DEV Community: Lukas Brunner

How to Control Which AI Apps Are Allowed on Company Laptops

Lukas Brunner — Wed, 24 Jun 2026 18:16:58 +0000

To manage the risks of shadow AI, IT and security teams are turning to endpoint governance solutions. A combination of a central AI gateway like Bifrost and an endpoint agent like Bifrost Edge gives organizations visibility and control over the specific AI applications employees can use on company-issued devices.

The adoption of AI tools in the workplace has moved from a niche experiment to a daily reality. Employees are using AI to draft emails, summarize documents, and write code, often reaching for the most convenient tool for the job, regardless of official approval. This unsanctioned use of AI applications is known as "shadow AI," and it creates significant blind spots for security and compliance teams. When employees use unvetted tools, they can inadvertently expose sensitive corporate data, violate compliance regulations like GDPR, and introduce unreliable or biased outputs into business workflows.

Simply banning all AI is not a viable option, as it stifles the productivity gains these tools provide. A more effective approach is to govern AI usage directly on the endpoint: the company-issued laptops where this activity happens. This involves discovering which applications are being used, setting clear policies on which are permitted, and enforcing those rules on every machine. Modern AI governance platforms accomplish this with a two-part architecture: a central gateway for policy management and a lightweight endpoint agent for enforcement.

The Challenge: You Can't Govern AI You Can't See

Before any policy can be enforced, you need to know what to enforce it on. The first step in controlling AI applications is gaining visibility. Most organizations have no real-time inventory of the AI desktop apps, browser-based tools, and coding agents running on their fleet. Employees are often three times more likely to be using generative AI than company leaders realize.

An endpoint governance agent solves this visibility problem. It runs on each employee's machine (macOS, Windows, and Linux) and inventories the AI applications and services in use. This data is sent back to a central dashboard, giving administrators a live, fleet-wide catalog of every AI tool being used, by whom, and how often. This turns guesswork into a concrete dataset, forming the foundation for an effective governance strategy.

Step 1: Discover and Inventory Every AI Application

The process begins with deploying a lightweight agent to every company laptop. This is typically handled silently through existing Mobile Device Management (MDM) solutions like Jamf, Microsoft Intune, or Kandji, requiring no action from the end-user.

Once installed, the agent identifies AI-related traffic and application usage on the device. It covers the primary ways employees use AI today:

Desktop AI Apps: Standalone applications like Claude Desktop or the ChatGPT app.
AI in the Browser: Web-based services such as chatgpt.com or claude.ai.
Coding Agents: Tools used by developers in the terminal and IDE.

This discovery process is continuous. When a new AI application appears on any device in the fleet, it's automatically added to the central inventory for review.

Step 2: Set Centralized Allow/Deny Policies

With a complete inventory, administrators can move from visibility to control. In a central management console, such as the one provided by the Bifrost AI gateway, every discovered application can be reviewed and assigned a policy.

The workflow is straightforward:

Review Discovered Apps: The dashboard shows a list of all AI tools found across the fleet, such as "ChatGPT (Desktop)" or "Claude Code."
Approve or Deny: For each application, an administrator can set its status to "Approved" or "Denied."
Deploy Policy: The decision is saved as a central policy.

This approval workflow allows for a granular approach. Instead of a blanket ban, teams can sanction the use of specific, vetted applications that meet their security and compliance standards while blocking those that do not. For an added layer of control, policies can also be applied to the MCP servers that agentic AI tools connect to, preventing them from executing unapproved actions like arbitrary code execution or file system access.

Step 3: Enforce the Policy on Every Laptop

Once a policy is set in the central gateway, the endpoint agent on each laptop enforces it. The agent, like Bifrost Edge, transparently routes all AI traffic from the laptop through the central AI gateway. This ensures that every request is checked against the organization's policies before it proceeds.

The experience is designed to be seamless for the end-user:

Approved Apps Work Normally: When a user opens an approved application, it functions without any change in their workflow. The governance happens invisibly in the background.
Denied Apps Are Blocked: If a user tries to launch or use a denied application, the agent blocks the request. The user receives a clear notification on their device explaining that the application is not permitted by company policy.

This model allows organizations to enable productive AI use while maintaining control. It also ensures that all usage of approved tools is routed through the gateway, where other governance controls—such as budget limits, rate limits, and guardrails to prevent data leaks—are applied. The result is a secure and compliant AI ecosystem that doesn't hinder innovation.

Conclusion: From Shadow AI to Governed AI

Controlling which AI applications can run on company laptops is a critical step in managing the risks of shadow AI. By pairing a central policy engine with an endpoint enforcement agent, organizations can move from a state of zero visibility to one of complete control. This approach allows security teams to discover every AI tool in use, create clear allow/deny policies, and enforce them on every device in the fleet. It transforms AI from a source of unmanaged risk into a governed, secure, and productive tool for the entire organization.

Sources

How IT Can Enforce an Approved AI Tools List Across Every Machine

Lukas Brunner — Wed, 24 Jun 2026 18:15:14 +0000

This guide examines how to enforce an approved AI tools list on every corporate device to mitigate shadow AI risks, comparing endpoint agents with traditional network-level controls. For comprehensive enforcement, an AI gateway like Bifrost combined with an endpoint agent provides the most effective solution.

The rapid adoption of AI tools presents a significant challenge for IT and security teams. When employees install unapproved AI desktop applications, use personal accounts for web-based AI, or connect local coding agents to external services, they create a phenomenon known as "shadow AI." A 2023 report by Cisco noted that while 80% of IT professionals see generative AI as having a positive impact, it also introduces serious new security risks. This ungoverned usage can lead to data leaks, compliance violations, and increased security vulnerabilities, as sensitive company data is processed by services outside of corporate oversight.

Many organizations attempt to control this by publishing an approved-tools list, but a list is not a technical control. To enforce such a policy across a fleet of devices, teams need a mechanism that can identify, monitor, and block unapproved AI traffic at the source. While network-level tools like firewalls and proxies offer some control, a more robust solution involves endpoint governance that works in tandem with a central control plane. One such solution is combining an AI gateway, like the open-source Bifrost AI gateway from Maxim AI, with an endpoint agent.

The Limits of Network-Level AI Controls

Traditionally, IT teams have relied on network-level tools to enforce application usage policies. These include firewalls, secure web gateways (SWGs), and Cloud Access Security Brokers (CASBs). While effective for blocking access to known domains, these tools have significant limitations when it comes to the dynamic and fragmented nature of AI services.

Common challenges include:

Encrypted Traffic: Modern applications use TLS encryption, which can make it difficult for network appliances to inspect traffic and identify the specific application or service being used without performing TLS decryption, which can be complex and resource-intensive.
Desktop Applications: Native desktop clients for services like Claude or ChatGPT may use different endpoints or protocols than their web counterparts, bypassing simple domain-based blocking rules.
Dynamic Endpoints: AI services often rely on a wide and changing range of API endpoints and content delivery networks (CDNs), making blocklists difficult to maintain.
Lack of Granularity: Network tools can typically only allow or deny access to an entire service. They cannot enforce context-aware policies, such as allowing access for one department while blocking it for another, or applying specific data loss prevention (DLP) rules to AI-generated content.

These limitations mean that a purely network-based approach often fails to provide the comprehensive visibility and control needed to manage shadow AI effectively.

Endpoint Governance: Visibility and Control at the Source

An endpoint-first approach moves the enforcement point from the network perimeter to the individual device. This model provides a much more effective way to govern the specific applications and services employees use, regardless of their location or network connection.

An endpoint agent can monitor application activity directly on a user's machine, identifying AI tools as they are installed and used. This allows for real-time visibility and policy enforcement. For example, an organization can create a policy that allows the use of approved tools like ChatGPT Enterprise while blocking the consumer version.

This is the approach taken by Bifrost Edge, which acts as an endpoint agent that extends the policies of a central AI gateway to each machine. It transparently routes all detected AI traffic through the organization's Bifrost gateway.

How Endpoint Enforcement Works

When an endpoint agent is deployed across a fleet of devices, it provides IT and security teams with a centralized inventory of all AI tools in use.

Discovery and Inventory: The agent scans the device for installed AI applications and monitors for new ones. It also detects connections to web-based AI services and local MCP (Model Context Protocol) servers used by coding agents. This data is aggregated into a central dashboard, giving administrators a complete, fleet-wide view of AI tool usage.
Centralized Policy Management: From this central inventory, administrators can create an official allow/deny list. With a solution like Bifrost Edge, an administrator can approve or deny any discovered application or MCP server. This decision is then automatically synced to every device running the agent.
On-Device Enforcement: Once a policy is in place, the agent enforces it directly on the endpoint. If a user attempts to launch or connect to a denied application, the agent blocks the connection before any data leaves the machine. For approved applications, the traffic is automatically and transparently routed through the central Bifrost AI gateway.

