AI agent discovery across endpoints and browsers: are controls keeping up?

TL;DR: As agentic AI spreads into browsers, IDE plugins, and local desktop assistants, fragmented discovery is leaving visibility gaps that make shadow AI harder to govern, according to Lasso Security. Unified inventory matters, but context, runtime insight, and risk scoring determine whether teams can actually govern what they find.

NHIMG editorial — based on content published by Lasso Security: Consolidate AI Agents Discovery with the Lasso & CrowdStrike Falcon Integration

Questions worth separating out

Q: How should security teams consolidate AI discovery across endpoints and browsers?

A: They should correlate endpoint telemetry, browser activity, and SaaS discovery into one inventory so local assistants, IDE plugins, and web copilots are governed together.

Q: Why does fragmented AI visibility create governance problems?

A: Fragmented visibility creates governance problems because teams cannot reliably determine whether a discovered tool is authorised, risky, or tied to sensitive data.

Q: How do you know if AI discovery is actually working?

A: AI discovery is working when the organisation can produce one authoritative inventory, classify tools consistently, and explain which data and permissions each tool can reach.

Practitioner guidance

• Unify AI discovery across endpoints and SaaS surfaces Create a single inventory that ingests endpoint telemetry, browser signals, and SaaS discovery so local assistants, IDE plugins, and web copilots are visible in one place.
• Classify AI tools by context, not just presence Differentiate generative, agentic, and non-AI tools using permission, data, and runtime context rather than relying on installation events alone.
• Apply one risk model across every discovered AI tool Use the same scoring criteria for browser-based copilots, desktop assistants, and homegrown applications so governance decisions are comparable across the estate.

What's in the full article

Lasso Security's full product post covers the operational detail this post intentionally leaves for the source:

• How the CrowdStrike Falcon telemetry feed is combined with Lasso web and desktop discovery
• The specific inventory workflow for browser copilots, local desktop agents, and IDE plugins
• How Lasso's AI risk scoring is applied to discovered tools across the endpoint estate
• Runtime usage visibility details for monitoring behaviour and policy violations in real time

👉 Read Lasso Security's analysis of unified AI agent discovery with CrowdStrike Falcon →

AI agent discovery across endpoints and browsers: are controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →