Now in early access, book a 30-minute demo →
Agentic Endpoint Security

Shadow AI is everywhere.
Now you can govern it.

Anomity discovers every AI agent and MCP across your fleet,
then governs each tool call before it runs.

Get a demo See how it works
Anthropic Cyber VerificationAnthropic · Member Claude Partner NetworkClaude · Member
88%Security leaders use shadow AI
82%Enterprises now run AI agents
53%MCP servers hold static secrets
21%Can actually see their agents
69%Suspect banned GenAI use
12%Call AI governance mature
8.5%MCP servers use OAuth

Industry research, 2025. Sources: UpGuard, Akto, Astrix, Gartner.

InventoryPoliciesAuditLIVE
47
Agents
124
MCPs
318
Extensions
146
Skills
29
Secrets
11
Findings
!dev-macbook-14 plaintext secret in settings.json2m
ops-laptop-22 denied Bash(rm -rf) at the hook5m
data-mac-03 hook PreToolUse matches policy12m
Claude
Claude
ChatGPT
ChatGPT
Copilot
Copilot
Gemini
Gemini
Perplexity
Perplexity
Ollama
Ollama
Hugging Face
Hugging Face
GitHub
GitHub
GitLab
GitLab
JetBrains
JetBrains
VS Code
VS Code
Cursor
Cursor
Coverage

Every AI tool your team already runs.

Anomity discovers and classifies the agents, MCP servers, and AI extensions across your fleet, including the ones nobody told you about.

01
§ 01 / The blind spot

Shadow AI is already on every managed endpoint.

AI tools arrived faster than the security program was designed to cope with. Most teams cannot answer the simplest question about any of it.

Ungoverned AI agents

Claude, ChatGPT, Cursor, Copilot, Cline, Windsurf, and peers. Each has its own permission model. None report to you.

The surface on every agent

Plugins, skills, hooks, CLIs, IDE extensions. Each loads into an agent and carries its own permissions. Nothing is inventoried.

Unknown MCP servers

Wired in from public registries. They run with filesystem, shell, and network access, and are never reviewed.

Secrets in plaintext

API keys, database URLs, JWTs, private keys. Sitting in config files any loaded agent or plugin can read.

Blanket permission grants

Rules like Bash(*) or Write(*) hand the machine over to whatever prompt is running.

No change history

"What was installed or modified last Thursday?" is a forensics engagement, not a query.

02
§ 02 / What Anomity surfaces

One live governance layer for AI on your fleet.

Every AI tool, extension, skill, plugin, MCP, and secret on every managed endpoint, plus the runtime controls to govern what they're allowed to do.

AI Agents

Claude, ChatGPT, Cursor, Copilot, Gemini, Cline, and peers, grouped by device and vendor.

MCP Servers

Classified as official, community, or unknown, with the capabilities each one grants.

Extensions

Every AI-related extension across VS Code, Cursor, JetBrains, and peers.

Skills

Custom skill packs loaded into agents, with the instructions they carry into every session.

Plugins

Third-party plugins extending agent behavior, including the ones nobody told you about.

Secrets

API keys, database URLs, JWTs, private keys, redacted on the endpoint before they leave the machine.

Hooks

Pre-prompt, post-tool, and event hooks, the point where Anomity enforces policy on tool calls in real time.

CLIs

AI-enabled command-line tools, wrappers, and shims that invoke agents outside the IDE.

Coverage expands as the ecosystem does. New AI artifact types are added as they emerge, the product grows with the threat surface.
03
§ 03 / What it does for you

Visibility, governance, and proof.
In that order.

You don't need another dashboard. You need three specific outcomes.

01

A single source of truth for AI on your fleet.

One screen, updated in real time as employees install, configure, and change things. The spreadsheet nobody can keep current becomes obsolete.

02

Governance, not just visibility.

Define rules (no blanket Bash(*), only approved MCPs, no plaintext secrets), and policies evaluate continuously. On agents that support hooks, Anomity can enforce them at runtime, allowing or denying each tool call before it runs. Decisions route to SIEM, Slack, email, and Jira.

03

An answer when something goes wrong.

A 90-day audit trail of every added, removed, or modified MCP, permission, extension, plugin, skill, and hook. "What changed last Thursday?" becomes a single query, not a forensics engagement.

04
§ 04 / Runtime agent governance

Allow the safe. Deny the dangerous. Log it all.

Anomity runs as a hook handler on the agent: on every tool call, MCP tools, shell, files, and network alike, it inspects the invocation, evaluates it against your policy, and returns allow or deny before the tool runs.

Allow

Compliant calls run untouched

Safe, in-policy tool calls are approved at the hook and run without interrupting the developer, no prompts, no blocks, no sandboxes.

Deny

Violations stopped before they execute

When a call violates policy (an MCP tool from an unapproved server, a write to a protected path), Anomity returns a deny at the hook, before it runs. Only the violating call is stopped.

Log

Every decision on the record

Each tool call that reaches the policy engine is logged with its allow/deny decision, building a queryable 90-day audit trail.

Anomity runs wherever an agent exposes a hook interface. On Claude Code, for example, it handles the PreToolUse event, which fires on every tool call in the agentic loop, and returns an allow or deny decision. The same per-tool-call governance extends across the agents your fleet runs: not a network proxy, not a sandbox, never a blocked workflow.

05
§ 05 / Discovery & enforcement engine

Lightweight daemon. Deep discovery.
Real-time enforcement.

