related traffic from the device to a central AI gateway. This happens in the background without requiring users to change their workflows.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Enforce Policy:&lt;/strong&gt; The AI gateway, acting as the control plane, applies the organization's policies. This can include blocking specific applications, enforcing budget and rate limits, and applying security guardrails like PII redaction or secrets detection to prompts before they reach a third-party model.&lt;/li&gt;
&lt;li&gt; &lt;strong&gt;Audit and Log:&lt;/strong&gt; All activity is logged centrally, creating an immutable audit trail for compliance and security reviews.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;This model allows employees to continue using the tools that make them productive while ensuring all interactions adhere to company policy.&lt;/p&gt;

&lt;h2&gt;
  
  
  Key Benefits of an Endpoint-First Approach
&lt;/h2&gt;

&lt;p&gt;Implementing a robust endpoint AI governance strategy provides several critical advantages for the modern enterprise.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;  &lt;strong&gt;Complete Visibility:&lt;/strong&gt; You cannot protect what you cannot see. Endpoint governance provides a comprehensive, real-time inventory of all AI tools in use across the organization, closing the visibility gap left by network-only solutions.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Consistent Policy Enforcement:&lt;/strong&gt; Centralized control means the same rules apply everywhere. Whether an employee is using a sanctioned enterprise tool or a free web-based app, their prompts are subject to the same guardrails and audit requirements.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Reduced Data Leakage Risk:&lt;/strong&gt; By inspecting prompts and uploads before they leave the device, endpoint solutions can detect and block sensitive data from being sent to external models, directly mitigating a primary risk of shadow AI.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Improved Compliance Posture:&lt;/strong&gt; With detailed audit logs of all AI interactions, organizations can demonstrate compliance with regulatory frameworks like the EU AI Act and standards like the &lt;a href="https://www.nist.gov/itl/ai-risk-management-framework" rel="noopener noreferrer"&gt;NIST AI Risk Management Framework&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;  &lt;strong&gt;Cost Management:&lt;/strong&gt; By routing all traffic through a central gateway, organizations can monitor usage, enforce budgets per user or team, and optimize spending across different AI models and providers. A recent Gartner survey showed that less than half of organizations actively manage their AI-related costs.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffzgvr5qft3lnxd8bme9m.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffzgvr5qft3lnxd8bme9m.png" alt="Three interlocking gears, each with an icon at its center. The first gear has a security shield icon, the second has a c" width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The AI Gateway and Endpoint Agent Model
&lt;/h2&gt;

&lt;p&gt;The most effective architecture for endpoint AI governance combines a powerful AI gateway as the central control plane with an endpoint agent that extends its reach to every device. This is the model used by solutions like &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt;, an &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;open-source AI gateway&lt;/a&gt; from Maxim AI.&lt;/p&gt;

&lt;p&gt;The &lt;a href="https://www.getmaxim.ai/bifrost" rel="noopener noreferrer"&gt;Bifrost AI gateway&lt;/a&gt; serves as the policy engine where administrators configure virtual keys, budgets, security guardrails, and audit logging. &lt;a href="https://www.getmaxim.ai/bifrost/edge" rel="noopener noreferrer"&gt;Bifrost Edge&lt;/a&gt;, its corresponding endpoint agent, is deployed to company devices via MDM. Edge ensures that all AI traffic from desktop apps, browsers, and coding agents routes through the gateway, inheriting its security and governance policies automatically.&lt;/p&gt;

&lt;p&gt;This combined approach allows organizations to embrace the productivity gains of AI without sacrificing control. It governs AI usage where it actually happens, providing the visibility and enforcement needed to manage risk in an era of decentralized AI adoption.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>governance</category>
      <category>security</category>
      <category>enterprise</category>
    </item>
    <item>
      <title>Integrating LLMs into a Go service without losing your mind (or adding 550ms latency)</title>
      <dc:creator>James Whitfield</dc:creator>
      <pubDate>Tue, 07 Apr 2026 13:08:25 +0000</pubDate>
      <link>https://dev.to/james_whitfield/integrating-llms-into-a-go-service-without-losing-your-mind-or-adding-550ms-latency-2955</link>
      <guid>https://dev.to/james_whitfield/integrating-llms-into-a-go-service-without-losing-your-mind-or-adding-550ms-latency-2955</guid>
      <description>&lt;p&gt;Right, so. This is a post I wish existed six months ago when we were first wiring LLMs into our Go backend at Huma.&lt;/p&gt;