This model ensures that all AI traffic, even from approved applications, is subject to the organization's security and governance policies, such as those for data access control and auditing.

Combining an AI Gateway with Endpoint Agents

The most comprehensive solution combines the strengths of a central AI gateway with the visibility and control of an endpoint agent. The gateway serves as the policy engine and control plane, while the endpoint agent acts as the enforcement arm.

The Bifrost AI gateway allows teams to configure fine-grained policies for AI usage. These include:

Virtual Keys: Create unique API keys for different users, teams, or projects, each with its own budget, rate limits, and access rules.
Guardrails: Apply security policies to prompts and responses, such as detecting and redacting secrets or PII.
Audit Logs: Maintain an immutable record of all AI interactions for compliance and security reviews.
Routing and Failover: Intelligently route requests across different models and providers to optimize for cost, performance, and availability.

When Bifrost Edge is deployed, these gateway-level policies are extended to cover all AI activity on the endpoint. An engineer using an approved coding assistant on their laptop is now governed by the same virtual key, budget, and security guardrails as a production application making calls to the gateway from a cloud environment. This unified approach to governance closes the loop between policy and enforcement.

Fleet-Wide Deployment with MDM

For large organizations, manually installing and configuring an endpoint agent on every device is not feasible. Modern endpoint governance solutions are designed for large-scale deployment using Mobile Device Management (MDM) platforms.

Administrators can package the agent and push it to all managed devices using tools like Jamf, Microsoft Intune, or Kandji. The deployment can be configured to be silent, with the agent automatically connecting to the organization's central gateway. This allows IT teams to roll out AI governance across the entire organization with minimal disruption to end-users.

A Practical Path to AI Governance

Enforcing an approved AI tools list is a critical step in managing the risks of shadow AI. While network-level controls can provide a baseline, a combination of a central AI gateway and an endpoint enforcement agent offers a more complete and resilient solution. This approach provides deep visibility into AI usage across the organization, enables centralized policy management, and ensures that all AI traffic is secure and compliant, regardless of its origin.

Teams seeking to implement such controls can evaluate solutions like Bifrost and Bifrost Edge. Further guidance on selecting an AI gateway is available in resources like the LLM Gateway Buyer's Guide. For organizations ready to take the next step, a demo can be requested to see how the platform enforces policies in a real-world environment. Teams evaluating AI gateways can request a Bifrost demo or review the open-source repository.

A Unified Approach to Managing AI Tools Across Mac and Windows Fleets

Lukas Brunner — Wed, 24 Jun 2026 18:15:00 +0000

As employees adopt AI tools like Claude and ChatGPT on both macOS and Windows devices, organizations face a growing "shadow AI" problem. A unified strategy combining a cross-platform Mobile Device Management (MDM) solution with an AI gateway like Bifrost and its endpoint agent provides the visibility and control needed to govern AI usage securely across a mixed-device environment.

The days of an enterprise standardizing on a single operating system are over. Today, IT and security teams must manage a mixed fleet of devices, with macOS popular in creative and engineering departments and Windows remaining the standard in finance and operations. This diversity, driven by employee choice programs and talent acquisition, introduces significant management complexity. Now, the rapid adoption of generative AI tools on these endpoints adds a new, ungoverned layer of risk known as "shadow AI."

Employees use desktop apps like Claude Desktop, browser-based AI like ChatGPT, and powerful coding agents to be more productive. However, this activity often happens outside of sanctioned IT channels, creating a blind spot where sensitive company data can be exposed without any audit trail. For organizations, especially those in regulated industries, managing this risk is not optional. The solution requires a strategy that provides unified visibility and control across every device, regardless of the operating system.

The Challenge of Fragmented Endpoint Management

Managing a mixed fleet of macOS and Windows devices has always been a challenge due to the fundamentally different architectures and management paradigms of each operating system. Windows was built for centralized, domain-based management through tools like Group Policy Objects, while macOS has its roots in consumer use, with enterprise management layered on later. This leads to several points of friction:

Inconsistent Tooling: IT teams often use separate tools for each platform—like Jamf for Apple and Microsoft Intune for Windows—leading to duplicated effort, inconsistent policy enforcement, and gaps in security visibility.
Different Security Baselines: Achieving security parity is difficult when dealing with different encryption mechanisms (FileVault vs. BitLocker), patch management schedules, and authentication protocols.
Complex Software Distribution: Deploying and updating applications is not uniform. What works for a Windows MSI package is different from a macOS PKG or DMG file, complicating fleet-wide rollouts.

This fragmentation means that when a new class of software like AI tools appears, there is no single mechanism to see what is running, let alone manage it. An IT team might have visibility into Windows endpoints via one system but be completely blind to AI agents running on Macs.

Step 1: Standardize with a Unified Device Management (MDM) Platform

The foundational step to governing a mixed fleet is consolidating management under a single Mobile Device Management (MDM) platform that offers robust, native support for both Windows and macOS. While some tools specialize heavily in one ecosystem (like Jamf for Apple), a growing number of platforms provide true cross-platform control from a single console.

A unified MDM allows administrators to:

Automate Device Enrollment: Use programs like Apple Business Manager and Windows Autopilot to streamline the setup of new devices.
Enforce Consistent Policies: Deploy standardized configuration profiles for security settings, password requirements, and disk encryption across both operating systems.
Deploy Software Centrally: Push necessary applications and, critically, security or governance agents to every machine in the fleet, regardless of OS. Platforms like Microsoft Intune can deploy agents to both macOS and Windows devices.

By establishing a unified MDM as the source of truth for device state and software deployment, organizations create the necessary infrastructure to address the shadow AI problem at scale.

Step 2: Gain Visibility and Control with an AI Gateway and Endpoint Agent

While an MDM provides the mechanism to deploy software, it does not inherently understand AI traffic. This is the role of an AI gateway, a centralized control plane for routing, securing, and observing all AI requests. An AI gateway becomes exponentially more powerful when paired with an endpoint agent that extends its reach to every device.

This is the model used by Bifrost, an open-source AI gateway, and its companion agent, Bifrost Edge. The gateway acts as the central policy engine, while the Edge agent, deployed via MDM, runs on each macOS, Windows, and Linux machine. This combination creates a comprehensive governance solution.

How AI Gateway + Endpoint Agent Works

Deploy the Agent via MDM: The lightweight Bifrost Edge agent is pushed to all macOS and Windows devices using the chosen unified MDM platform, such as Intune or Kandji.
Intercept AI Traffic: Edge automatically identifies and routes all AI-related traffic on the device—from desktop apps, browser sessions, and even coding agents—through the central Bifrost gateway. This happens transparently without requiring users to change their workflows.
Apply Centralized Policies: Once traffic flows through the gateway, all the pre-configured governance rules are applied. This includes:
- App Governance: Allow or block specific AI applications. If a tool is not on the approved list, Edge can block it on the device before any data is sent.
- Virtual Keys and Budgets: Enforce granular access controls and spending limits per user or team, ensuring costs are managed.
- Guardrails and Security: Apply security policies like data masking or secret detection to every prompt, preventing sensitive information from reaching a model.
- Audit Logs: Maintain an immutable record of all AI interactions for compliance and security reviews. This is particularly critical for organizations subject to frameworks like SOC 2, HIPAA, or ISO 27001.

This approach closes the visibility gap created by shadow AI. Security teams gain a complete, real-time inventory of which AI tools are being used on which devices, all from a central console.

A Unified Future for AI Governance

Managing a mixed fleet of macOS and Windows devices no longer requires separate, siloed approaches. By starting with a unified MDM platform, IT teams can standardize device management and create a consistent deployment channel. Layering an AI gateway with a cross-platform endpoint agent like Bifrost Edge on top of that foundation provides the specific visibility and control needed to govern modern AI tools.

This combined strategy allows organizations to embrace employee choice and the productivity gains of AI without sacrificing security or compliance. It transforms AI usage from a hidden risk into a managed, auditable, and secure part of the enterprise technology stack.

Restricting AI Desktop Apps Like Claude and ChatGPT on Managed Devices

Lukas Brunner — Wed, 24 Jun 2026 18:14:27 +0000

The rapid adoption of powerful desktop AI applications like Claude and ChatGPT presents a new challenge for enterprise IT and security teams. This article explores the risks of ungoverned AI apps and provides a technical overview of methods for restricting them on managed corporate devices.

The use of AI tools in the workplace has expanded beyond the browser. Standalone desktop applications from providers like Anthropic and OpenAI offer powerful, integrated experiences for employees. However, their installation on managed devices creates a significant governance gap. This "shadow AI" usage, where employees use AI tools without IT approval, introduces risks of data leaks, compliance violations, and a lack of oversight. An effective strategy to manage these applications requires a multi-layered approach, from network controls to endpoint-native solutions.

