DEV Community

Cover image for How to Allowlist Approved AI Tools and Block the Rest on Work Computers
Lukas Brunner
Lukas Brunner

Posted on

How to Allowlist Approved AI Tools and Block the Rest on Work Computers

How to Allowlist Approved AI Tools and Block the Rest on Work Computers

This guide explains how to manage AI application usage on corporate devices by creating allowlists for approved tools and blocking unapproved ones. It covers the risks of ungoverned "shadow AI" and shows how a combination of an AI gateway like Bifrost and an endpoint agent can provide visibility and enforcement.

The rapid adoption of AI tools in the workplace has created a significant governance challenge for IT and security teams. Employees, seeking to improve productivity, are using generative AI applications for coding, content creation, and data analysis, often without official approval. This phenomenon, known as "shadow AI," introduces substantial risks, including data leakage, compliance violations, and an expanded attack surface. A 2025 report found that corporate data shared with AI tools increased by 485% in just one year. To regain control, organizations need a strategy that goes beyond simply banning AI, focusing instead on enabling safe usage of approved tools while blocking the rest.

This article examines a technical approach to this problem: creating an allowlist of approved AI applications and enforcing it on every work computer. This strategy uses an AI gateway, such as the open-source Bifrost gateway, as a central control plane, combined with an endpoint agent that extends the gateway's governance to each device.

The Problem: Shadow AI Operates Beyond Traditional Controls

Shadow AI refers to the use of AI tools by employees without the knowledge or oversight of their organization's IT and security departments. Unlike traditional shadow IT, where the primary risk was unmanaged software, shadow AI involves systems that can process, store, and even learn from sensitive corporate data. This creates several specific risks:

  • Data Leakage: Employees may inadvertently paste proprietary source code, customer data, or financial information into public AI tools. Once the data leaves the organization's perimeter, there is no audit trail or control over how it is stored or used.
  • Compliance Violations: The use of unvetted AI tools can breach data protection regulations like GDPR, HIPAA, or SOC 2, as it becomes impossible to track where data is processed or stored.
  • Expanded Attack Surface: Unapproved AI tools, particularly those with insecure APIs or plugins, can introduce new vulnerabilities that security teams are unable to see or manage.
  • Lack of Visibility: Most AI tools communicate over encrypted HTTPS traffic, making it difficult for traditional network monitoring to inspect the content of prompts and responses. Security teams can see that an employee visited an AI website but have no visibility into what data was shared.

Simply banning all AI tools is often ineffective, as many employees will continue to use them if they perceive a productivity benefit. A more sustainable approach involves defining an AI Acceptable Use Policy (AUP) that specifies which tools are approved and then implementing technical controls to enforce that policy.

An Enforcement Strategy: AI Gateway + Endpoint Agent

A robust solution for managing AI tool usage requires two components working together: a central policy engine and an enforcement agent on each device.

  1. The AI Gateway as a Control Plane: An AI gateway acts as a centralized point for routing, observing, and governing all AI traffic. It's where administrators configure policies, such as which models are allowed, spending budgets, and security guardrails.
  2. The Endpoint Agent for Enforcement: An endpoint agent runs on each employee's computer (macOS, Windows, or Linux) and ensures that all AI traffic from that device routes through the central gateway. This closes the "last mile" gap, bringing desktop apps, browser-based AI, and coding agents under the same governance.

Bifrost, an open-source AI gateway, and its companion endpoint agent, Bifrost Edge, implement this model. The gateway serves as the central hub for policy, while the Edge agent extends those policies to every machine.

A chaotic scene with dozens of unlabeled, shadowy data streams flowing out of multiple laptops in an office, representin

Step 1: Discover and Inventory All AI Tools in Use

Before creating an allowlist, an organization must first understand what AI tools are currently being used. An endpoint agent can automatically discover AI applications installed on devices and identify AI traffic from browsers and CLIs. Bifrost Edge provides a fleet-wide dashboard that inventories every discovered AI app, showing which tools are in use and by how many people.

This visibility is the first step in moving from a reactive to a proactive governance stance, aligning with the "Map" and "Govern" functions of frameworks like the NIST AI Risk Management Framework.

Step 2: Create and Enforce an Application Allowlist

Once an inventory is established, administrators can review the list of discovered applications and make explicit decisions about which to approve.

In Bifrost, this is managed through an approvals dashboard. An admin can set the status of each application to "Approved" or "Denied."

  • Approved tools continue to function normally, with all traffic automatically routed through the Bifrost gateway for full observability and policy enforcement.
  • Denied tools are blocked at the device level by the Bifrost Edge agent. Any attempt to launch or use a blocked application is stopped before any data leaves the machine.

This creates a clear, enforceable boundary. Employees can innovate with sanctioned tools, and the organization is protected from the risks of unvetted applications.

Step 3: Govern Model Context Protocol (MCP) Servers

Modern AI applications, especially coding agents like Claude Code, increasingly connect to external servers using the Model Context Protocol (MCP) to access tools and data. These MCP servers represent another vector for shadow AI, as users can configure their tools to connect to unapproved servers.

A comprehensive endpoint governance solution must also discover and manage these connections. Bifrost Edge inventories all configured MCP servers across the fleet, allowing administrators to approve or deny them, just like applications. Denying an MCP server prevents any tool on the endpoint from connecting to it, closing a critical governance gap in agentic workflows.

An orderly scene showing the same data streams from the laptops now being neatly funneled through a single, secure digit

Step 4: Deploy and Manage Policies via MDM

For any endpoint solution to be effective, it must be deployed and managed across the entire fleet of corporate devices. Asking users to install and configure an agent manually is not a scalable or reliable strategy.

Endpoint governance agents are designed for silent, fleet-wide deployment using existing Mobile Device Management (MDM) platforms. Bifrost Edge integrates with common MDM solutions like Jamf, Microsoft Intune, Kandji, and Workspace ONE for zero-touch deployment. A managed configuration is pushed to each device, pointing the agent to the company's Bifrost gateway. After a one-time SSO login by the user, the agent runs in the background, keeping policies in sync and enforcing the rules defined by the central gateway.

This combination of a central AI gateway for policy and an MDM-deployed endpoint agent for enforcement provides a scalable way to allow approved AI tools while blocking everything else. It extends existing security controls like guardrails and audit logs to the AI traffic on employee machines, giving organizations the visibility and control needed to manage the risks of shadow AI effectively.

Next Steps for Implementation

For organizations looking to implement an AI tool allowlist, the path involves both policy and technology. Start by drafting an AI Acceptable Use Policy to define the rules, and then evaluate tools that can provide the necessary endpoint visibility and enforcement.

Teams evaluating this approach can request a demo of Bifrost with its Edge capabilities or review the open-source repository to understand its core gateway functionality.

Sources

Top comments (0)