Sielum
Back to Blog
Security·The Sielum Team

Introducing Sielum

Shadow AI is the new Shadow IT. Here's how we built a platform to give enterprise security teams full visibility over every AI agent running in their organization.

The Problem: Shadow AI is Already in Your Organization

Three years ago, your developers were installing Dropbox without IT approval. Your security team spent months building policies, deploying DLP agents, and blocking consumer file sync services from corporate endpoints. It worked — eventually.

Today, the same thing is happening with AI agents. Developers are installing Claude Code, GitHub Copilot, Cursor, and ChatGPT Desktop without informing IT. Each tool runs locally, reads source code, calls external APIs, and — increasingly — spins up Model Context Protocol (MCP) servers that can access filesystems, databases, and internal services.

The difference this time: the blast radius is much larger, and the tools are moving faster than any IT policy can keep up.

What We Built

Sielum is an enterprise platform that gives your security team complete visibility into every AI agent running across your fleet.

The architecture is simple by design: a lightweight native agent runs on each endpoint and reports to a central server. No browser extension, no kernel module, no invasive scanning. The agent reads what the AI tools themselves expose — their config files, process trees, and MCP server configurations — and sends a structured report to the server every 60 seconds.

What you get:

  • Real-time process inventory — every Claude Code, Copilot, Cursor, ChatGPT, and Amazon Q instance, on every device
  • MCP server discovery — which MCP servers are configured, what tools they expose, and whether any have filesystem or database access
  • API connection monitoring — which AI APIs are being called from each endpoint, with the ability to block unauthorized endpoints via policy
  • Config enforcement — push configuration standards to every agent at once, applied atomically on each endpoint

Why We Built It Ourselves

We evaluated several existing approaches. EDR products focus on malware and lateral movement — they are not built to understand AI agent configuration. CASB solutions work at the network boundary but cannot see MCP servers that communicate locally. DLP tools scan data in motion but don't understand that an AI model just read your entire codebase.

AI agents require a new category of security tooling. We built it.

The Architecture: Endpoint-Native, Not Cloud-First

The Sielum agent runs natively on the endpoint — not in a Docker container, not as a browser extension. This is a deliberate choice: AI tools like Claude Code read local configuration from ~/.claude/settings.json, local MCP server processes communicate over Unix sockets, and process inspection requires host-OS access.

The agent authenticates to the server using mTLS with device-specific certificates. There are no shared API keys. If a device is decommissioned, its certificate is revoked and all future connections are rejected immediately.

The server runs in your infrastructure — on-premises or in your private cloud. We do not offer a SaaS-hosted version where your AI agent telemetry would leave your network.

What's Next

We are in early access with enterprise security teams. If you run a fleet of 50 or more developer endpoints and want visibility into what AI tools are running — contact us. We do proof-of-concepts in days, not weeks.

The Shadow IT problem took years to solve. The Shadow AI problem is solvable now, before it becomes a breach.

Questions? Reach out to our sales team — we respond to every inquiry personally.

Ready to get visibility into your AI agents?

Talk to our enterprise security team about a proof of concept.

Talk to Sales →