The Rise of Shadow AI on the Desktop

Shadow IT, the use of technology without explicit IT department approval, is not a new problem. Shadow AI is its latest and most potent variant. Driven by the desire for productivity, employees now frequently download and use AI desktop clients to summarize documents, write code, and analyze data.

This behavior creates significant blind spots. When an employee pastes proprietary source code, customer data, or sensitive internal documents into a desktop AI tool, that information leaves the protected corporate environment. Unlike web-based traffic that might be routed through a company proxy, desktop application traffic can be harder to inspect and control, bypassing traditional security measures.

Methods for Restricting AI Desktop Applications

Organizations can use several technical methods to control the use of unauthorized AI applications on managed devices. These range from broad network-level blocks to more granular, policy-driven controls.

Network-Level Blocking

One of the most straightforward methods is to block access to the domains these applications rely on. This can be accomplished at the network perimeter using firewalls, DNS filtering, or secure web gateways.

DNS Filtering: By configuring network DNS resolvers to block domains associated with specific AI services, any request from an application to its backend servers will fail. For example, to block ChatGPT's desktop and mobile applications, an administrator could block desktop.chatgpt.com, android.chat.openai.com, and ios.chat.openai.com.
Firewall Rules: Network firewalls can be configured with rules to deny outbound traffic to the known IP addresses or domains of AI service providers. This prevents the application from communicating with its servers, rendering it non-functional.

While effective for outright blocking, this approach lacks granularity. It typically blocks all access to a service, including potentially sanctioned web-based versions, and can be circumvented by users on non-corporate networks.

Endpoint-Based Application Control

A more direct approach involves using endpoint management tools to prevent the applications from running in the first place.

Application Whitelisting/Blacklisting: Using a Mobile Device Management (MDM) or Unified Endpoint Management (UEM) platform, administrators can create policies that explicitly block certain application executables. Tools like Microsoft Intune or Jamf can enforce application control policies that prevent users from launching or installing unapproved software like the Claude or ChatGPT desktop apps.
OS-Level Policies: Both Windows and macOS provide native tools for application control. On Windows, AppLocker or Windows Defender Application Control can be used to create rules that block specific applications based on their signature or path.

This method is highly effective for managed devices but requires maintaining up-to-date lists of applications and may not cover unmanaged or BYOD devices.

Tenant Control and Identity-Based Restrictions

For organizations that have adopted enterprise versions of AI tools, the goal is often not to block the tool entirely, but to prevent the use of personal accounts.

Cloud Application Security Brokers (CASB): Some security solutions can enforce tenant restrictions at the network or endpoint level. These tools inspect authentication flows and can inject headers to enforce login to a specific corporate workspace ID, effectively blocking personal account usage. OpenAI's ChatGPT Enterprise offers a "Workspace Blocking" feature that relies on this mechanism.
Restricting OAuth Consent: Administrators can configure their identity provider, like Microsoft Entra ID, to prevent users from granting consent for third-party applications to access their corporate account data. This can stop a key channel through which AI tools might gain unauthorized access to company information.

These controls allow for sanctioned use while mitigating the risks of data commingling and exfiltration through personal accounts.

Centralized Governance with an AI Gateway and Endpoint Agent

The most comprehensive solution goes beyond simple blocking and focuses on centralized visibility and governance. This approach combines a central control plane with an endpoint agent to bring all AI traffic, including from desktop apps, under a unified policy.

An AI gateway like Bifrost, an open-source AI gateway from Maxim AI, serves as a central point for routing, authentication, and policy enforcement for all configured AI traffic. However, a gateway alone cannot see the traffic from desktop apps that have not been manually configured to use it.

This is the gap that an endpoint agent like Bifrost Edge is designed to close. By deploying an agent to managed devices via MDM, all AI traffic from supported desktop apps, coding agents, and even browser sessions is automatically and transparently routed through the central Bifrost gateway.

This architecture enables:

Universal Visibility: All AI usage, regardless of the application, becomes visible in a central audit log.
Consistent Policy Enforcement: The same governance controls, such as budget limits, rate limits, and access rules configured in the gateway, are applied to desktop app traffic.
Endpoint Security: Sensitive data can be redacted by gateway-level guardrails before it ever leaves the corporate network, even when sent from a desktop app. The Bifrost Edge agent can also enforce app governance policies, blocking unapproved applications directly on the device.

By combining a gateway with an endpoint agent, organizations can move from a reactive blocking posture to proactive, granular AI governance that enables safe and productive use of powerful AI tools.

Conclusion

Restricting unmanaged AI desktop applications is a critical step in mitigating the risks of shadow AI. While network-level blocking and endpoint application control offer effective ways to prevent unauthorized use, they can be blunt instruments. A more mature strategy involves leveraging identity controls and, for the most complete coverage, deploying a centralized AI gateway with an endpoint agent. This approach allows organizations to gain full visibility and enforce consistent security and compliance policies across all AI usage, turning a potential liability into a governed, productive asset.

Teams looking to establish comprehensive AI governance can explore solutions like the Bifrost AI gateway and request a demo to see how endpoint-aware control works.

Sources

How to Allowlist Approved AI Tools and Block the Rest on Work Computers

Lukas Brunner — Wed, 24 Jun 2026 18:13:41 +0000

This guide explains how to manage AI application usage on corporate devices by creating allowlists for approved tools and blocking unapproved ones. It covers the risks of ungoverned "shadow AI" and shows how a combination of an AI gateway like Bifrost and an endpoint agent can provide visibility and enforcement.

The rapid adoption of AI tools in the workplace has created a significant governance challenge for IT and security teams. Employees, seeking to improve productivity, are using generative AI applications for coding, content creation, and data analysis, often without official approval. This phenomenon, known as "shadow AI," introduces substantial risks, including data leakage, compliance violations, and an expanded attack surface. A 2025 report found that corporate data shared with AI tools increased by 485% in just one year. To regain control, organizations need a strategy that goes beyond simply banning AI, focusing instead on enabling safe usage of approved tools while blocking the rest.

This article examines a technical approach to this problem: creating an allowlist of approved AI applications and enforcing it on every work computer. This strategy uses an AI gateway, such as the open-source Bifrost gateway, as a central control plane, combined with an endpoint agent that extends the gateway's governance to each device.

The Problem: Shadow AI Operates Beyond Traditional Controls

Shadow AI refers to the use of AI tools by employees without the knowledge or oversight of their organization's IT and security departments. Unlike traditional shadow IT, where the primary risk was unmanaged software, shadow AI involves systems that can process, store, and even learn from sensitive corporate data. This creates several specific risks:

Data Leakage: Employees may inadvertently paste proprietary source code, customer data, or financial information into public AI tools. Once the data leaves the organization's perimeter, there is no audit trail or control over how it is stored or used.
Compliance Violations: The use of unvetted AI tools can breach data protection regulations like GDPR, HIPAA, or SOC 2, as it becomes impossible to track where data is processed or stored.
Expanded Attack Surface: Unapproved AI tools, particularly those with insecure APIs or plugins, can introduce new vulnerabilities that security teams are unable to see or manage.
Lack of Visibility: Most AI tools communicate over encrypted HTTPS traffic, making it difficult for traditional network monitoring to inspect the content of prompts and responses. Security teams can see that an employee visited an AI website but have no visibility into what data was shared.

Simply banning all AI tools is often ineffective, as many employees will continue to use them if they perceive a productivity benefit. A more sustainable approach involves defining an AI Acceptable Use Policy (AUP) that specifies which tools are approved and then implementing technical controls to enforce that policy.

An Enforcement Strategy: AI Gateway + Endpoint Agent

A robust solution for managing AI tool usage requires two components working together: a central policy engine and an enforcement agent on each device.

The AI Gateway as a Control Plane: An AI gateway acts as a centralized point for routing, observing, and governing all AI traffic. It's where administrators configure policies, such as which models are allowed, spending budgets, and security guardrails.
The Endpoint Agent for Enforcement: An endpoint agent runs on each employee's computer (macOS, Windows, or Linux) and ensures that all AI traffic from that device routes through the central gateway. This closes the "last mile" gap, bringing desktop apps, browser-based AI, and coding agents under the same governance.

Bifrost, an open-source AI gateway, and its companion endpoint agent, Bifrost Edge, implement this model. The gateway serves as the central hub for policy, while the Edge agent extends those policies to every machine.

Step 1: Discover and Inventory All AI Tools in Use

Before creating an allowlist, an organization must first understand what AI tools are currently being used. An endpoint agent can automatically discover AI applications installed on devices and identify AI traffic from browsers and CLIs. Bifrost Edge provides a fleet-wide dashboard that inventories every discovered AI app, showing which tools are in use and by how many people.

This visibility is the first step in moving from a reactive to a proactive governance stance, aligning with the "Map" and "Govern" functions of frameworks like the NIST AI Risk Management Framework.

Step 2: Create and Enforce an Application Allowlist

Once an inventory is established, administrators can review the list of discovered applications and make explicit decisions about which to approve.

