Deployment

Workforce AI Security relies on several endpoint components to monitor AI activity and enforce organizational usage policies. These components must be installed on every device to ensure full visibility across browser-based interactions, desktop applications, and agentic processes. Together, they form a unified monitoring layer that allows your organization to securely manage how users interact with AI tools.

Administrators distribute the package using existing endpoint management tools. The installation process may differ across environments, but all users receive the same components for their operating system. After deployment, the agents automatically apply organizational settings, communicate with the management engine, and enforce policies without requiring local configuration.

Downloads

The Downloads page allows you to download a package required for your operating system: Windows or Mac. Run the downloaded packages in the command prompt to install the client. This is part of the application onboarding process.

To download the installation package:

In the left menu, select Workforce > Deployment > Downloads.
Select one of these packages based on your operating system and requirements:
- Windows EXE, compatible with Chrome, Firefox, Edge, Brave, Comet, and Surf
- Mac (macOS), compatible with Chrome, Firefox, Edge, and Brave
Click Download. The package is saved to your device.
Run the package (Check Point AI Security) from the download location to install the AI Security Client.

The installer deploys all required components.

To view the deployment status:

In the left menu, select Workforce > Deployment > Deployment Status.
Review the widgets to understand overall deployment health:
Review the device table for detailed deployment information, including:
- device name
- user name
- operating system and version
- AI Security Client version
- assigned access policy
- assigned DLP (chat) policy
- assigned agents policy
- proxy status
- last connection time
In addition, you can click the hamburger menu ()on the top left of the table and add more columns to the table, including:
- device type
- deployment time
- MCP version
- Proxy version and more

Deployment Status

The Deployment Status page provides a centralized view of all devices where the components have been installed. This includes a device-level table and several visual widgets that summarize deployment health and policy consistency across the organization.

The Policy versions status widget displays how many devices are running the latest version of each enforced policy:

Access policy
Chats policy
Agents policy

Each bar is split into:

Devices running older policy versions
Devices running the latest version

This provides immediate visibility into policy rollout progress and highlights devices that have not updated.

The Device's Last Connection groups devices by their most recent connection time and displays both the number and percentage of devices in each category:

24 hours – 7 days – Devices that connected within the last week.
7 days – 30 days – Devices that have not connected for more than a week.
More than 30 days – Devices that have been inactive for over a month.

This breakdown allows you to assess overall deployment health at a glance and pinpoint devices that may require investigation, remediation, or reinstallation due to prolonged inactivity.

The deployment table provides key deployment details for each device, including user activity and policy status, allowing admins to monitor device engagement and identify inactive endpoints. You can add more deployment details to the table view through the hamburger menu at the top right.

Access policy, chat (DLP) policy, and agent policy display the version of the currently applied policy.

Note - The displayed policy version may differ from the browser version if the user has not logged in to the browser recently; in such cases, an info icon appears to indicate the browser is not up to date with the latest policy version.