Overview
AI agents introduce new visibility and control challenges because they can interact with tools, MCP servers, files, repositories, and external services with limited admin oversight. AI Security for Agents gives you two complementary monitoring capabilities to understand AI agent activity and exposure: Agent Sessions and Local Agents. Together, they help admins investigate runtime behavior, review discovered agents and tools, and assess whether agent activity aligns with organizational security requirements.
Use Agent Sessions to investigate runtime behavior. Use Local Agents to review discovered agents, MCP servers, tools, and endpoint exposure. For a detailed walkthrough of each capability, see Monitoring Agent Sessions and Monitoring Local Agents.
Monitor Runtime Activity with Agent Sessions
Agent Sessions helps you monitor captured runtime activity. It records user prompts, agent responses, tool calls, and policy violations for supported agents. Use Agent Sessions when your question is about behavior: what did this agent do, when did it do it, and did it trigger any violations?
This capability is most valuable in the following example scenarios:
- Investigating a security event - A violation was triggered in an agent session. You need to trace the sequence of prompts, model responses, tool calls, and tool messages to understand what happened, whether data was exposed, and whether the agent's behavior was manipulated
- Verifying policy enforcement - You configured policies to block PII exposure, indirect prompt injection, or sensitive tool calls. Agent Sessions lets you confirm that these policies are enforced in real time and review the interactions that triggered them
- Auditing agent activity over time - You need a record of interactions for a given user or agent for compliance purposes, or you want to understand usage patterns across your environment
Monitor Inventory and Posture with Local Agents
Local Agents helps admins understand which AI agents are present on managed endpoints and what access they may have. It shows the MCP servers and tools that agents connect to, how those tools are classified, and whether they are sanctioned. Use Local Agents to assess endpoint exposure, identify unsanctioned agents or tools, and review whether agent usage aligns with your organization’s security requirements.
This capability is most valuable in the following scenarios:
- Discovering shadow agents - Employees may install AI coding agents or other local agents without IT approval. The Local Agents page shows discovered agents across managed endpoints, including agents running without enterprise licenses or approved configurations
- Auditing MCP server exposure - Agents connect to external and internal systems through MCP servers. The Tools view shows which MCP servers are configured in your environment, how frequently they are used, and which users have them connected
- Enforcing tool sanctioning policies - After you identify the tools and MCP servers in use, you can designate them as sanctioned or unsanctioned. This classification feeds directly into your agent policies, letting you block or alert on agent activity that uses unsanctioned tools
- Investigating a specific agent instance - You need to understand the configuration and activity of a particular agent, including which MCP servers it connects to, which filesystem directories it can access, and what its runtime activity looks like over time
Choose the Right Monitoring Capability
The two capabilities are complementary and often used together during an investigation. A typical workflow might start on the Local Agents page to identify an agent with a suspicious MCP server configuration. You can then pivot to Agent Sessions to review the runtime activity of that specific agent and determine whether any violations occurred. Cross-reference both capabilities to understand agent configuration and runtime behavior.
The table below summarizes when to use each capability:
| Question | Use This Capability |
|---|---|
| What did this agent do during a session? | Agent Sessions |
| Did any agent trigger a violation? | Agent Sessions |
| What agents are installed across my endpoints? | Local Agents |
| Which MCP servers are connected to my agents? | Local Agents |
| Is this tool or MCP server sanctioned? | Local Agents |
| What filesystem paths can this agent access? | Local Agents |
| Was sensitive data exposed through a tool call? | Agent Sessions |
| Which users are running unapproved agents? | Local Agents |