In Bifrost, this is managed through an approvals dashboard. An admin can set the status of each application to "Approved" or "Denied."

Approved tools continue to function normally, with all traffic automatically routed through the Bifrost gateway for full observability and policy enforcement.
Denied tools are blocked at the device level by the Bifrost Edge agent. Any attempt to launch or use a blocked application is stopped before any data leaves the machine.

This creates a clear, enforceable boundary. Employees can innovate with sanctioned tools, and the organization is protected from the risks of unvetted applications.

Step 3: Govern Model Context Protocol (MCP) Servers

Modern AI applications, especially coding agents like Claude Code, increasingly connect to external servers using the Model Context Protocol (MCP) to access tools and data. These MCP servers represent another vector for shadow AI, as users can configure their tools to connect to unapproved servers.

A comprehensive endpoint governance solution must also discover and manage these connections. Bifrost Edge inventories all configured MCP servers across the fleet, allowing administrators to approve or deny them, just like applications. Denying an MCP server prevents any tool on the endpoint from connecting to it, closing a critical governance gap in agentic workflows.

Step 4: Deploy and Manage Policies via MDM

For any endpoint solution to be effective, it must be deployed and managed across the entire fleet of corporate devices. Asking users to install and configure an agent manually is not a scalable or reliable strategy.

Endpoint governance agents are designed for silent, fleet-wide deployment using existing Mobile Device Management (MDM) platforms. Bifrost Edge integrates with common MDM solutions like Jamf, Microsoft Intune, Kandji, and Workspace ONE for zero-touch deployment. A managed configuration is pushed to each device, pointing the agent to the company's Bifrost gateway. After a one-time SSO login by the user, the agent runs in the background, keeping policies in sync and enforcing the rules defined by the central gateway.

This combination of a central AI gateway for policy and an MDM-deployed endpoint agent for enforcement provides a scalable way to allow approved AI tools while blocking everything else. It extends existing security controls like guardrails and audit logs to the AI traffic on employee machines, giving organizations the visibility and control needed to manage the risks of shadow AI effectively.

Next Steps for Implementation

For organizations looking to implement an AI tool allowlist, the path involves both policy and technology. Start by drafting an AI Acceptable Use Policy to define the rules, and then evaluate tools that can provide the necessary endpoint visibility and enforcement.

Teams evaluating this approach can request a demo of Bifrost with its Edge capabilities or review the open-source repository to understand its core gateway functionality.

Sources

Top 3 Harmonic Security Alternatives for Endpoint AI Governance

Lukas Brunner — Wed, 24 Jun 2026 18:13:00 +0000

A comparison of the best Harmonic Security alternatives for governing AI on employee devices. Bifrost emerges as the top choice for its deep integration of gateway-level policy and transparent endpoint enforcement.

The rapid adoption of generative AI tools introduces significant security and compliance risks. Employees use web-based services like ChatGPT, install desktop AI applications, and run powerful coding agents in their terminals, often creating a "shadow AI" environment outside the view of security and IT teams. Endpoint AI governance solutions aim to close this gap by providing visibility and control over AI usage on employee machines. While Harmonic Security is one option in this space, several alternatives offer different approaches to solving the problem.

This article compares the top alternatives to Harmonic Security, evaluating them on their ability to provide comprehensive coverage, granular control, and a unified policy framework for secure AI adoption.

Key Criteria for Evaluating Endpoint AI Governance

When assessing solutions, engineering and security leaders should look beyond simple URL blocking. Effective endpoint AI governance requires a nuanced approach that balances security with productivity.

Coverage and Enforcement Method: The solution must cover all the ways employees use AI, not just in the browser. This includes native desktop applications (like Claude Desktop and Cursor), command-line interface (CLI) tools, and editor integrations. The enforcement mechanism matters: a native, system-level agent provides deeper and more reliable coverage than a browser extension.
Policy Granularity: Controls should go beyond a simple allow or deny list for applications. A robust solution allows for context-aware policies, such as controlling which users or groups can access specific models or tools. A key emerging area is governance over the Model Context Protocol (MCP), which enables AI models to interact with external tools and data sources.
Visibility and Discovery: Before enforcing control, a platform must provide visibility. The first step is discovering which AI applications and services are active across the entire fleet of devices. This inventory is critical for making informed policy decisions without disrupting workflows.
Integration with a Central Policy Engine: Endpoint policies should not exist in a silo. The most effective architecture is one where endpoint agents are extensions of a central control plane, such as an AI gateway. This ensures that a single, consistent set of security, compliance, and governance rules applies to all AI traffic, whether it originates from a production service or an employee's laptop.

A Comparison of Harmonic Security Alternatives

1. Bifrost Edge

Bifrost, an open-source AI gateway from Maxim AI, provides the central control plane for AI traffic, and its capabilities are extended to the endpoint through Bifrost Edge. This combined "AI Gateway + Bifrost Edge" model makes it the most comprehensive solution for organizations seeking unified governance.

Best for: Organizations that require a single, consistent policy framework across both backend AI services and employee endpoints, particularly those with strong developer and engineering teams using a wide range of AI tools.

The Bifrost AI gateway acts as the policy engine where administrators configure virtual keys, budgets, rate limits, and security guardrails. Bifrost Edge is a native agent for macOS, Windows, and Linux that runs on each employee machine. It transparently intercepts AI traffic from a wide range of sources and routes it through the central Bifrost gateway for policy enforcement.

This architecture ensures that the same governance and security controls apply everywhere. For example, a guardrail configured to detect and redact sensitive data works identically for a production application and a prompt entered into a desktop AI app on a developer's machine.

Key Capabilities:

Broad Application Coverage: Bifrost Edge governs native desktop apps, browser-based AI, and CLI-based coding agents, providing coverage far beyond browser-only solutions.
MCP Server Governance: It offers a unique ability to discover, inventory, and enforce policies on MCP servers used by advanced coding agents, a critical and often-overlooked attack surface.
Unified Policy Enforcement: Because it integrates with the gateway, all traffic is subject to central controls like virtual keys, budgets, and immutable audit logs for compliance.
Fleet-wide Deployment: Edge is designed for enterprise rollout via MDM platforms like Jamf, Intune, and Kandji, enabling silent installation and configuration across the organization.

2. Zscaler

Zscaler is a major player in the Secure Access Service Edge (SASE) and Zero Trust security market. Its approach to AI governance leverages its existing global proxy architecture to monitor and control employee access to AI services.

Best for: Large enterprises already standardized on the Zscaler platform for web security, content filtering, and data loss prevention.

Zscaler's solution works by routing user traffic through its cloud-native proxy, Zscaler Internet Access (ZIA). This allows it to inspect traffic destined for known AI applications and websites. Administrators can use the platform to discover AI application usage, apply brand-specific tenant restrictions, and configure Data Loss Prevention (DLP) policies to block the submission of sensitive data. It also provides browser isolation features to further secure interactions with risky AI sites.

Key Capabilities:

Cloud-Native Security Stack: Integrates AI controls into a broad set of security services, including firewall, sandboxing, and DLP.
Application Discovery: Can identify and categorize traffic to thousands of SaaS applications, including hundreds of AI tools.
Data Protection: Applies advanced DLP policies to prevent sensitive data like source code or PII from being uploaded to public AI models.

3. Netskope

Netskope offers an AI governance solution rooted in its Cloud Access Security Broker (CASB) technology. It focuses on providing visibility and data protection for both sanctioned and unsanctioned cloud applications.

Best for: Organizations with a mature cloud security program focused on data governance and risk management for all SaaS applications, including generative AI.

The Netskope NewEdge platform provides real-time, granular policy controls for cloud services. For AI governance, this means discovering which employees are using which AI apps and assessing the risk level of each application. Netskope can decode user activities within these apps, allowing administrators to create policies that, for example, block file uploads to ChatGPT or coach users to use a sanctioned enterprise AI tool instead.

Key Capabilities:

Application Risk Scoring: Provides a Cloud Confidence Index (CCI) to help security teams understand the enterprise-readiness of different AI applications.
Granular Activity Controls: Can distinguish between different user activities (e.g., login, post, upload) within an AI web application and apply policies accordingly.
User Coaching: Delivers real-time notifications to educate users on acceptable AI usage policies.

How the Alternatives Compare

While all three solutions address the challenge of shadow AI, they do so from different architectural starting points.

Bifrost Edge provides the most comprehensive and AI-native governance. Its tight integration with an AI gateway allows for unified policy, and its native agent architecture covers a broader set of developer-centric tools like CLIs and MCP servers that network proxies often miss.
Zscaler offers strong, network-level controls as part of a broader SASE platform. It is a powerful choice for web-based AI traffic but may offer less visibility into native desktop applications or specialized protocols without client-side agents.
Netskope excels at data-centric governance for web applications through its CASB heritage. Its strength is in detailed activity monitoring and risk assessment for SaaS, making it a good fit for organizations primarily concerned with data exfiltration to web-based AI tools.

