How IT Can Enforce an Approved AI Tools List Across Every Machine

This guide examines how to enforce an approved AI tools list on every corporate device to mitigate shadow AI risks, comparing endpoint agents with traditional network-level controls. For comprehensive enforcement, an AI gateway like Bifrost combined with an endpoint agent provides the most effective solution.

The rapid adoption of AI tools presents a significant challenge for IT and security teams. When employees install unapproved AI desktop applications, use personal accounts for web-based AI, or connect local coding agents to external services, they create a phenomenon known as "shadow AI." A 2023 report by Cisco noted that while 80% of IT professionals see generative AI as having a positive impact, it also introduces serious new security risks. This ungoverned usage can lead to data leaks, compliance violations, and increased security vulnerabilities, as sensitive company data is processed by services outside of corporate oversight.

Many organizations attempt to control this by publishing an approved-tools list, but a list is not a technical control. To enforce such a policy across a fleet of devices, teams need a mechanism that can identify, monitor, and block unapproved AI traffic at the source. While network-level tools like firewalls and proxies offer some control, a more robust solution involves endpoint governance that works in tandem with a central control plane. One such solution is combining an AI gateway, like the open-source Bifrost AI gateway from Maxim AI, with an endpoint agent.

The Limits of Network-Level AI Controls

Traditionally, IT teams have relied on network-level tools to enforce application usage policies. These include firewalls, secure web gateways (SWGs), and Cloud Access Security Brokers (CASBs). While effective for blocking access to known domains, these tools have significant limitations when it comes to the dynamic and fragmented nature of AI services.

Common challenges include:

• Encrypted Traffic: Modern applications use TLS encryption, which can make it difficult for network appliances to inspect traffic and identify the specific application or service being used without performing TLS decryption, which can be complex and resource-intensive.
• Desktop Applications: Native desktop clients for services like Claude or ChatGPT may use different endpoints or protocols than their web counterparts, bypassing simple domain-based blocking rules.
• Dynamic Endpoints: AI services often rely on a wide and changing range of API endpoints and content delivery networks (CDNs), making blocklists difficult to maintain.
• Lack of Granularity: Network tools can typically only allow or deny access to an entire service. They cannot enforce context-aware policies, such as allowing access for one department while blocking it for another, or applying specific data loss prevention (DLP) rules to AI-generated content.

These limitations mean that a purely network-based approach often fails to provide the comprehensive visibility and control needed to manage shadow AI effectively.

Endpoint Governance: Visibility and Control at the Source

An endpoint-first approach moves the enforcement point from the network perimeter to the individual device. This model provides a much more effective way to govern the specific applications and services employees use, regardless of their location or network connection.

An endpoint agent can monitor application activity directly on a user's machine, identifying AI tools as they are installed and used. This allows for real-time visibility and policy enforcement. For example, an organization can create a policy that allows the use of approved tools like ChatGPT Enterprise while blocking the consumer version.

This is the approach taken by Bifrost Edge, which acts as an endpoint agent that extends the policies of a central AI gateway to each machine. It transparently routes all detected AI traffic through the organization's Bifrost gateway.

How Endpoint Enforcement Works

When an endpoint agent is deployed across a fleet of devices, it provides IT and security teams with a centralized inventory of all AI tools in use.

1. Discovery and Inventory: The agent scans the device for installed AI applications and monitors for new ones. It also detects connections to web-based AI services and local MCP (Model Context Protocol) servers used by coding agents. This data is aggregated into a central dashboard, giving administrators a complete, fleet-wide view of AI tool usage.
2. Centralized Policy Management: From this central inventory, administrators can create an official allow/deny list. With a solution like Bifrost Edge, an administrator can approve or deny any discovered application or MCP server. This decision is then automatically synced to every device running the agent.
3. On-Device Enforcement: Once a policy is in place, the agent enforces it directly on the endpoint. If a user attempts to launch or connect to a denied application, the agent blocks the connection before any data leaves the machine. For approved applications, the traffic is automatically and transparently routed through the central Bifrost AI gateway.

This model ensures that all AI traffic, even from approved applications, is subject to the organization's security and governance policies, such as those for data access control and auditing.

Combining an AI Gateway with Endpoint Agents

The most comprehensive solution combines the strengths of a central AI gateway with the visibility and control of an endpoint agent. The gateway serves as the policy engine and control plane, while the endpoint agent acts as the enforcement arm.

The Bifrost AI gateway allows teams to configure fine-grained policies for AI usage. These include:

• Virtual Keys: Create unique API keys for different users, teams, or projects, each with its own budget, rate limits, and access rules.
• Guardrails: Apply security policies to prompts and responses, such as detecting and redacting secrets or PII.
• Audit Logs: Maintain an immutable record of all AI interactions for compliance and security reviews.
• Routing and Failover: Intelligently route requests across different models and providers to optimize for cost, performance, and availability.

When Bifrost Edge is deployed, these gateway-level policies are extended to cover all AI activity on the endpoint. An engineer using an approved coding assistant on their laptop is now governed by the same virtual key, budget, and security guardrails as a production application making calls to the gateway from a cloud environment. This unified approach to governance closes the loop between policy and enforcement.

Fleet-Wide Deployment with MDM

For large organizations, manually installing and configuring an endpoint agent on every device is not feasible. Modern endpoint governance solutions are designed for large-scale deployment using Mobile Device Management (MDM) platforms.

Administrators can package the agent and push it to all managed devices using tools like Jamf, Microsoft Intune, or Kandji. The deployment can be configured to be silent, with the agent automatically connecting to the organization's central gateway. This allows IT teams to roll out AI governance across the entire organization with minimal disruption to end-users.

A Practical Path to AI Governance

Enforcing an approved AI tools list is a critical step in managing the risks of shadow AI. While network-level controls can provide a baseline, a combination of a central AI gateway and an endpoint enforcement agent offers a more complete and resilient solution. This approach provides deep visibility into AI usage across the organization, enables centralized policy management, and ensures that all AI traffic is secure and compliant, regardless of its origin.

Teams seeking to implement such controls can evaluate solutions like Bifrost and Bifrost Edge. Further guidance on selecting an AI gateway is available in resources like the LLM Gateway Buyer's Guide. For organizations ready to take the next step, a demo can be requested to see how the platform enforces policies in a real-world environment. Teams evaluating AI gateways can request a Bifrost demo or review the open-source repository.