Discover & enforce

  • Catalog of numerous AI tools that grows with the ecosystem.
  • One-pass inventory of every AI artifact type.
  • Multi-signal trust classifier, vendor, command, fingerprint.
  • Capability inference, filesystem, shell, network, credentials.
  • Runtime policy enforcement at the agent hook.
  • Real-time change detection on every endpoint.

Trust by design

  • SOC 2 Type II attested.
  • Secrets stay on the endpoint.
  • Strict tenant isolation at the query layer.
  • Per-device credentials, bcrypt at rest.
  • Metadata only. Not source, not prompts.
  • 90-day audit retention, longer on request.
How Anomity is deployed An endpoint running the lightweight Anomity daemon discovers every AI artifact and sends metadata over HTTPS to Anomity Cloud, which classifies, evaluates, and stores it, then surfaces it to the security team. Endpoint Windows · macOS · Linux Anomity Daemon discovers every AI artifact HTTPS Anomity Cloud classify · evaluate · store Security Team
EndpointWindows · macOS · Linux
Anomity Daemondiscovers every AI artifact
↓ HTTPS
Anomity Cloudclassify · evaluate · store
Security Teamfull visibility & control
06
§ 06 / Why now

Where Anomity fits alongside what you already run.

Anomity covers a category your existing stack was not designed for. It complements what you have, it does not replace it.

Tool classWhat it seesWhat Anomity covers that it misses
AI runtimeAgent ↔ tool callsNothing. No existing control sits where an AI agent invokes a tool.A policy control point at the agent hook. On agents that expose a hook, Anomity allows, denies, or logs each tool call before it runs.
Network layerGateway / Firewall / ProxyTraffic between agents and LLM providers on the wire.The local side: MCPs, permissions, extensions, plugins, skills, hooks, and secrets on the machine. Anomity covers the endpoint.
EDR / XDRProcesses, binaries, and syscalls on the endpoint.MCP server configuration, agent permission grants, plugin and extension inventory. An MCP server is a legitimate process doing exactly what its config allows.
DLPFile transfers and content leaving the endpoint.The permission grants and MCP wiring that enable the transfer in the first place.
GRC / manual auditPoint-in-time snapshots captured by hand, quarterly at best.Live fleet state, continuous enforcement, real-time change detection, a queryable audit trail.
07
§ 07 / Compliance & standards

Built for the frameworks that
govern AI agents.

Every Anomity feature maps to a control requirement in ISO/IEC 42001, the EU AI Act, NIST AI RMF, and the OWASP Agentic Top 10 - the evidence already lives in your fleet data.

ISO/IEC 42001

AI Management System

Annex A requires organizations to maintain a current inventory of AI systems, classify risks, and demonstrate ongoing monitoring. Anomity's continuous fleet scan and trust classifier provide the artifact inventory and risk signals Annex A asks for.

  • A.4 - AI system inventory covered by the live fleet catalog.
  • A.6 - Risk assessment covered by per-artifact capability inference.
  • A.9 - Monitoring covered by real-time change detection.
  • A.10 - Audit log covered by the 90-day queryable trail.
EU AI Act

High-Risk AI Systems

Articles 9, 12, and 13 require risk management systems, logging of high-risk AI operation, and transparency obligations. Anomity's policy enforcement and audit trail directly produce the records the Act requires organizations to retain.

  • Art. 9 - Risk management covered by policy rules and deny controls.
  • Art. 12 - Record-keeping covered by per-tool-call audit logging.
  • Art. 13 - Transparency covered by fleet-wide visibility dashboard.
  • Art. 17 - QMS documentation supported by exportable audit trail.
NIST AI RMF

AI Risk Management Framework

The four core functions - Govern, Map, Measure, Manage - each require an organization to see, classify, evaluate, and control their AI. Anomity's daemon-based architecture maps directly onto all four functions in a single deployment.

  • Govern - policies and enforcement controls at the agent hook.
  • Map - continuous discovery of every AI artifact and its capabilities.
  • Measure - trust classifier scores and risk signals per artifact.
  • Manage - real-time allow/deny/log on every tool call.
OWASP Agentic Top 10

Agentic Application Risks

The 2026 OWASP Top 10 for Agentic Applications is the first taxonomy of risks specific to autonomous agents - tool misuse, excessive agency, identity abuse, and rogue or unvetted agents. Anomity's discovery and tool-call enforcement address them at the endpoint.

  • Tool misuse covered by allow/deny on every tool call at the hook.
  • Excessive agency covered by per-agent permission-grant inventory.
  • Rogue & unvetted agents covered by fleet discovery and trust classification.
  • Traceability covered by the 90-day queryable audit trail.

Anomity generates the evidence. You own the narrative.

Voices from security teams

Built with the people who own the blind spot.

What early design partners say once they can finally see the AI layer.

The first scan surfaced three MCP servers wired to production data that nobody had approved. We had been flying blind and did not know it.
VSVP SecuritySeries B fintech
Our spreadsheet of AI tools was out of date the day we made it. Anomity turned it into one live screen the whole team actually trusts.
SESecurity EngineerHealthcare SaaS
Denying a dangerous tool call at the hook, without sandboxing the developer, is the thing every other control promised and never delivered.
CICISOEnterprise platform

Design-partner feedback, anonymized during early access.

§ 08 / Next step

Govern your AI posture in minutes.

Book a 30-minute demo.

Ask AI about Anomity
ChatGPT Claude Perplexity Google Grok