Why cloud-native applications need deep command-line observability

Out-of-policy agents

An out-of-policy agent performs an unlogged action that cannot be explained to a regulator. An over-permissioned agent accesses data it was never intended to touch, then removes it before anyone notices. A vendor-embedded agent becomes an access path the organisation never intended to create.

Virtue AI’s Shadow AI closes that gap by providing an endpoint-level discovery and monitoring layer built specifically for AI and AI agents. While traditional EDR and XDR platforms treat agents like generic applications, Shadow AI was built around the AI agent lifecycle from the start: how agents plan, act, call tools and evolve over time.

“Across the enterprise, employees are using unapproved agents for things like coding, data analysis and sales outreach,” explains Wenbo Guo, head of agent security at Virtue AI. “We built Shadow AI to find them. It surfaces the agents running in your environment, traces their actions and shows your team what each agent is doing, so you can confidently scale AI across a business.”

Shadow AI was built to find AI agents within an enterprise. If someone in an environment is using AI or deploying an agent, Shadow AI is built to catch it.

Guo: Give every agent a distinct identity so it does not blend in with generic applications.

It can detect the range of AI activity enterprises actually face, including commercial tools like ChatGPT, Claude and Copilot, self-hosted models, browser extensions, IDE plugins and informal agentic pipelines that generic tools fail to classify as AI. It also captures the full behavioural sequence of every agent: not just individual events, but the order, structure and context of actions across process, network and file activity.

The software maps activity across an entire environment with the Shadow AI Dashboard: which agents are active, on how many devices and exactly which policy triggered a flag.

It can distinguish normal behaviour from something worth escalating – and also trace agent actions to their source. When an agent misbehaves, you need to know what it did, what it touched and how far it got.

For enterprises, the value is straightforward: reduced AI risk, actionable and auditable visibility into AI and agentic systems, rapid investigation capability when an agent behaves unexpectedly and confidence in your AI deployments. 

CEO deep dive

The Computer Weekly Developer Network (CWDN) sat down with Virtue AI’s Wenbo Guo to get a deep dive on what’s happening here.

CWDN: How should developers rethink building AI agents now that Shadow AI exposes previously invisible enterprise deployments and associated security risks?

Guo: The shift is to treat an agent as a governed entity inside the enterprise, not a script you ship and forget. For years, the only question was whether an agent worked. Now it is whether the agent can be seen and trusted while it runs in production. Enterprise agents inherit the same tools, credentials and downstream services the business already runs on, so they inherit that risk too. 

Shadow AI closes the visibility gap that makes this hard to manage. It surfaces the tools an agent can reach, the permissions it holds and the connections it opens, which is exactly what a developer needs to scope access tightly and apply guardrails from the first build rather than after an incident.

CWDN: What practical changes should software developers make when designing agentic applications to ensure enterprise visibility, governance and accountability today?

Guo: Give every agent a distinct identity so it does not blend in with generic applications. Apply least-privilege credentials and watch permission inheritance closely, since access that quietly expands beyond its original scope is a common way agents drift into risk. 

Keep an audit log detailed enough to reconstruct a full decision trajectory, capturing tool calls, API invocations and outbound connections and pair it with role-based access controls. The goal is accountability built into the system, available the moment a security team needs to investigate, rather than a record someone has to assemble after something has already gone wrong.

CWDN: How does Shadow AI distinguish legitimate developer experimentation from genuinely risky shadow AI without discouraging innovation across engineering teams?

Guo: Shadow AI adds contextual classification. It weighs data access scope, action authority, workflow criticality and policy alignment, so an experimental agent on a developer’s laptop reads very differently from one reaching into production data. Why classify on the full sequence rather than on single events? Research from the Virtue AI team (Li et al., “Unsafer in Many Turns,” 2026) shows the riskiest behaviour surfaces only across multi-step execution. 

Attack success rates rise 16% on average and over 27% in the sharpest case, when harmful intent is split into subtasks that each look benign. Classification is not enforcement. Blocking unsafe actions sits elsewhere in Virtue AI’s AgentSuite-Blue platform with ActionGuard, which evaluates each action at runtime. Engineers keep shipping at full speed while security gains the context to tell harmless experiments from genuine threats.

CWDN: What opportunities does this technology create for developers building enterprise AI platforms, security tooling and next-generation autonomous software systems?

Guo: Governable agents become a competitive advantage. As enterprises gain visibility into autonomous systems, they will favour agents built to be discovered and validated, which rewards developers who design with scoped permissions and traceability from the start. For security tooling builders, a discovery layer like Virtue AI’s Shadow AI normalises endpoint and SaaS signals into one pipeline, creating a shared view of agent behaviour that other controls can build on.

The broader move is from reactive incident response toward continuous agent security operations, which is what lets organisations scale autonomous systems with confidence. Agents that can show what they did and prove they stayed within policy will earn real authority inside the enterprise. That opportunity is only growing as agents take on more consequential work.

CWDN: If enterprises cannot see their AI agents, what single message best captures why developers must embrace transparent agent security?

Guo: An agent has to be visible before anyone can trust it with real work. Visibility is what turns an autonomous system from a liability into an asset. When something goes wrong, regulators will not ask how the agent behaved unexpectedly. They will ask why the organisation could not maintain control of it. Agent discovery is how developers answer that question before it is ever asked.