Recommendation and Next Steps

For organizations seeking to secure AI usage, the choice of a governance tool depends on the primary risk focus. Network and data security platforms like Zscaler and Netskope provide robust controls for web-based AI as part of a larger security stack.

However, for a solution built specifically for the unique challenges of AI, Bifrost Edge offers a more complete and developer-aware approach. By unifying endpoint enforcement with a central AI gateway, it provides a single source of truth for policy and visibility that covers the full spectrum of modern AI tools, from the browser to the command line. This integrated model is better equipped to handle not just today's applications but also the next generation of agentic, tool-using AI systems.

Teams evaluating endpoint AI governance solutions can request a Bifrost demo or explore the open-source Bifrost repository to understand the underlying gateway technology.

Sources

The Tools That Control Which AI Apps Employees Can Use

Lukas Brunner — Wed, 24 Jun 2026 18:12:40 +0000

As employees adopt AI tools to improve productivity, IT and security teams face the challenge of "shadow AI." This article examines the tools and strategies organizations use to govern which AI applications are permitted, ensuring security and compliance without blocking innovation. It also looks at how platforms like Bifrost can centralize this control.

The rapid adoption of AI tools in the workplace has created a significant challenge for IT and security leaders. Employees, aiming to be more productive, are independently using generative AI chatbots, coding assistants, and other AI-powered services, often without official approval or oversight. This phenomenon, known as "shadow AI," extends the longstanding issue of shadow IT and introduces unique security, compliance, and operational risks.

Unlike traditional unauthorized software, AI tools can process, store, and learn from the data they are given. When employees input sensitive information—such as proprietary source code, customer data, or internal financial reports—into public AI models, that data can leave the organization's control, potentially being used for model training or exposed in a breach. This article explores the methods and tools organizations can use to regain control over the AI applications used by their employees.

The Risks of Uncontrolled AI App Usage

Shadow AI creates significant blind spots for security teams. Since these tools operate outside of sanctioned channels, they are not covered by existing enterprise security, governance, or compliance controls. The primary risks include:

Data Leakage and Intellectual Property Loss: Employees may paste sensitive code, strategic documents, or personally identifiable information (PII) into unmanaged AI tools. This can lead to the exposure of trade secrets and non-compliance with data protection regulations like GDPR and HIPAA.
Expanded Attack Surface: Unsanctioned AI tools can introduce unsecured APIs and integrations, creating new entry points for attackers.
Compliance and Legal Issues: The use of unapproved AI can violate data handling requirements, leading to fines and legal action. Without an audit trail, proving compliance becomes nearly impossible.
Inconsistent Quality and Operational Problems: AI-generated code may contain security vulnerabilities or outdated dependencies. Furthermore, reliance on different, unverified AI tools across an organization can lead to inconsistent and unreliable business outcomes.

Traditional Methods for Controlling Application Access

Before the rise of AI, organizations relied on several established methods to control which applications could run on corporate devices and networks. These tools provide a foundation for governance but often struggle with the unique nature of modern AI applications.

Application Whitelisting and Blacklisting

Application control, or whitelisting, is a security measure that permits only pre-approved applications to run, blocking all others. Blacklisting, conversely, blocks a list of known unwanted applications.

How it works: These policies are typically enforced by endpoint protection platforms or through operating system features like Windows AppLocker.
Limitations: This approach can be difficult to maintain, especially with the constant emergence of new web-based AI tools and browser extensions that do not have a traditional executable to block.

Network-Level Blocking

Firewalls and DNS filtering can block access to the domains associated with unauthorized applications.

How it works: By blocking the DNS queries or IP addresses that an application relies on, network administrators can prevent it from connecting to its services.
Limitations: This method can be a blunt instrument. Blocking an entire domain might disrupt access to other legitimate services hosted there. It also does not work for desktop applications that may operate offline or route traffic through generic endpoints.

Mobile Device Management (MDM)

MDM solutions allow administrators to control which applications can be installed on company-managed mobile devices and computers.

How it works: Admins can push or restrict applications from a central console, ensuring that only approved software is present on corporate devices.
Limitations: MDM is effective for managed devices, but it has less control over browser-based AI tools and may not apply to personal devices used for work (BYOD).

A Modern Approach: Endpoint-Centric AI Governance

The limitations of traditional tools highlight the need for a more specialized approach to governing AI usage. Modern solutions focus on monitoring and controlling AI interactions directly at the endpoint, providing granular visibility that network-level tools lack.

One such solution is Bifrost, an open-source AI gateway from Maxim AI, which combines a centralized control plane with an endpoint agent to enforce AI governance everywhere. This two-part structure is designed specifically for the challenges of shadow AI.

How Bifrost Edge Provides Centralized AI App Control

The Bifrost platform addresses application control with a combined "Gateway + Edge" architecture.

Bifrost Gateway as the Control Plane: The Bifrost AI gateway serves as the central policy engine for an organization. Here, administrators define all governance and security rules:
- Virtual Keys: Create policies that specify which models and providers are approved for use.
- Guardrails: Implement content safety policies, detect secrets, and prevent sensitive data from being sent to models.
- Budgets and Rate Limits: Control costs and usage on a per-user or per-team basis.
- Audit Logs: Maintain a complete, immutable record of all AI interactions for compliance.
Bifrost Edge for Endpoint Enforcement: Bifrost Edge is a lightweight agent installed on employee machines (macOS, Windows, and Linux). It intercepts all AI traffic—from desktop apps like Claude and ChatGPT, browser-based tools, and coding agents—and routes it through the Bifrost Gateway.
- Application Discovery and Control: Edge automatically discovers all AI applications in use across the fleet and presents them in a central dashboard. Administrators can then create an allow-list, blocking any unapproved tools directly on the device.
- Transparent to Users: After a one-time sign-in, the agent runs in the background. Employees continue to use their preferred tools without changing any settings, while all activity is governed by the central gateway policies.
- Fleet-wide Deployment: Edge is designed to be deployed and configured silently across thousands of machines using MDM platforms like Jamf or Microsoft Intune.

This model allows organizations to move from a reactive, block-only posture to a proactive governance strategy. Instead of simply banning tools, IT teams can enable productive AI usage within a secure and compliant framework. The same policies for budget control, data security, and access rights configured in the gateway are automatically enforced on every application an employee uses, effectively ending the problem of shadow AI.

The Future of AI Application Management

As AI becomes more integrated into daily workflows, the distinction between approved and unapproved tools will become a critical security boundary. Manually updated blocklists and network-level controls are insufficient for the dynamic and decentralized nature of AI applications.

The solution lies in tools that provide visibility and control at the point of interaction: the employee's device. By combining a central policy engine like an AI gateway with an endpoint enforcement layer, organizations can create a system that allows for innovation while maintaining strict governance. This enables teams to harness the productivity benefits of AI without sacrificing security, compliance, or control. Teams evaluating AI governance platforms can request a Bifrost demo to see this model in action.

How to Evaluate AI Governance Platforms for a Mid-Size Company

Lukas Brunner — Wed, 24 Jun 2026 18:12:02 +0000

Mid-size companies need a structured approach to select an AI governance platform that balances security, compliance, and budget. This guide covers key evaluation criteria, from policy enforcement to cost management, and examines how a solution like Bifrost can meet these needs.

As AI adoption moves from experimental to operational, mid-size companies face a critical challenge: governing the use of large language models (LLMs) without the vast resources of a large enterprise. The rapid, often decentralized, adoption of AI tools can introduce significant risks, including data leakage, compliance violations, and uncontrolled spending. An AI governance platform centralizes control over this activity, but choosing the right one requires a clear evaluation framework.

For a mid-size business, the ideal platform must be powerful yet efficient, offering robust security and compliance features without requiring a dedicated team for management. Key considerations include the ability to enforce access policies, monitor usage, control costs, and secure data across all the ways employees use AI. Solutions like Bifrost, an open-source AI gateway, are designed to provide this centralized control plane for AI traffic.

Key Criteria for Evaluating AI Governance Platforms

A comprehensive evaluation should focus on four primary areas: policy enforcement and access control, security and compliance, cost management and observability, and deployment and integration.

1. Policy Enforcement and Access Control

The core function of an AI governance platform is to enforce who can use which AI models and under what conditions. According to the NIST AI Risk Management Framework, a key element of governance is establishing policies and procedures for trustworthy AI. Your evaluation should assess how a platform implements this.

