AI Agent Security

Agent Discovery

Discovery connects to the platforms where agents run and builds an inventory. Anyone in an organization can now build an agent in minutes, so the inventory usually surfaces agents that security teams were not aware of, including their tools, connected MCP servers, and owners.

Supported platforms

Discovery is available today for:

  1. Amazon Bedrock
  2. Amazon Bedrock AgentCore
  3. Google Cloud
  4. Microsoft Copilot Studio
  5. Salesforce Agentforce
  6. n8n
  7. Relevance AI

Most platforms are discovered continuously; some run on scheduled scans (daily or weekly). See Connecting agent platforms for the connection method and setup for each platform.

One inventory across AI Agent Security and Workforce AI

The agent inventory is shared between AI Agent Security and Workforce AI Security. What it shows depends on which integrations you use: platform and cloud integrations populate it through AI Agent Security, and agents discovered on employee devices appear through Workforce AI Security. The risk assessment works the same way across both; on-device agents naturally carry different risks, and the assessment takes that into account.

What discovery captures

For each discovered agent, the inventory records the configuration the platform exposes:

  1. The agent itself: name, owner, model in use, and recent usage and activity.
  2. Tools and toolsets the agent can call, with what they can read and write where the platform exposes it.
  3. Connected MCP servers and the tools they provide.
  4. Platform-specific detail, such as action groups and knowledge bases on Amazon Bedrock, or connectors, publication channels, and authentication configuration on Microsoft Copilot Studio.

Discovery depth varies by platform

Discovery depth depends on what each platform’s APIs expose. Where a platform surfaces less detail, that is a property of the platform rather than of the assessment. We are working to expand our discovery coverage and with partners to deepen our integrations for richer risk assessment.

The agent detail view shows what was captured for each agent. Where data is missing for a platform, the risk assessment runs on the fields that are available and shows clearly what could not be assessed.

Using the inventory

  1. Run discovery on the connected platforms and allow it to complete. Most platforms discover continuously; for platforms that use scheduled scans, the first results appear after the first scan.
  2. Open each agent and confirm the detail you expect: owner, tools, connected MCP servers, model, and last activity.
  3. Compare the inventory against what you believe you have on each platform. Unexpected agents are often the most valuable output of this step: they indicate ownership gaps rather than tooling errors.
  4. Use the Toolsets & MCPs view to see the MCP servers connected across your agents, including any external or remote servers.

Once the inventory is populated, the agent risk assessment runs on each discovered agent.