AI AGENT TYPES
Every type of AI agent
operating in your organisation.
Eight categories. Five detection surfaces. One complete picture — what each agent is, what it can access, what the exposure is if nobody's managing it, and how Sunbeam finds and controls it.
01 — DETECT
Sunbeam finds every AI agent
across five surfaces simultaneously.
Network fingerprinting matches 154 known AI services against every device on your /24. Workstation scanning reads browser history, shell history, environment variables, VS Code extensions, and installed apps. Egress analysis catches agents calling home to AI APIs. Cloud scanners cover AWS, Azure, and GCP. SaaS authenticated scanning finds agents invisible to the network — Copilot licences, Agentforce, Now Assist, Slack AI.
155 fingerprints · 7 SaaS platforms · Under 10 minutes
02 — CATALOGUE
Every agent gets a workforce record.
Name. Owner. Risk. Surface.
Every finding is risk-scored HIGH / MEDIUM / LOW with blast radius — what data the agent can access if it acts outside its intended boundary. Every finding is mapped to GDPR, EU AI Act, DORA, ISO 27001, SOC 2, and PCI DSS. The PDF report is signed with Ed25519 — tamper-evident chain of custody ready for your auditor.
Agentic Risk Score 0–100 · 9 compliance frameworks · Ed25519 signed
03 — CONTROL
Three choices for every agent.
Remove it. Restrict it. Authorise it.
Removal findings include the OS user who installed the agent and exact removal commands. For agents you want to keep — the CIM Control Plane lets you define a delegation contract: exactly which domains it can reach, which tools it can invoke, what it can spend, and which actions require human approval. The gateway enforces those boundaries on every action in under 10ms. Fail-closed. Always.
Sub-10ms enforcement · Fail-closed gateway · Tamper-evident audit log
See which of these are running
in your environment right now.
Sunbeam finds all eight categories across five surfaces. Under 10 minutes. No deployment required.
macOS 12+. Signed and notarized. Windows coming soon.