Shadow AI is everywhere.
Now you can govern it.
Anomity discovers every AI agent and MCP across your fleet,
then governs each tool call before it runs.
Industry research, 2025. Sources: UpGuard, Akto, Astrix, Gartner.
settings.json2mBash(rm -rf) at the hook5mPreToolUse matches policy12m

Every AI tool your team already runs.
Anomity discovers and classifies the agents, MCP servers, and AI extensions across your fleet, including the ones nobody told you about.
Shadow AI is already on every managed endpoint.
AI tools arrived faster than the security program was designed to cope with. Most teams cannot answer the simplest question about any of it.
Claude, ChatGPT, Cursor, Copilot, Cline, Windsurf, and peers. Each has its own permission model. None report to you.
Plugins, skills, hooks, CLIs, IDE extensions. Each loads into an agent and carries its own permissions. Nothing is inventoried.
Wired in from public registries. They run with filesystem, shell, and network access, and are never reviewed.
API keys, database URLs, JWTs, private keys. Sitting in config files any loaded agent or plugin can read.
Rules like Bash(*) or Write(*) hand the machine over to whatever prompt is running.
"What was installed or modified last Thursday?" is a forensics engagement, not a query.
One live governance layer for AI on your fleet.
Every AI tool, extension, skill, plugin, MCP, and secret on every managed endpoint, plus the runtime controls to govern what they're allowed to do.
AI Agents
Claude, ChatGPT, Cursor, Copilot, Gemini, Cline, and peers, grouped by device and vendor.
MCP Servers
Classified as official, community, or unknown, with the capabilities each one grants.
Extensions
Every AI-related extension across VS Code, Cursor, JetBrains, and peers.
Skills
Custom skill packs loaded into agents, with the instructions they carry into every session.
Plugins
Third-party plugins extending agent behavior, including the ones nobody told you about.
Secrets
API keys, database URLs, JWTs, private keys, redacted on the endpoint before they leave the machine.
Hooks
Pre-prompt, post-tool, and event hooks, the point where Anomity enforces policy on tool calls in real time.
CLIs
AI-enabled command-line tools, wrappers, and shims that invoke agents outside the IDE.
Visibility, governance, and proof.
In that order.
You don't need another dashboard. You need three specific outcomes.
A single source of truth for AI on your fleet.
One screen, updated in real time as employees install, configure, and change things. The spreadsheet nobody can keep current becomes obsolete.
Governance, not just visibility.
Define rules (no blanket Bash(*), only approved MCPs, no plaintext secrets), and policies evaluate continuously. On agents that support hooks, Anomity can enforce them at runtime, allowing or denying each tool call before it runs. Decisions route to SIEM, Slack, email, and Jira.
An answer when something goes wrong.
A 90-day audit trail of every added, removed, or modified MCP, permission, extension, plugin, skill, and hook. "What changed last Thursday?" becomes a single query, not a forensics engagement.
Allow the safe. Deny the dangerous. Log it all.
Anomity runs as a hook handler on the agent: on every tool call, MCP tools, shell, files, and network alike, it inspects the invocation, evaluates it against your policy, and returns allow or deny before the tool runs.
Compliant calls run untouched
Safe, in-policy tool calls are approved at the hook and run without interrupting the developer, no prompts, no blocks, no sandboxes.
Violations stopped before they execute
When a call violates policy (an MCP tool from an unapproved server, a write to a protected path), Anomity returns a deny at the hook, before it runs. Only the violating call is stopped.
Every decision on the record
Each tool call that reaches the policy engine is logged with its allow/deny decision, building a queryable 90-day audit trail.
Anomity runs wherever an agent exposes a hook interface. On Claude Code, for example, it handles the PreToolUse event, which fires on every tool call in the agentic loop, and returns an allow or deny decision. The same per-tool-call governance extends across the agents your fleet runs: not a network proxy, not a sandbox, never a blocked workflow.
Lightweight Sensor. Deep discovery.
Real-time enforcement.
Discover & enforce
- Catalog of numerous AI tools that grows with the ecosystem.
- One-pass inventory of every AI artifact type.
- Multi-signal trust classifier, vendor, command, fingerprint.
- Capability inference, filesystem, shell, network, credentials.
- Runtime policy enforcement at the agent hook.