Look for features like:

Role-Based Access Control (RBAC): The platform should allow administrators to define granular permissions. For instance, a finance team might be restricted to specific models for analysis, while the engineering team has broader access for development. Bifrost implements RBAC to manage these permissions centrally.
Virtual Keys and Access Profiles: Instead of managing raw provider API keys, a strong platform uses an abstraction layer. Bifrost uses virtual keys to assign specific models, budgets, and rate limits to users, teams, or projects. Access profiles can automate the provisioning of these keys at scale.
Endpoint Governance: A significant amount of AI usage happens on employee machines through desktop apps and coding agents, often bypassing centralized controls. This "shadow AI" is a primary governance gap. A complete solution must extend governance to the endpoint. The Bifrost Edge agent is designed for this, enforcing the gateway's policies on AI traffic originating from employee laptops.

2. Security and Compliance

Handling sensitive data is a primary concern with AI. A governance platform must provide tools to prevent data leaks and maintain a clear audit trail for compliance with regulations like GDPR, HIPAA, or SOC 2.

Key security capabilities include:

Data Redaction and Guardrails: The platform should be able to inspect prompts and responses for sensitive information. Guardrails can automatically block or redact things like API keys, personally identifiable information (PII), or custom patterns defined by the organization.
Audit Logs: For compliance, immutable logs of all requests, responses, and administrative actions are non-negotiable. These audit logs provide the evidence needed for security reviews and regulatory checks.
Deployment in Secure Environments: Mid-size companies in regulated industries may need to run AI infrastructure within their own virtual private cloud (VPC) or on-premise. The platform must support these deployment models. Bifrost offers in-VPC deployment options to ensure data never leaves the company's network.

3. Cost Management and Observability

Without centralized visibility, AI spending can quickly escalate. A governance platform must provide detailed insight into consumption and tools to control it. A report from Andreessen Horowitz notes that while training costs are falling, inference costs at scale can become a major operational expense.

Evaluate these features:

Budgets and Rate Limits: The ability to set hard spending caps and control request frequency per user, team, or project is fundamental. Bifrost enables setting precise budgets and rate limits on each virtual key.
Observability and Dashboards: You cannot control what you cannot see. The platform should offer real-time observability into usage, latency, and error rates, often through integrations with tools like Prometheus or Datadog.
Cost Optimization: Advanced features can actively reduce costs. For example, semantic caching can serve responses to semantically similar queries from a cache, avoiding redundant calls to an expensive model.

4. Deployment and Integration

For a mid-size company with a lean engineering team, the ease of deployment and integration is critical. The platform should not create a significant operational burden.

Consider the following:

Drop-in Integration: The easiest platforms to adopt are those that work as a drop-in replacement for existing provider SDKs. This typically means developers only need to change the base URL in their code to route traffic through the gateway.
Provider and Model Support: The platform must support the full range of models your teams use, from commercial providers like OpenAI and Anthropic to open-source models hosted locally with Ollama. A comprehensive supported providers list is a sign of a mature platform.
Endpoint Deployment: For endpoint agents, deployment should be manageable via existing Mobile Device Management (MDM) solutions. Bifrost Edge supports fleet-wide rollout using tools like Jamf, Intune, and Kandji, which is essential for efficient management at a mid-size scale.

Making a Recommendation for Mid-Size Companies

For a mid-size company, the ideal AI governance platform offers enterprise-grade security and control without enterprise-grade complexity and cost. A solution should be evaluated on its ability to provide a unified control plane for all AI traffic, whether from production applications or employee desktops.

Platforms like Bifrost score well against these criteria by combining a high-performance open-source gateway with enterprise features for security, compliance, and scale. The addition of Bifrost Edge to govern endpoint AI usage provides a comprehensive solution that closes a common and critical governance gap. The key is its unified approach: policies for governance, security, and cost are set once at the gateway and enforced everywhere.

As you conduct your evaluation, focus on practical tests. Can you easily set and enforce a budget for a test user? Can you block a prompt containing a fake API key? How quickly can you get visibility into model usage across the team? The answers to these questions will reveal which platform truly meets the needs of a growing, security-conscious, and budget-aware mid-size company. Teams evaluating AI gateways can request a Bifrost demo or review the open-source repository.

Sources

The Best AI Governance Tools in 2026, Compared

Lukas Brunner — Wed, 24 Jun 2026 18:11:21 +0000

[This guide compares the best AI governance tools for securing and managing enterprise AI applications. The top solutions are evaluated on policy enforcement, access control, security, and observability, with Bifrost emerging as the leading choice for teams that require a comprehensive, high-performance, and open-source platform.]

The proliferation of AI in enterprise applications has moved AI governance from a theoretical concern to a critical operational requirement. Organizations need dedicated tools to manage costs, enforce compliance, secure sensitive data, and ensure reliable performance. An AI gateway often serves as the core of this strategy, acting as a central control plane for all AI traffic. Bifrost, a high-performance, open-source AI gateway from Maxim AI, provides a unified platform for this purpose. This article compares some of the leading AI governance tools available today, examining how they address the challenges of managing AI at scale.

Key Criteria for Evaluating AI Governance Tools

Effective AI governance platforms are measured by their ability to provide comprehensive control without compromising performance. When evaluating solutions, engineering and security leaders should consider the following criteria:

Policy Enforcement: The ability to define and enforce fine-grained rules for access, usage, and routing. This includes setting budgets, rate limits, and model permissions for different users, teams, or projects.
Access Control: Centralized management of credentials and permissions. Modern tools use virtual keys instead of passing raw provider keys, enabling teams to rotate, revoke, and monitor access from a single dashboard.
Security and Compliance: Features that protect against data leakage and model misuse. This includes guardrails for content filtering, secrets detection, and immutable audit logs to meet compliance standards like SOC 2, HIPAA, and GDPR.
Observability: Detailed, real-time visibility into AI usage, costs, and performance. Dashboards and integrations with monitoring tools like Prometheus and Datadog are essential for debugging and optimization.
Performance and Scalability: The tool's impact on latency and its ability to handle high-throughput production workloads. A governance layer should not become a bottleneck.
Deployment Flexibility: Support for various environments, including cloud, on-premise, and air-gapped deployments, to meet enterprise security and data residency requirements.

The Top AI Governance Tools for 2026

Here is a comparison of the top tools for AI governance, each with a different approach to solving the problem.

1. Bifrost

Bifrost is an open-source AI gateway written in Go, designed for high-performance and comprehensive governance in enterprise environments. It unifies access to over 1,000 models from more than 20 providers through a single, OpenAI-compatible API. Its key differentiator is its combination of robust, enterprise-grade governance features with extremely low latency, adding only 11 microseconds of overhead at 5,000 requests per second.

Best for: Enterprises and teams running mission-critical AI workloads that require best-in-class performance, a unified governance model for LLMs and agentic workflows, and flexible deployment options.

Key Features:

Unified Governance: Bifrost uses virtual keys to manage access, enabling teams to set per-key budgets, rate limits, and model permissions. This provides granular control over which users or applications can access specific models and tools.
Advanced Security: The platform includes extensible guardrails for content safety, secrets detection, and custom policy enforcement. It also generates immutable audit logs for all requests, which is critical for compliance with frameworks from organizations like NIST.
MCP Gateway: Bifrost includes a full-featured MCP gateway to govern agentic applications, allowing administrators to control which external tools AI agents can execute on a per-virtual-key basis.
Endpoint Governance: A critical aspect of modern AI governance is managing "shadow AI"—the use of unsanctioned AI tools on employee devices. Beyond gateway controls, Bifrost Edge extends the same governance and security policies to all AI traffic on employee machines, providing endpoint enforcement for desktop apps, browser AI, and coding agents.
Enterprise Deployment: Bifrost supports in-VPC and on-premise deployments, high-availability clustering, and integrations with identity providers like Okta and Entra ID for full enterprise integration.

2. Kong AI Gateway

Kong AI Gateway is a product from the well-known API management company Kong. It extends their existing gateway infrastructure to manage AI traffic, focusing on control, observability, and performance for LLM-powered applications. It is a good fit for organizations already heavily invested in the Kong ecosystem.

Best for: Companies that have already standardized on Kong for API management and want to apply similar control patterns to their AI services.

Key Features:

Unified API Management: It allows teams to manage both traditional APIs and AI services from a single gateway.
AI-Specific Plugins: Kong offers plugins for prompt engineering, credential management, and AI-specific analytics.
Multi-LLM Support: It provides a unified interface to route requests to different LLM providers, both public and self-hosted.
Observability: Integrates with existing API analytics and monitoring tools to provide visibility into token usage, cost, and latency.

3. Cloudflare AI Gateway

Cloudflare AI Gateway is part of Cloudflare's broader suite of services for application performance and security. It acts as a proxy that provides caching, rate limiting, and analytics for AI applications built on Cloudflare Workers AI or other third-party model providers.

Best for: Developers and teams already using the Cloudflare ecosystem, especially those building applications with Workers AI.

Key Features:

Analytics and Logging: Provides a dashboard to monitor requests, users, costs, and errors in one place.
Caching: Caches responses to reduce latency and costs for frequently repeated queries.
Rate Limiting: Protects applications and manages costs by setting limits on the number of requests.
Global Distribution: Leverages Cloudflare's global network to reduce latency for users worldwide.

