us-east-1
·
local (no data egress)
·
sha256:7d…a81c
Preview · mock data

Discovery & Posture

Every AI coding agent, MCP server, hook and device across your org — ranked by remediation priority. · Last scan 38m ago

▸ Today's top callAI-ranked · 14h window before on-call shift
3 devices affected

Break the YOLO execution chain on Sarah + Raj + devtest-3

One policy push claude-perm-ceiling.mobileconfig disables bypass-permissions fleet-wide and collapses 3 findings in one action. Same combo broke Eng-Platform last quarter.

Chain
YOLO
sandbox off
cloud creds
prod-git write
Curated chain · break at (pos 1)
Findings collapsed
3
Deadline
14h
Prefer manual? open the 3 findings individually →

Posture summary

regenerated every scan · 38m ago
AI
Governed × Risk · device posture
what counts as governed?
Ungoverned
Governed
High
Low / med
What changed since Friday 17:00
AI
  • 3 new Criticals over the weekend. Worst: malicious hook on jenna.l — project-level .claude/settings.json piping pastebin to bash.
  • Sarah's YOLO is back. Waiver expired Friday 23:59 — same combo that broke Eng-Platform last quarter.
  • Supply-chain inbox grew: 2 unvetted MCPs added fleet-wide. Neither on catalog.
All findings
7
+3
5
2
Agents
3
Claude · Cursor · Codex
MCP servers
6
+2 new
6
Hooks
6
1 RCE
1
2
Devices
730
487 managed · 243 unmanaged
Dark fleet
228
+3
No scanner

Other active attack paths

3 chains · curated + AI-composed · featured chain is above
Personal-account leak chain
1 device
personal acct
corp repos
no DLP
Curated chain · break at (pos 1)
IMDS-exfil chain
1 device
IMDS reach
cloud creds
data exfil
Curated chain · break at (pos 1)
Hook persistence chain (novel)novel · AI
1 device
malicious hook
sandbox writable
LaunchAgents
AINovel chain · jenna.l's device has a project-level hook + writable filesystem + LaunchAgent-writable — not a pattern we've seen before. AI composed this chain from her active escalators.

Top risk-weighted devices

5 of 730 · open Device 360 for evidence
SLA breach1
MTTR C/H2.1d · 4.2h
Waivers active · ≤7d6 · 3
Waiver anomaly detected — 91% of QA BU has #2 YOLO waived by a single approver on one Friday. Likely a mute.
UserBUSeverityEscalators
sarah.chenEng-Platform3C / 5H
+cloud creds+admin+prod repos
devtest-3QA2C / 1H
+IMDS reach+no sandbox
marcus.wFinance1C / 7H
+BYOD+corp repos+MITM CA
raj.patelEng-AI1C / 2H
+personal acct+admin
jenna.lDevOps1C / 8H
+hook!+MCP!+no-policy