Discover, classify, and apply policy to AI agents, MCP servers, extensions, skills, plugins, hooks, CLIs, and whatever comes next.
~/.claude/settings.json
2m
mcp-sqlite-cloud
5m
tabnine.tabnine-vscode not on allowlist
9m
auto-deploy loaded into Claude Code
14m
PreToolUse matches policy
21m
AI tools arrived faster than the security program was designed to cope with. Most teams cannot answer the simplest question about any of it.
Claude, ChatGPT, Cursor, Copilot, Cline, Windsurf, and peers. Each has its own permission model. None of them report to you.
Plugins, skills, hooks, CLIs, IDE extensions. Each loads into an agent and carries its own permissions. Nothing is inventoried.
Wired in from public registries. They run with filesystem, shell, and network access, and are never reviewed.
API keys, database URLs, JWTs, private keys. Sitting in config files any loaded agent or plugin can read.
Rules like Bash(*) or Write(*) hand the machine over to whatever prompt is running.
"What was installed or modified on this machine last Thursday?" is a forensics engagement, not a query.
Every AI tool, extension, skill, plugin, MCP, and secret on every managed endpoint - plus the policy controls to govern them.
Claude, ChatGPT, Cursor, Copilot, Gemini, Cline, and peers - grouped by device and vendor.
Classified as official, community, or unknown - with the capabilities each one grants.
Every AI-related extension across VS Code, Cursor, JetBrains, and peers.
Custom skill packs loaded into agents, with the instructions they carry into every session.
Third-party plugins extending agent behavior - including the ones nobody told you about.
API keys, database URLs, JWTs, private keys - redacted on the endpoint before they leave the machine.
Pre-prompt, post-tool, and event hooks - with the script each one runs and when it fires.
AI-enabled command-line tools, wrappers, and shims that invoke agents outside the IDE.
You don't need another dashboard. You need three specific outcomes.
One screen, updated in real time as employees install, configure, and change things. The spreadsheet nobody can keep current becomes obsolete.
Define rules - no blanket Bash(*), only approved MCPs, no plaintext secrets - and policies evaluate continuously. Violations route to SIEM, Slack, email, and Jira where your team already works.
A 90-day audit trail of every added, removed, or modified MCP, permission, extension, plugin, skill, and hook. "What changed last Thursday?" becomes a single query, not a forensics engagement.
Anomity covers a category your existing stack was not designed for. It complements what you have, it does not replace it.
| Tool class | What it sees | What Anomity covers that it misses |
|---|---|---|
| Network layer Gateway / Firewall / Proxy |
Traffic between agents and LLM providers on the wire. | The local side: MCPs, permissions, extensions, plugins, skills, hooks, and secrets on the employee's machine. Network tools see partial AI threats at the edge; Anomity covers the endpoint. |
| EDR / XDR | Processes, binaries, and syscalls on the endpoint. | MCP server configuration, agent permission grants, plugin and extension inventory. An MCP server is a legitimate process doing exactly what its config allows. |
| DLP | File transfers and content leaving the endpoint. | The permission grants and MCP wiring that enable the transfer in the first place. |
| GRC / manual audit | Point-in-time snapshots captured by hand, quarterly at best. | Live fleet state, continuous enforcement, real-time change detection, a queryable audit trail. |
Book a 30-minute walkthrough