&lt;p&gt;Most of the tutorials out there for LLM integration assume you're in Python. Which is fine — a lot of ML infrastructure is Python, and libraries like LangChain, LiteLLM, and friends are well-documented. But if you're running a Go service stack and you want to add LLM calls without bolting on a whole Python sidecar, the path is less obvious.&lt;/p&gt;

&lt;p&gt;Here's what we actually learned, including where we went wrong.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem we were solving
&lt;/h2&gt;

&lt;p&gt;We build remote patient monitoring software. Clinicians use dashboards to track patients with chronic conditions — vitals, medication adherence, care notes. We added an LLM-powered summarization layer: given a week's worth of patient data, produce a brief natural-language summary for the clinician at the start of a shift.&lt;/p&gt;

&lt;p&gt;Simple enough use case. The constraints were:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Go service stack (everything is Go at Huma, has been for years)&lt;/li&gt;
&lt;li&gt;Latency-sensitive — this is in a hot path used during ward rounds, so we had a soft target of sub-1s end-to-end&lt;/li&gt;
&lt;li&gt;HIPAA-relevant, so we needed to be clear about data routing&lt;/li&gt;
&lt;li&gt;Needed provider failover — if OpenAI has an outage during peak hours, we can't just have it be broken&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Attempt 1: Python sidecar
&lt;/h2&gt;

&lt;p&gt;The first thing we did was the obvious thing: stood up a small FastAPI service in a sidecar container running LiteLLM. Our Go services would call the sidecar over HTTP, sidecar would call the provider.&lt;/p&gt;

&lt;p&gt;It worked. And then we measured it.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;p50 latency (model only):     ~400ms
p50 latency (sidecar added):  ~950ms
p99 latency (model only):     ~800ms
p99 latency (sidecar added):  ~1,400ms
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The sidecar overhead was 500-600ms. Not at the HTTP level — at the total stack level, including the Python runtime, the LiteLLM library initialisation overhead on cold requests, and the round trip.&lt;/p&gt;

&lt;p&gt;We spent a week trying to optimise it. Got it down to about 300ms overhead. Still not good enough.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Python proxies are painful for Go services
&lt;/h2&gt;

&lt;p&gt;This isn't a Python criticism post. Python is fine for what it's for. But if you're integrating a Python proxy into a Go service, you're dealing with:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Different deployment lifecycle&lt;/strong&gt; — your Go binary is a single static artifact. Python has a requirements.txt, a virtualenv, a cold start time, and dependencies that drift. Keeping these in sync across environments is friction.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Overhead from the library layer&lt;/strong&gt; — libraries like LiteLLM do a lot. Request transformation, response normalisation, retry logic, fallback handling. That's all valuable, but it has a cost. When it runs in Python on every request path, you feel it.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Debugging across the boundary&lt;/strong&gt; — when something goes wrong, your traces span two different runtimes with different logging formats. This sounds minor and isn't.&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  What we tried instead
&lt;/h2&gt;

&lt;p&gt;I found &lt;a href="https://github.com/maximhq/bifrost" rel="noopener noreferrer"&gt;Bifrost&lt;/a&gt; — an open-source LLM gateway written in Go. Apache 2.0, runs as a proper binary. The headline claim is 11µs overhead, which I was skeptical about.&lt;/p&gt;

&lt;p&gt;It turned out to be accurate, or close enough that it doesn't matter. In practice we measured sub-1ms gateway overhead even under load. The difference from the Python sidecar was stark.&lt;/p&gt;

&lt;p&gt;To get started locally:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npx &lt;span class="nt"&gt;-y&lt;/span&gt; @maximhq/bifrost
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That spins up the gateway on &lt;code&gt;localhost:8080&lt;/code&gt;. For production we containerise it and run it as a sidecar in the same pod as our Go service — tiny image, proper Go binary, low resource footprint.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Go integration
&lt;/h2&gt;

&lt;p&gt;Bifrost exposes a standard OpenAI-compatible HTTP API, so integrating it from Go is just HTTP client work. Here's our client struct:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight go"&gt;&lt;code&gt;&lt;span class="k"&gt;package&lt;/span&gt; &lt;span class="n"&gt;llmclient&lt;/span&gt;

