TL;DR: As agentic AI spreads into browsers, IDE plugins, and local desktop assistants, fragmented discovery is leaving visibility gaps that make shadow AI harder to govern, according to Lasso Security. Unified inventory matters, but context, runtime insight, and risk scoring determine whether teams can actually govern what they find.
NHIMG editorial — based on content published by Lasso Security: Consolidate AI Agents Discovery with the Lasso & CrowdStrike Falcon Integration
Questions worth separating out
Q: How should security teams consolidate AI discovery across endpoints and browsers?
A: They should correlate endpoint telemetry, browser activity, and SaaS discovery into one inventory so local assistants, IDE plugins, and web copilots are governed together.
Q: Why does fragmented AI visibility create governance problems?
A: Fragmented visibility creates governance problems because teams cannot reliably determine whether a discovered tool is authorised, risky, or tied to sensitive data.
Q: How do you know if AI discovery is actually working?
A: AI discovery is working when the organisation can produce one authoritative inventory, classify tools consistently, and explain which data and permissions each tool can reach.
Practitioner guidance
- Unify AI discovery across endpoints and SaaS surfaces Create a single inventory that ingests endpoint telemetry, browser signals, and SaaS discovery so local assistants, IDE plugins, and web copilots are visible in one place.
- Classify AI tools by context, not just presence Differentiate generative, agentic, and non-AI tools using permission, data, and runtime context rather than relying on installation events alone.
- Apply one risk model across every discovered AI tool Use the same scoring criteria for browser-based copilots, desktop assistants, and homegrown applications so governance decisions are comparable across the estate.
What's in the full article
Lasso Security's full product post covers the operational detail this post intentionally leaves for the source:
- How the CrowdStrike Falcon telemetry feed is combined with Lasso web and desktop discovery
- The specific inventory workflow for browser copilots, local desktop agents, and IDE plugins
- How Lasso's AI risk scoring is applied to discovered tools across the endpoint estate
- Runtime usage visibility details for monitoring behaviour and policy violations in real time
👉 Read Lasso Security's analysis of unified AI agent discovery with CrowdStrike Falcon →
AI agent discovery across endpoints and browsers: are controls keeping up?
Explore further
AI discovery without endpoint context is not discovery in governance terms. A partial inventory can create the illusion of control while leaving desktop agents, IDE plugins, and browser copilots outside the same review surface. That is a visibility failure, but it is also an identity governance failure because the organisation cannot reliably assign ownership, permissions, or policy to tools it cannot consolidate.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between visibility and discovery in AI governance?
A: Visibility shows activity, while discovery identifies and consolidates the actual AI tools in use. A browser log or endpoint alert may show that something is happening, but discovery connects that signal to a known tool, its context, and its governance status. Teams need both, but only discovery supports inventory-driven control.
👉 Read our full editorial: AI agent discovery still leaves a governance gap on endpoints
AI discovery without endpoint context is not discovery in governance terms. A partial inventory can create the illusion of control while leaving desktop agents, IDE plugins, and browser copilots outside the same review surface. That is a visibility failure, but it is also an identity governance failure because the organisation cannot reliably assign ownership, permissions, or policy to tools it cannot consolidate.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between visibility and discovery in AI governance?
A: Visibility shows activity, while discovery identifies and consolidates the actual AI tools in use. A browser log or endpoint alert may show that something is happening, but discovery connects that signal to a known tool, its context, and its governance status. Teams need both, but only discovery supports inventory-driven control.
👉 Read our full editorial: AI agent discovery still leaves a governance gap on endpoints