OpenA2A CLI

Shadow AI Detection

Find every AI agent, MCP server, and AI configuration running across your developer machines. One command. Governance score. Executive report.

The blind spot in your security posture

Developers are installing AI coding assistants, MCP servers, and autonomous agents at a rate that outpaces any visibility tool your security team has. Claude Code, Cursor, GitHub Copilot, Windsurf, custom MCP servers -- each one operates with access to source code, credentials, and internal systems. Most organizations have no inventory of what is running or what it can access.

Traditional shadow IT discovery tools scan for SaaS logins and network endpoints. They were not built to find locally installed AI agents, configuration files that grant tool access, or MCP servers that expose filesystem and database capabilities. The gap between what your developers use and what your security team knows about grows wider every week.

The opena2a detect command closes this gap. It scans developer machines for running AI processes, MCP server configurations, AI tool config files, and embedded credentials -- then produces a governance score, an executive HTML report, and CSV export for your asset management systems.

What detect finds

Three categories of shadow AI artifacts across every developer workstation.

Running AI Agents

Process-level detection of 20+ AI coding tools. Identifies running instances of Claude Code, Cursor, Copilot, Windsurf, Aider, Continue, Cody, and more.

  • Process name and PID detection
  • Working directory identification
  • Version and configuration extraction

MCP Servers

Discovers MCP server configurations and translates raw JSON capabilities into plain-language descriptions of what each server can access.

  • Filesystem, database, and API access
  • Capability enumeration in plain language
  • Server origin and trust assessment

AI Configuration Files

Locates AI tool configuration files, rules files, and settings that define agent behavior, permissions, and credential access.

  • .cursorrules, .claude/, .github/copilot
  • Embedded credentials in config files
  • Permission and access scope analysis

Governance score: 0 to 100

Every scan produces a governance score that quantifies your shadow AI exposure. The score uses recovery framing -- it shows the path forward, not a grade.

Current score45/100

+55 recoverable by completing remediation steps

Remediation flow

1
opena2a detect

Discover all shadow AI

45/100
2
opena2a identity create

Register each agent with a verifiable identity

65/100
3
opena2a harden-soul

Apply governance policies and access controls

85/100
4
opena2a detect --verify

Confirm full governance coverage

100/100

Enterprise reporting

Output formats designed for security teams, compliance audits, and asset management systems.

Executive Report

--report

Generates an HTML dashboard with governance score breakdown, agent inventory table, MCP capability matrix, and prioritized remediation steps. Share with leadership without requiring CLI access.

CSV Export

--export-csv

Exports discovered agents and MCP servers as CSV for import into ServiceNow, CMDB, or any asset management system. Each row includes agent type, version, capabilities, credential access, and governance status.

Trust Registry

--registry

Enriches detection results with community trust data from the OpenA2A Registry. See which MCP servers have verified publishers, known vulnerabilities, or community-reported issues.

Find your shadow AI in 30 seconds

No signup, no agent install, no network access required. Runs locally on each developer machine.

$ npx opena2a-cli detect
Get Started

Get the Shadow AI Detection Guide

A practical guide to discovering and governing AI agents across your organization.

Stay Updated on AI Agent Security

Weekly insights, vulnerability alerts, and best practices

Read the full story: Shadow AI Discovery