Inventory

Inventory provides visibility into AI agents and AI-enabled applications used in your organization. Inventory data comes from the endpoint scanner, which detects AI activity across the environment.

Administrators use Inventory to understand their organization’s AI posture by identifying which agents are present, who uses them, and what level of risk they introduce.

Inventory is typically used during initial onboarding or early rollout stages to establish a baseline view of AI usage before enabling enforcement or configuration policies.

Inventory helps administrators:

  • Identify AI agents running in the environment

  • Understand ownership and usage patterns

  • Detect unmanaged (Shadow AI) usage

  • Review high-level security indicators associated with agents

Note - During rollout, some Inventory data may appear in different views, depending on your environment configuration.

Inventory Discovery Scope

Inventory does not enforce security controls or take automated actions.

It provides the information administrators use to make governance and policy decisions elsewhere in Workforce AI Security.

Agents

Agents are AI‑driven components that perform actions, access tools, or automate workflows within AI platforms.

The Agents view provides visibility into:

  • Discovered agents in the organization

  • Ownership and usage information

  • Capabilities and external connections

  • Risk indicators associated with agent behavior

Administrators use the Agents view to understand how AI agents operate and to review their impact on security and governance.

Agent List

The Agent List displays all AI agents discovered in the organization.

For each agent, the list provides summary information, such as:

  • Agent name and type

  • Vendor

  • Assigned owner

  • Activity status

  • Overall risk indication

Administrators use the Agent List to:

  • Review discovered agents at a glance

  • Filter and sort agents by attributes such as risk, owner, or activity

  • Select an agent to view detailed information and assessments

The Agent List serves as the primary entry point for investigating individual agents.

Agent Ownership

Agent Ownership identifies the organizational user associated with an agent.

Ownership information helps administrators:

  • Understand who is responsible for the agent

  • Identify the correct point of contact when reviewing risks

  • Support follow‑up and governance workflows

Workforce AI Security derives ownership from device and user synchronization for endpoint-based agents, and from configured integrations for SaaS-based agents.

An agent can be associated with a specific user or marked as unassigned when ownership cannot be determined.

Ownership information is informational and does not grant permissions or privileges.

Agent Activity

Agent Activity indicates how recently and how frequently an agent has been used. Workforce AI Security can also identify agents that were present on a device or used in the past, even before the endpoint scanner reaches the device.

Activity information helps administrators:

  • Distinguish between active and inactive agents

  • Assess whether identified risks are current or historical

  • Prioritize review of agents that are actively used

Activity data is presented as contextual information and is used to support risk assessment and prioritization.

Agent Details

The Agent Details page provides a detailed view of a specific AI agent. Administrators use this page to understand the agent’s identity, usage, associated risks, and operational context.

Overview

The Overview section provides identification and classification information for the agent.

It includes:

  • Agent class

  • Vendor

  • Assigned owner

This information helps administrators understand what the agent is and who is responsible for it within the organization.

Activities

The Activities section shows how some selected agents are used over time.

Activity information helps administrators:

  • Identify some of actively used agents

  • Distinguish between regularly used, infrequently used, and unused agents

  • Understand usage patterns when reviewing risks or security indicators

Activity data provides context for evaluating the relevance and impact of associated risks.

Security Assessment

The Security Assessment section presents risk indicators identified for the agent.

It highlights:

  • Detected risks associated with the agent

  • Risk severity levels

  • Factors that contribute to the agent being flagged

Security Assessment information provides context for explaining why the agent appears in the Risks view and supports risk review and prioritization.

Workforce AI Security provides risk indicators for visibility and assessment purposes and does not automatically enforce controls.

Note - Agent Details show agent‑specific risk indicators, while the Risks view aggregates and prioritizes risks across all agents.

Shadow AI

Workforce AI Security identifies an agent as Shadow AI when it is accessed using personal or non‑enterprise credentials instead of the organization’s enterprise identity.

Shadow AI usage limits centralized visibility and governance because the agent is not fully associated with managed organizational identities.

