Observe01
Discover and trace every agent
Find known and unknown agents, then follow behavior through instructions, retrieved content, tools, browsers, files, and downstream changes.
Loading page...
AI Detection and Response
Detect agent risk.
Contain it fast.
General Analysis monitors coding agents, internal copilots, MCP servers, enterprise production agents, and shadow AI at the execution layer. See what each agent touched, why it mattered, and which response was taken.
Agent inventory
unknown agents under reviewAI agent surface
Enterprise, local, unknown, and shadow AI activity
Agents, endpoints, identities, tools, data, incidents, and response actions
Known agents
Monitored
Unknown agents
Under review
Tool paths
Mapped
Incidents
Prioritized
AgentLicenseSurfaceActivityRiskResponse
Claude Code
inventory record
Codex
inventory record
Cursor
inventory record
OpenClaw
inventory record
DeepSeek
inventory record
Direct MCP server
inventory record
Built for live agents
The response loop for agentic systems.
Detect02
Score risky intent
Correlate signals across the execution chain to identify exfiltration, privilege abuse, destructive actions, and policy drift.
Respond03
Contain at the right layer
Block a command, require approval, redact sensitive output, pause a connector, or quarantine the session with evidence intact.
Harden04
Feed controls back
Promote confirmed incidents into red-team tests, runtime policies, ownership tasks, and regression suites.
aidr-policy.yaml
# Correlate events before choosing a response. incident: agent-data-exfiltration sources: - agent_inventory - endpoint_activity - prompt - retrieval_context - mcp_tool_result - terminal_command match: sensitive_data: present destination: external agent_intent: unauthorized_transfer respond: - block_tool_call - quarantine_session - open_security_case evidence: full_trace_replay
Endpoint-native control
Coverage where agents actually execute.
AIDR runs from the managed endpoint so it can see local agents, browser copilots, IDE assistants, terminals, MCP servers, and shadow AI even when traffic never passes through a gateway.
Local first, context aware
The endpoint sensor records the action where it happens. The platform enriches that trace with identity, repository, SaaS, data, and MCP context so response decisions are tied to impact.
Local signal
- Browser prompts
- IDE and coding agents
- Terminal commands
- Local file access
Platform context
- Identity and owner
- Repository and SaaS scope
- MCP server and data source
- Secrets and document sensitivity
Response point
- Block tool call
- Pause MCP route
- Stop command
- Open incident with trace
Endpoint sensor
See local agent behavior
Capture prompt entry, browser use, IDE and terminal activity, file reads, MCP calls, package installs, and desktop automation before the action leaves the machine.
Agent inventory
Tie every agent to an owner
Map enterprise licenses, developer tools, self-hosted agents, browser assistants, direct MCP servers, and shadow AI into one inventory.
Tool and data path
Follow sensitive access
Correlate prompts and model traffic with repositories, secrets, local files, documents, SaaS scopes, APIs, and MCP data sources.
Response layer
Stop the risky action
Block an upload, pause an MCP route, stop a command, revoke a scope, require approval, or open an incident while preserving the full trace.
Detection lifecycle
AI incidents you can actually work.
AI Detection and Response gives security teams a clean operating layer for agent behavior. It connects live execution traces with asset context and turns risky behavior into contained, reviewable incidents.
Agent discovery and attribution
Find enterprise-managed and shadow agents, then attach owner, user, identity, platform, data access, tool permissions, and business context.
Full execution graph
Link prompts, responses, retrieved documents, tool calls, file access, commands, memory updates, and external actions to the same incident.
Agent-native detections
Identify direct and indirect prompt injection, tool result poisoning, data exfiltration, credential exposure, unsafe autonomy, and MCP misuse.
Evidence and response
Preserve policy version, affected asset, owner, exact trace, response action, and replay material while triggering containment.
How AI incidents move
Connect
Instrument the agent surface
Integrate with AI gateways, SaaS copilots, coding assistants, MCP servers, browser controls, endpoint telemetry, and identity systems.
Correlate
Add asset and posture context
Merge runtime events with agent inventory, shadow AI findings, tool permissions, repository ownership, knowledge-base sensitivity, and red-team findings.
Classify
Separate normal work from attack paths
Evaluate intent and impact across the session so a single benign-looking event can still be tied to a harmful chain.
Contain
Trigger the appropriate response
Block, redact, pause, revoke, quarantine, route to a human approver, or open a case with the evidence package attached.
Improve
Turn incidents into controls
Convert confirmed cases into detections, regression tests, red-team campaigns, and remediation tasks tied to the affected owner.
Containment
Response actions that fit the incident.
The product should reduce blast radius without turning every AI alert into a shutdown. Each response is tied to severity, asset sensitivity, user role, and the action the agent attempted.
Action01
Block
Stop a tool call, terminal command, external request, or data export before it reaches the next system.
Action02
Scope
Reduce permissions, pause a connector, revoke a token, or require approval for the rest of the session.
Action03
Quarantine
Hold a suspicious agent session while preserving the full trace and business context for review.
Action04
Retest
Replay the incident against future model, prompt, tool, and policy changes so the fix stays in place.
Guides and whitepapers
Field guides for the agent surface.
AIDR depends on knowing where agents live, what they can reach, and how to contain them. These guides cover the highest-priority deployment patterns behind that operating model.
Whitepaper
6 min readHow to Secure Coding Agents
A concise summary of the General Analysis technical whitepaper on securing Claude Code, OpenAI Codex, Cursor, Windsurf, Devin, GitHub Copilot, and Claude Cowork.
Download PDF
Deployment guide
16 min readHow to Secure Claude Cowork
Claude Cowork brings Claude Code-style agentic work to local files, browsers, apps, plugins, and scheduled tasks. Here is how to put a middleman proxy, browser controls, computer-use limits, and enterprise monitoring around it before using it on real work.
Read guide
Detection guide
13 min readHow to Detect Shadow AI
A practical guide to detecting shadow AI across browser extensions, SWG endpoint agents, network telemetry, SaaS logs, endpoint agents, AI gateways, and MCP gateways.
Read guide
PRIMER
16 min readMCP Server Security: A Threat Model for Agent Tool Supply Chains
The Model Context Protocol expanded what AI agents can reach, and expanded the attack surface across at least nine distinct vectors. A primary-source threat model for MCP servers, with concrete controls, real CVEs, and the GA Supabase exploit walked end to end.
Read guide
FRAMEWORK
10 min readClaude Cowork vs Claude Code: Security Differences for Enterprise
Claude Cowork and Claude Code share an agentic architecture but ship very different enterprise controls. A primary-source comparison of sandbox, network, audit-log, MCP, and decision-framework differences for security teams.
Read guide
PLAYBOOK
14 min readHow to Audit Claude with the Compliance API
Anthropic shipped a Compliance API for Claude.ai and the Claude API. It exposes audit events and on-demand chat and file content, and it does not cover Claude Cowork. Here is what the API actually audits, what it misses, and how to assemble a complete audit story across the Compliance API, OpenTelemetry, and an on-device proxy.
Read guide