4. AWS Bedrock Guardrails

For teams building exclusively on Amazon Web Services, Guardrails for Amazon Bedrock offers a native solution for implementing safeguards in AI applications. It is not a full gateway but rather a managed feature focused on enforcing policies for responsible AI.

Best for: Organizations deeply integrated with the AWS ecosystem and using Amazon Bedrock as their primary model provider.

Key Features:

Content Filtering: Define denied topics and filter harmful content based on different categories and confidence levels.
PII Redaction: Can be configured to detect and redact personally identifiable information (PII) in model responses.
Word Filters: Allows for the configuration of specific words or phrases to block in user prompts and model responses.
Integration with AWS Services: Natively integrates with Amazon Bedrock, allowing policies to be applied directly to model invocations.

How the Options Compare on Key Governance Features

While all tools offer some level of control, their focus and depth of features vary significantly.

Feature	Bifrost	Kong AI Gateway	Cloudflare AI Gateway	AWS Bedrock Guardrails
Deployment Model	Open-Source, Self-Hosted, Cloud	Self-Hosted, Cloud	Cloud Service	AWS Managed Feature
Virtual Keys	Yes	Yes (via plugins)	No	No
Budgets & Rate Limits	Yes (granular)	Yes (basic)	Yes (basic)	No
Extensible Guardrails	Yes	Limited	No	Yes (content-focused)
Audit Logs for Compliance	Yes	Yes	Limited	Yes (via CloudTrail)
Endpoint Governance	Yes (via Bifrost Edge)	No	No	No
MCP / Agent Governance	Yes	No	No	No

Recommendation

Choosing the right AI governance tool depends on an organization's specific needs, existing infrastructure, and scalability requirements.

For teams already committed to a specific cloud or API management platform, the native solutions from AWS, Cloudflare, or Kong can provide a convenient starting point. However, for organizations seeking a dedicated, best-in-class solution that offers comprehensive control, top-tier performance, and deployment flexibility, Bifrost stands out. Its combination of open-source transparency, deep enterprise features like virtual keys and audit logs, and the unique ability to extend governance to the endpoint with Bifrost Edge makes it a more complete and future-proof platform.

Teams evaluating AI governance tools can request a Bifrost demo or review the open-source repository to learn more.

Sources

Enterprise AI Governance Platforms: A Side-by-Side Comparison

Lukas Brunner — Wed, 24 Jun 2026 18:11:13 +0000

A comparison of the top AI governance platforms for 2026, including runtime enforcement, compliance management, and endpoint visibility. This guide evaluates leading solutions to help teams manage AI risk, from the data center to the desktop, with Bifrost as a top choice for infrastructure-level control.

The rapid adoption of AI has shifted enterprise governance from a theoretical best practice to a required operational discipline. With regulations like the EU AI Act now in effect, organizations need platforms that can enforce policies, monitor for risks like bias and data leakage, and produce audit-ready evidence. AI governance platforms provide this control layer, helping to manage AI systems across their entire lifecycle, from development to production monitoring.

These platforms vary widely in their approach. Some focus on GRC (Governance, Risk, and Compliance) workflows for documentation and risk assessment, while others provide infrastructure-level enforcement at runtime. Bifrost, an open-source AI gateway, represents the infrastructure-first approach, focusing on enforcing policies on every AI request before it reaches a model. This comparison examines the leading enterprise AI governance platforms to clarify where each fits best.

Key Criteria for Evaluating AI Governance Platforms

An effective AI governance platform operationalizes an organization's policies through automated, enforceable controls. Key capabilities to evaluate include:

Policy Enforcement: The ability to translate governance rules into technical controls. This includes access control, budget and rate limits, and guardrails for content safety or data redaction.
AI Asset Inventory & Discovery: A centralized registry of all AI models, applications, and agents in use. This capability must extend to "shadow AI"—the tools employees use without formal approval.
Lifecycle Management: Tracking and documenting AI models from development through deployment, monitoring, and retirement.
Risk and Compliance Management: Tools for assessing AI risks, mapping them to controls, and generating reports for regulatory frameworks like the EU AI Act, NIST AI RMF, and ISO 42001.
Observability and Audit Trails: Immutable logs of all AI activities, including prompts, responses, and governance decisions, to support audits and incident investigations.
Endpoint Governance: The ability to extend visibility and control to AI running on employee devices, such as desktop apps and browser-based tools.

1. Bifrost: Best for Runtime Enforcement and Endpoint Governance

Bifrost is a high-performance, open-source AI gateway that provides governance at the infrastructure layer. It unifies access to over 20 LLM providers through a single API, allowing teams to enforce policies on every request and response in real time. Its primary advantage is combining low-latency performance with a robust, auditable governance model that runs within an organization's own infrastructure.

Best for: Engineering and security teams that need to enforce AI policies at runtime, manage multi-provider model usage, and extend governance to employee devices without compromising performance.

Core Governance Capabilities:

Virtual Keys and Hierarchical Budgets: Bifrost's virtual key governance allows platform teams to set granular permissions, budgets, and rate limits for different teams, projects, or users. This hierarchical control simplifies cost management and resource allocation.
Multi-Provider Guardrail Integration: It integrates with native content safety services like AWS Bedrock Guardrails and Azure Content Safety, applying consistent policies even when routing across different clouds.
Immutable Audit Logs: The Bifrost Enterprise edition generates immutable, timestamped audit trails for configuration changes and requests, providing evidence required for SOC 2, HIPAA, and ISO 27001 compliance.
MCP Gateway Governance: For agentic AI, Bifrost acts as a Model Context Protocol (MCP) gateway, enforcing which tools and data sources agents can access on a per-request basis. This is critical for controlling autonomous systems in regulated industries.
Endpoint Governance with Bifrost Edge: A key differentiator is Bifrost Edge, an endpoint agent that routes AI traffic from desktop and browser applications through the central Bifrost gateway. This closes the "shadow AI" visibility gap, ensuring that tools like ChatGPT or Claude Desktop adhere to the same governance and security policies as internally developed applications. It provides a complete inventory of AI apps and MCP servers across the fleet and can be deployed via MDM solutions like Jamf or Intune.

2. IBM watsonx.governance

IBM watsonx.governance is an enterprise-grade solution focused on managing risk and compliance across the full AI lifecycle. It provides tools for both predictive machine learning models and generative AI, with a strong emphasis on producing documentation for regulatory review.

Best for: Large enterprises, particularly those in regulated industries with existing IBM infrastructure, that need to automate compliance documentation and monitor model risk over time.

Core Governance Capabilities:

AI Lifecycle Management: It tracks models from development to retirement, collecting metadata and performance metrics into "AI Factsheets" that serve as a system of record for audits.
Compliance Accelerators: The platform offers pre-built content and workflows aligned with major regulations and standards, including the EU AI Act and NIST AI RMF, to streamline compliance efforts.
Risk and Bias Detection: It includes monitors to detect model drift, fairness issues, and other performance degradations, providing alerts to prompt re-validation.
Agentic AI Governance: Recent updates added specific object types and workflows for monitoring the behavior of AI agents, extending its governance framework to autonomous systems.

3. OneTrust AI Governance

OneTrust extends its established privacy and data governance platform to address AI-specific risks. Its approach is GRC-centric, helping organizations inventory AI systems, conduct risk assessments, and manage compliance from a central dashboard.

Best for: Organizations already using OneTrust for privacy and data governance, and compliance teams who need a unified platform to manage AI inventories and risk assessments.

Core Governance Capabilities:

Unified AI Inventory: The platform helps create a comprehensive catalog of all AI systems, including models, datasets, and vendors.
Automated Risk Assessments: It provides workflows to standardize AI risk identification and tiering based on frameworks like the EU AI Act.
Policy and Notice Management: Teams can centralize AI policies and generate notices and disclosures to meet transparency requirements.
Regulatory Guidance: OneTrust offers built-in intelligence on global AI regulations to help teams stay current with their compliance obligations.

4. Microsoft Purview

Microsoft Purview is a unified data governance and compliance solution that extends to AI, particularly for organizations deeply integrated with the Microsoft ecosystem. It focuses on protecting the data that AI systems access and use.

Best for: Enterprises standardized on Azure and Microsoft 365 that need to govern data access for AI tools like Copilot.

Core Governance Capabilities:

Data Security for AI: Purview applies sensitivity labels and data loss prevention (DLP) policies to data used in AI prompts and responses, helping to prevent leaks of sensitive information.
AI Hub: Provides a centralized view of AI usage and risks across the organization's data estate.
Compliance Management: It helps organizations meet regulatory requirements by providing tools to manage data risks associated with AI.
Insider Risk Management: The platform can help identify risky behaviors related to AI usage, such as attempts to exfiltrate sensitive data through chatbots.