&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;
    &lt;span class="s"&gt;"bytes"&lt;/span&gt;
    &lt;span class="s"&gt;"context"&lt;/span&gt;
    &lt;span class="s"&gt;"encoding/json"&lt;/span&gt;
    &lt;span class="s"&gt;"fmt"&lt;/span&gt;
    &lt;span class="s"&gt;"net/http"&lt;/span&gt;
    &lt;span class="s"&gt;"time"&lt;/span&gt;
&lt;span class="p"&gt;)&lt;/span&gt;

&lt;span class="k"&gt;type&lt;/span&gt; &lt;span class="n"&gt;Client&lt;/span&gt; &lt;span class="k"&gt;struct&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="n"&gt;baseURL&lt;/span&gt;    &lt;span class="kt"&gt;string&lt;/span&gt;
    &lt;span class="n"&gt;apiKey&lt;/span&gt;     &lt;span class="kt"&gt;string&lt;/span&gt;
    &lt;span class="n"&gt;httpClient&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt;&lt;span class="n"&gt;http&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Client&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="k"&gt;func&lt;/span&gt; &lt;span class="n"&gt;New&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;baseURL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;apiKey&lt;/span&gt; &lt;span class="kt"&gt;string&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt;&lt;span class="n"&gt;Client&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&lt;/span&gt;&lt;span class="n"&gt;Client&lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="n"&gt;baseURL&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;baseURL&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="n"&gt;apiKey&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;  &lt;span class="n"&gt;apiKey&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="n"&gt;httpClient&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&lt;/span&gt;&lt;span class="n"&gt;http&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Client&lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;
            &lt;span class="n"&gt;Timeout&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="m"&gt;30&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt; &lt;span class="n"&gt;time&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Second&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="p"&gt;},&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="k"&gt;type&lt;/span&gt; &lt;span class="n"&gt;Message&lt;/span&gt; &lt;span class="k"&gt;struct&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="n"&gt;Role&lt;/span&gt;    &lt;span class="kt"&gt;string&lt;/span&gt; &lt;span class="s"&gt;`json:"role"`&lt;/span&gt;
    &lt;span class="n"&gt;Content&lt;/span&gt; &lt;span class="kt"&gt;string&lt;/span&gt; &lt;span class="s"&gt;`json:"content"`&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="k"&gt;type&lt;/span&gt; &lt;span class="n"&gt;CompletionRequest&lt;/span&gt; &lt;span class="k"&gt;struct&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="n"&gt;Model&lt;/span&gt;       &lt;span class="kt"&gt;string&lt;/span&gt;    &lt;span class="s"&gt;`json:"model"`&lt;/span&gt;
    &lt;span class="n"&gt;Messages&lt;/span&gt;    &lt;span class="p"&gt;[]&lt;/span&gt;&lt;span class="n"&gt;Message&lt;/span&gt; &lt;span class="s"&gt;`json:"messages"`&lt;/span&gt;
    &lt;span class="n"&gt;Temperature&lt;/span&gt; &lt;span class="kt"&gt;float32&lt;/span&gt;   &lt;span class="s"&gt;`json:"temperature,omitempty"`&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="k"&gt;type&lt;/span&gt; &lt;span class="n"&gt;CompletionResponse&lt;/span&gt; &lt;span class="k"&gt;struct&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="n"&gt;ID&lt;/span&gt;      &lt;span class="kt"&gt;string&lt;/span&gt; &lt;span class="s"&gt;`json:"id"`&lt;/span&gt;
    &lt;span class="n"&gt;Choices&lt;/span&gt; &lt;span class="p"&gt;[]&lt;/span&gt;&lt;span class="k"&gt;struct&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="n"&gt;Message&lt;/span&gt;      &lt;span class="n"&gt;Message&lt;/span&gt; &lt;span class="s"&gt;`json:"message"`&lt;/span&gt;
        &lt;span class="n"&gt;FinishReason&lt;/span&gt; &lt;span class="kt"&gt;string&lt;/span&gt;  &lt;span class="s"&gt;`json:"finish_reason"`&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="s"&gt;`json:"choices"`&lt;/span&gt;
    &lt;span class="n"&gt;Usage&lt;/span&gt; &lt;span class="k"&gt;struct&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="n"&gt;PromptTokens&lt;/span&gt;     &lt;span class="kt"&gt;int&lt;/span&gt; &lt;span class="s"&gt;`json:"prompt_tokens"`&lt;/span&gt;
        &lt;span class="n"&gt;CompletionTokens&lt;/span&gt; &lt;span class="kt"&gt;int&lt;/span&gt; &lt;span class="s"&gt;`json:"completion_tokens"`&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="s"&gt;`json:"usage"`&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="k"&gt;func&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;c&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt;&lt;span class="n"&gt;Client&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="n"&gt;Complete&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;ctx&lt;/span&gt; &lt;span class="n"&gt;context&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Context&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;model&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;userPrompt&lt;/span&gt; &lt;span class="kt"&gt;string&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;*&lt;/span&gt;&lt;span class="n"&gt;CompletionResponse&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="kt"&gt;error&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="n"&gt;reqBody&lt;/span&gt; &lt;span class="o"&gt;:=&lt;/span&gt; &lt;span class="n"&gt;CompletionRequest&lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="n"&gt;Model&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;model&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="n"&gt;Messages&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[]&lt;/span&gt;&lt;span class="n"&gt;Message&lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;
            &lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="n"&gt;Role&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s"&gt;"user"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;Content&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;userPrompt&lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;
        &lt;span class="p"&gt;},&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;