Administrators use the Shadow AI indicator to:

  • Identify unmanaged AI usage

  • Understand where enterprise identity controls are not applied

  • Prioritize agents for review and remediation

Toolsets

Toolsets describe external tools and services that an AI agent can access as part of its operation. They provide visibility into the agent’s integrations and external dependencies.

Toolsets help administrators:

  • Understand which external systems an agent interacts with

  • Identify dependencies that may affect security or supply‑chain exposure

  • Provide context when reviewing associated risks

Toolsets are presented as visibility information. They do not represent enforcement rules or configuration settings.

Skillsets

Skillsets describe the types of actions an AI agent is allowed to perform. They represent the agent’s operational capabilities, such as executing commands, accessing data, or interacting with other services.

Skillsets help administrators:

  • Understand the scope of actions available to an agent

  • Assess how agent capabilities relate to observed risks

  • Compare operational reach across different agents

Skillsets provide descriptive information about agent behavior.

They are used for assessment and analysis, not for defining or modifying permissions.

Risk Analysis with Agent Details

The Agent Details page brings together identity, usage, risk indicators, and operational context.

Administrators review this information to:

  • Trace risks back to specific agents

  • Understand why risks are identified

  • Decide how to prioritize follow‑up actions

Supply Chain Visibility

Toolsets and skillsets together provide supply‑chain and operational visibility for AI agents.

This combined view helps administrators understand:

  • External dependencies

  • Operational reach

  • How integrations and capabilities contribute to identified risks

Supply‑chain visibility supports risk assessment and prioritization without implying automated enforcement or blocking actions.

Risk Visibility in Inventory

The Risks view provides a consolidated and structured view of security risks identified across AI agents and related components in your organization.

Administrators use this view to assess exposure, understand risk distribution, and prioritize review and response activities.

Risk Overview Widgets

The Risks view includes summary widgets that present a high‑level snapshot of the current risk posture:

  • Risk Severity Distribution

    Displays the number and percentage of risks by severity level (Low, Medium, High, Critical).

  • Shadow AI

    Shows the number of agents identified as Shadow AI and their proportion relative to all discovered agents.

  • Security Score

    Provides an aggregated score that reflects the relative risk level of discovered agents, based on identified risk indicators.

  • Risky Agents

    Shows the number of agents associated with High and Medium risks and the total number of related activities.

These widgets help administrators quickly identify areas that require further attention. The widgets summarize overall exposure, while the Risk Types table below shows what drives that exposure.

Risk Types Table

The Risk Types table provides a detailed breakdown of identified risks.

For each risk type, the table shows:

  • Name – The risk identifier

  • Severity – Risk severity level

  • Count – Number of instances detected

  • Risk Category – Logical classification (for example, Governance, Supply Chain, Agency, Privacy, Identity, Hygiene)

  • External Framework – Mapping to relevant external risk frameworks, when available

  • Description – Expandable description explaining the risk

Administrators can expand individual entries to review additional context and details.

Shadow AI Risk Type

Shadow AI appears in the Risks view as a governance‑related risk. It highlights agents that operate outside enterprise identity controls and therefore reduce centralized oversight.

In the Risks view, Shadow AI contributes to:

  • Risk severity distribution

  • Risk counts

  • Security score calculations

  • External framework mappings

Administrators review Shadow AI risks to assess impact and determine appropriate governance actions.

Scope and Purpose of Risk Information

Risk information in Inventory is designed to support visibility, assessment, and prioritization.

Key characteristics:

  • Risks are derived from observed agent behavior, configuration, and relationships.

  • Severity levels and scores help administrators compare and prioritize risks.

  • External framework mappings provide context and alignment with established risk models.

Risk visibility in Inventory:

  • Does not automatically enforce controls

  • Does not block agent activity by default

  • Complements, but does not replace, policy configuration and enforcement features available elsewhere in Workforce AI Security

Administrators use risk information as an input for governance and decision‑making, not as an automated response mechanism.

Relationship Between Risks and Agents

Each identified risk is associated with one or more agents.

From the Risks view, administrators can pivot to related agents to review:

  • Ownership

  • Activity

  • Toolsets and skillsets

  • Additional security assessment details

This relationship helps trace risks back to specific agents and usage patterns.