Skip to main content
  1. Tags/

Security-Ops

Seeing the AI Layer: Detecting Agents, MCP Servers, and IDE Plugins on Every Endpoint with osquery

Your EDR knows about processes and network connections. Your MDM knows about installed apps. Neither one knows that someone on your team is running an npx-fetched MCP server that has shell-exec capability and a plaintext secret baked into its config. agentic-detector is a cross-platform osquery extension that fixes that. One table — ai_tools — gives you the full AI software inventory per host: MCP servers, agent CLIs, IDE plugins, desktop apps, live network sockets, and the agent instruction files that tell AI what it’s allowed to do. Deployable through Fleet in minutes.

Endpoint Risk and Threat Hunting, in Plain English: A Fleet MCP Manifesto

Endpoint risk and threat hunting with Fleet just got a lot easier with the MCP. fleet-mcp is a Model Context Protocol server that turns Fleet’s API into a typed tool catalog any AI agent can call. This is the manifesto — why it exists, what it does, what it deliberately won’t do, and what it gives you that a REST API never could.