    &lt;span class="n"&gt;body&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;:=&lt;/span&gt; &lt;span class="n"&gt;json&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Marshal&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;reqBody&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;!=&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;fmt&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Errorf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;"marshalling request: %w"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;

    &lt;span class="n"&gt;req&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;:=&lt;/span&gt; &lt;span class="n"&gt;http&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;NewRequestWithContext&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;
        &lt;span class="n"&gt;ctx&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="n"&gt;http&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;MethodPost&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="n"&gt;c&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;baseURL&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="s"&gt;"/v1/chat/completions"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
        &lt;span class="n"&gt;bytes&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;NewReader&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;body&lt;/span&gt;&lt;span class="p"&gt;),&lt;/span&gt;
    &lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;!=&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;fmt&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Errorf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;"creating http request: %w"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;

    &lt;span class="n"&gt;req&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Header&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Set&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;"Content-Type"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s"&gt;"application/json"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="n"&gt;req&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Header&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Set&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;"Authorization"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s"&gt;"Bearer "&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="n"&gt;c&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;apiKey&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;

    &lt;span class="n"&gt;resp&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;:=&lt;/span&gt; &lt;span class="n"&gt;c&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;httpClient&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Do&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;req&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;!=&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;fmt&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Errorf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;"sending request: %w"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;
    &lt;span class="k"&gt;defer&lt;/span&gt; &lt;span class="n"&gt;resp&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Body&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Close&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;

    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;resp&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;StatusCode&lt;/span&gt; &lt;span class="o"&gt;!=&lt;/span&gt; &lt;span class="n"&gt;http&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;StatusOK&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;fmt&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Errorf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;"upstream returned status %d"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;resp&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;StatusCode&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;

    &lt;span class="k"&gt;var&lt;/span&gt; &lt;span class="n"&gt;result&lt;/span&gt; &lt;span class="n"&gt;CompletionResponse&lt;/span&gt;
    &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;:=&lt;/span&gt; &lt;span class="n"&gt;json&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;NewDecoder&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;resp&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Body&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Decode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;&amp;amp;&lt;/span&gt;&lt;span class="n"&gt;result&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt; &lt;span class="o"&gt;!=&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
        &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;fmt&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Errorf&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;"decoding response: %w"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;err&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="p"&gt;}&lt;/span&gt;

    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="o"&gt;&amp;amp;&lt;/span&gt;&lt;span class="n"&gt;result&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Nothing exotic. It's just Go HTTP. The gateway handles all the provider-specific bits.&lt;/p&gt;

&lt;h2&gt;
  
  
  Handling provider failover
&lt;/h2&gt;

&lt;p&gt;The piece that mattered most for our use case was failover. Bifrost handles this through its routing config — you set up primary and fallback providers, and it handles the retry and fallback logic transparently. From our Go service's perspective, it's still just one HTTP call.&lt;/p&gt;

&lt;p&gt;Here's a simplified version of how we define the fallback in the Bifrost config:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight yaml"&gt;&lt;code&gt;&lt;span class="na"&gt;providers&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;name&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;openai&lt;/span&gt;
    &lt;span class="na"&gt;api_key&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;${OPENAI_API_KEY}&lt;/span&gt;
    &lt;span class="na"&gt;weight&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="m"&gt;100&lt;/span&gt;
  &lt;span class="pi"&gt;-&lt;/span&gt; &lt;span class="na"&gt;name&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;anthropic&lt;/span&gt;
    &lt;span class="na"&gt;api_key&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;${ANTHROPIC_API_KEY}&lt;/span&gt;
    &lt;span class="na"&gt;weight&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="m"&gt;0&lt;/span&gt;  &lt;span class="c1"&gt;# fallback only&lt;/span&gt;

