Enterprise AIis a blind spot.

AI agents operate across three planes that no single security tool can see. ByteBunker Labs builds observability for the agentic era.

View on GitHub Read the paper

$ spectis-agent scan --discover-tools --orchestrator-url http://localhost:8000 Spectis Endpoint Scanner v0.1.0 [1/5] Scanning AI client MCP configurations... [+] VS Code Insiders (User) — 6 servers [+] Claude Desktop (User) — 5 servers [2/5] Scanning workspace directories... [+] Found 3 project-level configs [3/5] Scanning running processes... [!] PID 53122: node (MCP server) [4/5] Scanning network listeners... [5/5] Discovering MCP server tools... Total findings: 16 High: 7 Medium: 9 Low: 0 HIGH RISK: remote MCP servers with credentials detected

Open Source Core

Vendor Neutral

Zero Latency Impact

SIEM Native

Three-Plane Coverage

The Problem

No security tool sees all three planes of AI agent activity

AI agents operate across external APIs, internal networks, and local endpoints. SASE sees the first. MCP gateways see part of the second. Nobody sees the third. That gap is where shadow agents live.

External API plane

Calls to model providers — OpenAI, Anthropic, Google. Your SASE platform sees opaque HTTPS traffic but can't read prompts, tool calls, or agent decisions.

Network tools sees the connection, not the conversation

Internal network plane

MCP servers talking to databases, Active Directory, Splunk. This traffic is bypassed from SASE inspection to avoid latency. It's completely unmonitored.

Most sensitive AI traffic, zero visibility

Endpoint plane

Process-to-process stdio communication, config files, agent instructions. Entirely local to the workstation. Invisible to every network tool.

Where shadow agents are born and hide

Spectis

See every agent. Know every action. Trust every outcome.

Spectis is a telemetry and correlation layer — not a gateway, not a proxy. It observes without intercepting, correlates across all three planes, and ships intelligence to your existing SIEM.

Endpoint agent

Scans MCP configs across 21 AI clients (VS Code, Cursor, Claude Desktop, Claude Code, Codex CLI, Windsurf, Zed, JetBrains, and more), detects running MCP processes, probes tool inventories, finds shadow servers. Cross-platform: macOS, Windows, Linux.

Agent identity + registry

Every agent gets a registered identity with scoped permissions. Every action is attributed to both the agent and the human who triggered it. Full delegation chain.

Safety LLM

Async behavioral analysis that catches what rules miss: reconnaissance patterns, data exfiltration via read-only access, prompt injection, and privilege creep across sessions.

SIEM-native correlation

Ships structured telemetry to Splunk, Sentinel, and Defender. Correlates endpoint state + agent identity + tool calls + network traffic using shared identity keys.

Developers + AI Clients
  VS Code    Cursor    Claude    Codex CLI    Windsurf    Zed    JetBrains    +14 more
      |          |           |             |            |
      v          v           v             v            v
+-------------------------------------------------------------+
|  Spectis Correlation Engine                              |
|  Joins by: username x hostname x timestamp x agent_id      |
+--------------+--------------+------------+-----------------+
| Endpoint     | Orchestrator | Provider   | Network          |
| 21 clients   | Agent ID     | API logs   | FW       |
| MCP scanner  | User ID      | Token use  | DNS logs         |
| Process mon  | Tool calls   |            |                 |
| Tool prober  | Sessions     |            |                 |
+--------------+--------------+------------+-----------------+
      |
      v
  Splunk  .  Sentinel  .  Defender  .  Dashboard

Dashboard

Real-time visibility into every agent, server, and action

A unified control plane for security teams. See what's running, who approved it, and what risk it carries — across every endpoint in your organization.

localhost:5173

Spectis

Overview

Platform-wide AI agent and endpoint observability

MCP Server Discovery

Endpoints Scanned

487

Unique MCP Servers

Running Processes

1,204

High Risk

Data Exfiltration Risk

Local 1,847

Remote 312

312 servers connecting to external endpoints

Runtime Breakdown

Docker containers892

NPX / UVX packages1,106

Config entries2,159

AI Clients Detected

VS Code Cursor Claude Desktop Claude Code Codex CLI Windsurf Zed

Orchestrator Activity

Total Events

12,847

Events Today

342

Blocked Commands

Registered Agents

Risk Breakdown

High 12% Medium 38% Low 50%

Recent Activity

14:23 execute code-assistant success

14:21 validate db-query-agent blocked

14:18 scan endpoint-scanner success

14:15 execute security-audit queued

Research

The Three-Plane Blind Spot

Our upcoming whitepaper presents the first systematic mapping of MCP configuration paths across all major AI clients and a formal agent identity model for enterprise security.

The Three-Plane Blind Spot: Why Enterprise Security Cannot See AI Agents

We demonstrate that SASE, MCP gateway, and EDR tools each cover at most one plane of AI agent activity. We present Spectis and evaluate it against a production enterprise environment.

Author Mohammed Ashraf

Date April 2026

Category cs.CR, cs.AI

Coming soon

Visibility by tool category

Tool	API	Network	Endpoint
SASE	~	—	—
MCP Gateway	—	~	—
EDR / XDR	—	—	~
Spectis	✓	✓	✓

Built for the agentic era

Spectis is open source. Deploy the endpoint scanner today. Ship telemetry to your SIEM tomorrow.

Get started Read the research