AWS and Cloudanix team co-authored this blog: Real-Time Threat and Anomaly Detection for Workloads on AWS
← Coding Agent Guard

Capability · Coverage

See coverage. Find the gaps.
Prove it to auditors.

The Console shows guard-version distribution and enrollment coverage across the fleet — which agents the guard is actually wired into, on which devices, and exactly where it isn't yet.

Prove coverage to auditors
Book a demo All capabilities →
console · fleet coverage 
FLEET COVERAGE          42 devices · updated 17:38

enrolled        38 / 42   ▇▇▇▇▇▇▇▇▇░  90%
behind version   3        v1.6.0 → v1.7.0
not reporting    1        last seen 6d
unprotected      4

GAPS
  dev-09   cursor      not wired
  dev-21   codex       pending trust
  dev-33   claude-code not wired

wired into N of M agents · per device

The risk

A control you can't prove isn't a control

Deploying a guard isn't the same as covering the fleet. Without coverage data you can't tell a protected developer from an unprotected one — and neither can your auditor.

Silent gaps

A new laptop, a freshly-installed agent, or a developer who skipped the install is an unguarded path — invisible until something goes wrong.

Version drift

When devices run different guard versions, the policy you think is enforced may not be the policy actually running everywhere.

No evidence

“We have an AI policy” isn't enough for SOC 2 or ISO 27001 — auditors want to see the coverage, per device, with the gaps.

Mechanics

How coverage is measured

01

Enrollment detection

On each device the guard determines which coding agents are present and which of them it is actually hooked into — “wired into N of M agents.”

02

Report version & status

Each device reports its guard version and per-agent enrollment status to the Console as part of its heartbeat.

03

Roll up the fleet

The Console aggregates into a fleet view: version distribution, enrolled vs not-reporting vs unprotected devices.

04

Expose the gaps

The devices and agents the guard isn't on are listed explicitly — a worklist, not just a percentage.

Inside the capability

What the fleet view shows

The coverage picture a security team needs to operate the guard and prove it works.

Enrollment coverage

Per developer and device, which agents the guard is wired into — the literal “N of M agents” signal.

Version distribution

Which guard versions are running where, so you can spot lagging devices and confirm a rollout landed.

Reporting status

Enrolled, behind, not-reporting and unprotected devices, each called out distinctly.

Gap worklist

The exact devices and agents still missing the guard — so closing coverage is a concrete task.

Audit evidence

A coverage baseline you can hand an auditor as proof the control is actually deployed, not just bought.

Inventory-correlated

Built on shadow-AI discovery, so coverage is measured against the agents that actually exist on each device.

Outcomes

What you get

  • A clear answer to “what fraction of the fleet is actually guarded?”
  • Per-device, per-agent enrollment — not a vague rollout estimate
  • Version distribution to confirm policy is uniform
  • An explicit gap list to drive coverage to 100%
  • Audit-ready coverage evidence for SOC 2 and ISO 27001
  • A baseline to leave a pilot with on day one

Explore the guard

More capabilities

5-axis inspection View → Shadow-AI discovery View → MCP risk detection View → Prompt-injection scan View → Fleet observability You are here Findings as issues View → Self-updating fleet View →

Ready to see your graph?

Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.

Book a Demo