How the Platforms Compare

Feature	Bifrost	IBM watsonx.governance	OneTrust AI Governance	Microsoft Purview
Primary Focus	Runtime Enforcement & Infrastructure	Lifecycle & Compliance Documentation	GRC & Risk Assessment	Data-Centric Governance
Deployment	Self-hosted (OSS), In-VPC	SaaS, On-premises	SaaS	SaaS (Azure)
Endpoint Governance	Yes (via Bifrost Edge)	No	Limited	Limited
Policy Enforcement	Real-time, at gateway	Post-hoc monitoring, workflow-based	Workflow-based	Data-level policies
Audit Trail	Immutable, request-level logs	AI Factsheets, model lifecycle	Assessment records	Data access logs
Open Source	Yes	No	No	No

Recommendation

Choosing an AI governance platform depends on an organization's primary challenge. For compliance teams needing to document and assess risk, GRC-focused platforms like OneTrust and IBM watsonx.governance provide strong frameworks. For companies embedded in the Microsoft ecosystem, Microsoft Purview offers essential data-centric controls.

However, for teams that need to enforce policies in real-time and ensure that governance covers all AI usage—including on employee endpoints—an infrastructure-level solution is required. Bifrost stands out as the best choice for this purpose. Its combination of a high-performance, open-source AI gateway and the endpoint visibility provided by Bifrost Edge creates a comprehensive control plane that turns policy into auditable, low-latency enforcement. Teams evaluating AI governance platforms can request a Bifrost demo or review its open-source repository to assess its capabilities directly.

Sources

Detecting Silent Model Failure: Drift Monitoring That Actually Works

Lukas Brunner — Thu, 21 May 2026 06:52:38 +0000

TL;DR: Most drift monitoring setups alert on the wrong thing. Feature distribution drift is cheap to compute and almost always misleading. Prediction drift plus a delayed ground-truth feedback loop catches the failures that actually cost money. Here is the setup I use at Yokoy.

A model that returns HTTP 200 with a plausible-looking float is the worst kind of broken. No exception, no pager, no Slack message. The metric only moves three weeks later when finance reviews the numbers.

I have spent the last two years rebuilding the monitoring story for our expense classification models. What follows is what I kept after throwing out the rest.

The mistake I keep seeing

Teams instrument input feature drift first because it is the easiest thing to compute. Pull yesterday's feature values, pull today's, run a KS test on each column, alert when p < 0.05.

This generates noise. A lot of noise.

Features drift constantly for reasons that have nothing to do with model quality. A new customer onboards, the merchant category distribution shifts, you get a Slack ping at 03:00 for something that does not matter. After two weeks of this, on-call mutes the channel. After four weeks, the channel is deleted.

The problem is not the test. The problem is that input drift is a weak proxy for what you actually care about: did model performance degrade.

What to monitor instead

Three signals, ranked by cost and value.

Signal	Compute cost	Latency to detect	False positive rate
Input feature drift	Low	Hours	High
Prediction distribution drift	Low	Hours	Medium
Performance vs delayed labels	Medium	Days to weeks	Low

Prediction drift is the underrated one. If your model started returning a different distribution of outputs without you shipping new weights, something upstream broke. Could be feature pipeline. Could be a provider returning malformed embeddings. Could be a real population shift. All of these are worth investigating.

The detection logic is short:

from scipy.stats import wasserstein_distance
import numpy as np

def prediction_drift_score(reference: np.ndarray, current: np.ndarray) -> float:
    return wasserstein_distance(reference, current)

# reference = predictions from the validation window when the model was promoted
# current = predictions from the last 24h of production traffic
# alert when score exceeds the 99th percentile of bootstrapped baseline scores

Wasserstein over KS for prediction monitoring. KS is hypersensitive to large samples and you will have large samples in production. With 500k predictions per day, KS rejects the null hypothesis for differences nobody cares about.

The feedback loop is non-negotiable

For expense classification, ground truth arrives when a human approves or corrects the prediction. Median latency is four days. P95 is three weeks.

We log every prediction with a join key and write it to a Parquet table partitioned by date. When labels arrive, a nightly Kubeflow pipeline joins them and computes per-segment performance: accuracy per merchant category, per country, per customer tier.

The per-segment view is what surfaces the failures. Aggregate accuracy stays at 94% while accuracy on a specific Swiss VAT category collapses to 71%. The aggregate view would never have caught it.

# Simplified pipeline component spec
- name: compute-segmented-metrics
  inputs:
    predictions_table: gs://yokoy-ml/predictions/dt={{date}}
    labels_table: gs://yokoy-ml/labels/dt={{date}}
  outputs:
    metrics_table: gs://yokoy-ml/metrics/dt={{date}}
  segments:
    - merchant_category
    - country
    - customer_tier
  resource_request:
    cpu: 4
    memory: 16Gi

The cost: roughly 12 minutes of compute per day on our volume. The value: every regression we caught in the last 18 months was caught here, not by drift monitoring.

Where input drift still earns its place

I have not fully abandoned input drift. It is useful as a debugging tool after the fact. When per-segment accuracy drops, the first question is which features moved. Having the historical drift scores already computed means the investigation starts with a query instead of a backfill.

So compute it, store it, do not alert on it.

A note on LLM-based features

We added an LLM-derived feature last year for invoice text classification, routed through a gateway in front of multiple providers (Bifrost handles this for us, though others like LiteLLM or Portkey cover the same ground). The drift profile changed immediately. Provider model updates, even minor ones, shift the feature distribution in ways you cannot see from your side.

Lesson: pin the provider model version explicitly. Treat a provider model change as a feature pipeline change. Re-run the validation set. This sounds obvious until the day a default model alias updates and you find out from the metrics.

Trade-offs and Limitations

Per-segment monitoring has a cardinality problem. With three segments of 50, 30, and 5 values you get 7500 cells. Most are empty or have too few samples for meaningful metrics. We use a minimum sample threshold of 100 per cell per day and accept that long-tail segments take longer to detect issues in.

Delayed labels mean delayed detection. For models where the label takes weeks, you need a complementary fast signal. Prediction drift fills part of that gap but it is a leading indicator, not a measurement.

Wasserstein distance has no native interpretation in production units. You bootstrap a baseline and alert on deviation from it. This works but it is not as crisp as "accuracy dropped 3 points."

Storing every prediction with features for joinability is expensive. We compress aggressively and tier old partitions to cold storage after 90 days. Plan the storage cost before you build it, not after.

Detecting Silent Model Failure: Drift Monitoring That Actually Works

Lukas Brunner — Wed, 20 May 2026 06:55:39 +0000

I have spent the last two years rebuilding the monitoring story for our expense classification models. What follows is what I kept after throwing out the rest.

The mistake I keep seeing

Teams instrument input feature drift first because it is the easiest thing to compute. Pull yesterday's feature values, pull today's, run a KS test on each column, alert when p < 0.05.

This generates noise. A lot of noise.

The problem is not the test. The problem is that input drift is a weak proxy for what you actually care about: did model performance degrade.

What to monitor instead

Three signals, ranked by cost and value.

Signal	Compute cost	Latency to detect	False positive rate
Input feature drift	Low	Hours	High
Prediction distribution drift	Low	Hours	Medium
Performance vs delayed labels	Medium	Days to weeks	Low

The detection logic is short:

from scipy.stats import wasserstein_distance
import numpy as np

def prediction_drift_score(reference: np.ndarray, current: np.ndarray) -> float:
    return wasserstein_distance(reference, current)

# reference = predictions from the validation window when the model was promoted
# current = predictions from the last 24h of production traffic
# alert when score exceeds the 99th percentile of bootstrapped baseline scores

The feedback loop is non-negotiable

For expense classification, ground truth arrives when a human approves or corrects the prediction. Median latency is four days. P95 is three weeks.

The per-segment view is what surfaces the failures. Aggregate accuracy stays at 94% while accuracy on a specific Swiss VAT category collapses to 71%. The aggregate view would never have caught it.

# Simplified pipeline component spec
- name: compute-segmented-metrics
  inputs:
    predictions_table: gs://yokoy-ml/predictions/dt={{date}}
    labels_table: gs://yokoy-ml/labels/dt={{date}}
  outputs:
    metrics_table: gs://yokoy-ml/metrics/dt={{date}}
  segments:
    - merchant_category
    - country
    - customer_tier
  resource_request:
    cpu: 4
    memory: 16Gi

The cost: roughly 12 minutes of compute per day on our volume. The value: every regression we caught in the last 18 months was caught here, not by drift monitoring.

Where input drift still earns its place

So compute it, store it, do not alert on it.

A note on LLM-based features

Trade-offs and Limitations

Wasserstein distance has no native interpretation in production units. You bootstrap a baseline and alert on deviation from it. This works but it is not as crisp as "accuracy dropped 3 points."