&lt;span class="na"&gt;routing&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt;
  &lt;span class="na"&gt;strategy&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="s"&gt;failover&lt;/span&gt;
  &lt;span class="na"&gt;fallback_on&lt;/span&gt;&lt;span class="pi"&gt;:&lt;/span&gt; &lt;span class="pi"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;5xx&lt;/span&gt;&lt;span class="pi"&gt;,&lt;/span&gt; &lt;span class="nv"&gt;timeout&lt;/span&gt;&lt;span class="pi"&gt;]&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;When OpenAI returns a 5xx or times out, requests automatically fall over to Anthropic. The clinician's dashboard keeps working. Nobody gets paged.&lt;/p&gt;

&lt;p&gt;For HIPAA purposes, we audited the data routing — Bifrost passes requests through to the configured provider, it doesn't store or log the content by default. We added our own audit logging at the Go service layer before the request goes out.&lt;/p&gt;

&lt;h2&gt;
  
  
  The latency after switching
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;p50 latency (gateway overhead):  &amp;lt;1ms
p50 latency (total, model + gw): ~420ms
p99 latency (total):              ~870ms
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Down from 1,400ms p99 to ~870ms. Most of what's left is the model.&lt;/p&gt;

&lt;p&gt;That difference is real in the context we're in. Clinicians using a tool during ward rounds notice 1.4 seconds. They don't notice 870ms.&lt;/p&gt;

&lt;h2&gt;
  
  
  What I'd do differently from the start
&lt;/h2&gt;

&lt;p&gt;If I were starting this integration again:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Don't reach for a Python sidecar reflexively.&lt;/strong&gt; If your stack is Go, there are Go-native options now.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Measure the proxy overhead early, not after you've invested.&lt;/strong&gt; We assumed sidecar overhead would be negligible. It wasn't.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Design failover in from the start.&lt;/strong&gt; Bolting it on later meant a sprint of refactoring. The gateway approach made this much simpler.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Keep the LLM client behind an interface.&lt;/strong&gt; We have a &lt;code&gt;Summarizer&lt;/code&gt; interface in our domain layer that the LLM client implements. That means we can swap implementations in tests without touching anything else.
&lt;/li&gt;
&lt;/ol&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight go"&gt;&lt;code&gt;&lt;span class="k"&gt;type&lt;/span&gt; &lt;span class="n"&gt;Summarizer&lt;/span&gt; &lt;span class="k"&gt;interface&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="n"&gt;Summarize&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;ctx&lt;/span&gt; &lt;span class="n"&gt;context&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Context&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;patientData&lt;/span&gt; &lt;span class="n"&gt;PatientWeeklySummary&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="kt"&gt;string&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="kt"&gt;error&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="c"&gt;// In tests:&lt;/span&gt;
&lt;span class="k"&gt;type&lt;/span&gt; &lt;span class="n"&gt;mockSummarizer&lt;/span&gt; &lt;span class="k"&gt;struct&lt;/span&gt;&lt;span class="p"&gt;{}&lt;/span&gt;

&lt;span class="k"&gt;func&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;m&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt;&lt;span class="n"&gt;mockSummarizer&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="n"&gt;Summarize&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;_&lt;/span&gt; &lt;span class="n"&gt;context&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;Context&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;_&lt;/span&gt; &lt;span class="n"&gt;PatientWeeklySummary&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="kt"&gt;string&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="kt"&gt;error&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="s"&gt;"Patient stable. No significant changes."&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="no"&gt;nil&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Standard Go stuff, but worth saying explicitly: don't let the LLM client leak into your domain logic.&lt;/p&gt;




&lt;p&gt;The tl;dr is: if you're building Go services and need LLMs, the Python proxy path has a real latency cost that's easy to miss until you measure it. There are proper Go-native options now. Worth knowing they exist before you commit to an architecture that'll hurt you later.&lt;/p&gt;

&lt;p&gt;Happy to share more specifics on the HIPAA logging setup or the failover config if useful — drop it in the comments.&lt;/p&gt;

</description>
      <category>go</category>
      <category>llm</category>
      <category>backend</category>
      <category>architecture</category>
    </item>
  </channel>
</rss>