- Real-time change detection on every endpoint.
Trust by design
- SOC 2 Type II attested.
- Secrets stay on the endpoint.
- Strict tenant isolation at the query layer.
- Per-device credentials, bcrypt at rest.
- Metadata only. Not source, not prompts.
- 90-day audit retention, longer on request.
Where Anomity fits alongside what you already run.
Anomity covers a category your existing stack was not designed for. It complements what you have, it does not replace it.
| Tool class | What it sees | What Anomity covers that it misses |
|---|---|---|
| AI runtimeAgent ↔ tool calls | Nothing. No existing control sits where an AI agent invokes a tool. | A policy control point at the agent hook. On agents that expose a hook, Anomity allows, denies, or logs each tool call before it runs. |
| Network layerGateway / Firewall / Proxy | Traffic between agents and LLM providers on the wire. | The local side: MCPs, permissions, extensions, plugins, skills, hooks, and secrets on the machine. Anomity covers the endpoint. |
| EDR / XDR | Processes, binaries, and syscalls on the endpoint. | MCP server configuration, agent permission grants, plugin and extension inventory. An MCP server is a legitimate process doing exactly what its config allows. |
| DLP | File transfers and content leaving the endpoint. | The permission grants and MCP wiring that enable the transfer in the first place. |
| GRC / manual audit | Point-in-time snapshots captured by hand, quarterly at best. | Live fleet state, continuous enforcement, real-time change detection, a queryable audit trail. |
Built for the frameworks that
govern AI agents.
Every Anomity feature maps to a control requirement in ISO/IEC 42001, the EU AI Act, NIST AI RMF, and the OWASP Agentic Top 10 - the evidence already lives in your fleet data.
AI Management System
Annex A requires organizations to maintain a current inventory of AI systems, classify risks, and demonstrate ongoing monitoring. Anomity's continuous fleet scan and trust classifier provide the artifact inventory and risk signals Annex A asks for.
- A.4 - AI system inventory covered by the live fleet catalog.
- A.6 - Risk assessment covered by per-artifact capability inference.
- A.9 - Monitoring covered by real-time change detection.
- A.10 - Audit log covered by the 90-day queryable trail.
High-Risk AI Systems
Articles 9, 12, and 13 require risk management systems, logging of high-risk AI operation, and transparency obligations. Anomity's policy enforcement and audit trail directly produce the records the Act requires organizations to retain.
- Art. 9 - Risk management covered by policy rules and deny controls.
- Art. 12 - Record-keeping covered by per-tool-call audit logging.
- Art. 13 - Transparency covered by fleet-wide visibility dashboard.
- Art. 17 - QMS documentation supported by exportable audit trail.
AI Risk Management Framework
The four core functions - Govern, Map, Measure, Manage - each require an organization to see, classify, evaluate, and control their AI. Anomity's Endpoint Sensor runs with daemon-level depth on every endpoint, mapping directly onto all four functions in a single deployment.
- Govern - policies and enforcement controls at the agent hook.
- Map - continuous discovery of every AI artifact and its capabilities.
- Measure - trust classifier scores and risk signals per artifact.
- Manage - real-time allow/deny/log on every tool call.
Agentic Application Risks
The 2026 OWASP Top 10 for Agentic Applications is the first taxonomy of risks specific to autonomous agents - tool misuse, excessive agency, identity abuse, and rogue or unvetted agents. Anomity's discovery and tool-call enforcement address them at the endpoint.
- Tool misuse covered by allow/deny on every tool call at the hook.
- Excessive agency covered by per-agent permission-grant inventory.
- Rogue & unvetted agents covered by fleet discovery and trust classification.
- Traceability covered by the 90-day queryable audit trail.
Anomity generates the evidence. You own the narrative.
Built with the people who own the blind spot.
What early design partners say once they can finally see the AI layer.
The first scan surfaced three MCP servers wired to production data that nobody had approved. We had been flying blind and did not know it.
Our spreadsheet of AI tools was out of date the day we made it. Anomity turned it into one live screen the whole team actually trusts.
Denying a dangerous tool call at the hook, without sandboxing the developer, is the thing every other control promised and never delivered.
Design-partner feedback, anonymized during early access.
Govern your AI posture in minutes.
Book a 30-minute demo.



