AgentDiscover · open source

Find every AI agent in your stack. Even the ones you can't see.

Shadow AI, ungoverned agents running with no source code, and the credentials they've left exposed. Scan one machine free, in about 60 seconds.

bash
pipx install agentdiscover
agentdiscover scan-all ~/projects
Install free See pricing Sign in →

Formerly agent-discover-scanner on PyPI · now pipx install agentdiscover

A real scan

What 60 seconds turns up

Most teams think they have a handful of agents. The first scan says otherwise.

agentdiscover scan-all — results
Scanned prod-api-07 · 5 detection layers · 1.2s
────────────────────────────────────────────────────
10 CONFIRMED agents code + runtime verified
2 GHOST agents running, no source on disk ⚠
7 exposed credentials plaintext keys in .env
4 shadow AI unmanaged browser / desktop usage
────────────────────────────────────────────────────
top blast radius: bedrock_worker score 8.4/10 CRITICAL
reach: GitHub · Google Drive · Salesforce · S3 · Internal APIs
Enterprise proof point · AWS Bedrock environment
155
Bedrock invocations
detected (L5 audit)
10
agents classified
across 5 layers
0
visible to network
monitoring alone

AWS Bedrock endpoints resolve to generic EC2 IPs after TLS handshake. Network monitoring sees nothing. AgentDiscover's L5 CloudTrail layer sees everything.

The blind spots

Why your existing tools miss GHOST agents

Each gap is structural — not a tuning problem.

CloudTrail alone

Shows API calls but can't correlate them to a specific process or identity on disk. You see 155 invocations; you don't know which agent made them.

Code scanning

Only finds agents with source on disk. GHOST agents run from memory, containers, or compiled binaries — no .py file to scan.

Network monitoring

Enterprise SSE proxies (Zscaler, Netskope, Prisma) hide all AI provider hostnames. TLS terminates upstream — no SNI visible downstream.

Per-machine tools

An analyst wiring ChatGPT Teams into Salesforce through the browser leaves no config file. Only L2 network correlation at the process level catches it.

What it finds

Classified by evidence, not guesswork

Five classification states, each with a defined evidence threshold.

CONFIRMED

Code on disk + runtime activity verified. Both signals present and correlated.

GHOST

Making live LLM calls with zero matching source code on disk. Running entirely outside your codebase.

ZOMBIE

Code present, no recent runtime activity. Dormant agents still holding credentials and permissions.

SHADOW

Sanctioned tools, zero governance. Browser-based AI usage leaving no config file behind.

UNKNOWN

Partial signals only. Needs additional evidence to classify — flagged for review.

How it works

Five detection layers

No single signal finds everything. AgentDiscover correlates five independent layers.

L1 Static analysis Source code, imports, agent framework signatures on disk. Identifies DAI001–DAI007 agent patterns. Framework identity lives here — not in network heuristics.
L2 Network egress Per-process TLS SNI extraction for connections to AI providers. This is where GHOST agents surface — runtime traffic with no matching code footprint. Catches browser-based shadow AI at the process level.
L3 Kubernetes (eBPF) Cilium Tetragon for in-cluster agent traffic. ~3% CPU overhead. Sees what network layers above the pod miss.
L4 Endpoint Claude Desktop, Cursor, Windsurf, and MCP server detection. Captures shadow AI usage that leaves no server-side trace.
L5 Cloud audit CloudTrail Lake for AWS Bedrock and managed model calls. The only reliable signal for Bedrock — its endpoints resolve to generic EC2 IPs, invisible to network monitoring.
CI/CD integration
.github/workflows/agent-scan.yml
- uses: Defend-AI-Tech-Inc/agent-discover-scanner@v2
with:
api-key: ${{ secrets.AGENTDISCOVER_KEY }}
Install & run

All the commands you need

Install
pipx install agentdiscover
Scan a directory
agentdiscover scan-all ~/projects
Scan with platform + API key
agentdiscover scan-all ~/projects --platform --api-key YOUR_KEY
Scan a git repo
agentdiscover git-scan https://github.com/your-org/your-repo
Pricing

Start free. Upgrade when you scan more.

Self-serve. No demo required to get real value.

Community
$0
  • 1 machine
  • Full local scan
  • Latest scan only
  • AIBOM export
  • Developer keys in Settings
Install free
Starter
$199/mo
  • All machines correlated
  • 3 environments
  • 90-day history
  • PDF reports
  • Email alerts
  • Governance dashboard
Start Starter
Growth
$599/mo
  • 5 environments
  • 1-year history
  • Slack + API access
  • NIST AI RMF export
  • Custom branding
Start Growth
Watch
Observe
  • Live agent activity
  • Investigate toxic flows
  • Contain runaway agents
  • Compliance exports
Contact us
Guard
Enforce
  • Real-time policies
  • Block · redact · quarantine
  • Prompt-injection defense
  • Dry-run staging
Contact us

All ~70 existing tenants grandfathered. Value metric: environments — never agent count. Watch and Guard are contact-us; no self-serve billing for those tiers.