Capability · Shadow-AI
An inventory of every AI tool
on every dev machine
The guard discovers every AI coding tool, IDE extension, MCP server and language runtime on each device — turning an invisible, fast-growing footprint into a fleet inventory security can act on.
❯ cdxai inventory device : sujay-mbp scanned 17:38 AGENTS claude-code 1.1.9 guard ✓ cursor 0.43.x guard ✓ codex 0.6.0 guard pending trust EXTENSIONS 3 AI editor extensions MCP SERVERS filesystem stdio mounts: / ⚠ github stdio scope: repo RUNTIMES node 20.11 · python 3.12 → shipped to console.cloudanix.com (metadata only)
The risk
Your engineers adopted AI overnight
Developers install agents, extensions and tool-servers in minutes, with no procurement and no security review. Most orgs cannot answer the most basic question: what is even running?
No inventory
Security has no list of which agents, extensions or MCP servers are installed across the team — let alone which versions or how they're configured.
Unknown tool-servers
MCP servers extend an agent's reach to files, shells and APIs. An untracked one is an ungoverned path into your environment.
Unmanaged runtimes
Node, Python and other runtimes the agents lean on drift out of date — a supply-chain and patching blind spot nobody owns.
Mechanics
How discovery works
Enumerate locally
On each device the guard scans for installed coding agents, IDE extensions, MCP server configs and the runtimes they depend on.
Fingerprint
Each item is identified by name, version, install path and configuration — including how every MCP server is launched and what it can reach.
Report to the Console
A categorical inventory is shipped to the Cloudanix Console. Nothing sensitive about the work itself leaves the device — just the AI footprint.
Track drift
As tools are added, upgraded or removed, the inventory updates — so the fleet picture is always current, not a point-in-time survey.
Inside the capability
What gets inventoried
A complete, per-device picture of the agentic surface — the input to every other guard capability.
Coding agents
Claude Code, Cursor, Codex, Windsurf, Kiro and friends — which are installed, at which version, and whether the guard is wired into each.
IDE extensions
AI-powered editor extensions that can read your code and call out to models — surfaced with their identity and version.
MCP servers
Every configured tool-server: how it launches, what it mounts, and the scope it runs with — the seed for MCP risk detection.
Runtimes
Node, Python and other interpreters the agents and MCP servers rely on — so stale or unexpected runtimes are visible.
Per-device view
Everything is attributed to a developer and device, so coverage gaps and outliers stand out at a glance.
Privacy-first
The inventory is categorical metadata about tools — not your source, prompts or data. NF-PRIV-1 holds throughout.
Outcomes
What you get
- A real answer to “which AI tools, extensions and MCP servers are running across the org?”
- Shadow-AI surfaced before it becomes an incident
- The foundation for MCP risk detection and instruction-file scanning
- Audit-ready evidence of your AI footprint for security reviews
- Drift tracking as tools are added, upgraded and removed
- Coverage signal that pairs with fleet observability to find the gaps
Ready to see your graph?
Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.
Book a Demo