Docs
Surface Documentation

Endpoints

The Endpoints page shows every device enrolled in Surface monitoring, giving you visibility into the AI software footprint on any individual machine and the health of your fleet.

What is the Endpoints Page?

The Endpoints page shows every device enrolled in Surface monitoring. Use it to understand the AI software footprint on any individual machine, check the health and activity of your fleet, and identify devices that may have gone stale or fallen out of coverage.

Reading the Endpoints Table

ColumnDescription
HostnameThe device's network name and the email address of the associated user
OSThe operating system: Mac, Windows, or Linux
StatusActive (recently communicating with Surface) or Stale (has not checked in recently)
Assets DiscoveredThe total number of AI-related assets found on this endpoint
Asset TypesIcons indicating which asset type categories are present on the device
Last seenHow recently the endpoint last communicated with Surface

Endpoint Status

Active The device is communicating normally with the Surface agent and data is current. Active endpoints provide an up-to-date picture of what AI software is installed.

Stale The endpoint has not checked in within the expected reporting window. This may indicate:

  • The device is powered off or offline
  • The user is on extended leave
  • The Surface agent has been removed or is not functioning correctly

Stale Endpoints

Stale endpoints should be investigated to ensure your fleet coverage remains complete. A large number of stale devices creates blind spots in your AI asset inventory.

Endpoint Detail Panel

Clicking any endpoint in the table opens a detail panel on the right side of the screen. The panel has two tabs: Overview and Asset Types.

Overview Tab

The Overview tab provides a summary of the endpoint's AI exposure and device details.

Exposure section:

  • Assets Discovered — Total count of AI-related assets found on this device
  • Asset Types — Icon set showing which categories of assets are present (AI Skills, IDE Plugins, MCP Servers, Applications, Browser Extensions, etc.)
  • Assets by risk level — A visual bar and count breakdown showing the number of assets on this device that are Critical, High, Medium, and Low risk

Details section:

FieldDescription
OSThe operating system of the device
Last logged userThe most recent user account active on the device
SerialThe device serial number (where available)
First seenThe date and time Surface first detected this endpoint
Last seenThe most recent time Surface received data from this endpoint

Department Tag

Endpoints are tagged with the team or department they belong to (e.g., Engineering, Design, Operations). This helps you contextualize risk — an endpoint in Engineering with many IDE Plugins and MCP Servers is expected behavior, whereas the same profile on a Finance endpoint warrants closer review.

Asset Types Tab

The Asset Types tab lists every individual AI asset discovered on this endpoint, with three columns:

ColumnDescription
NameThe name of the asset
Risk LevelThe risk rating assigned to this asset: Critical, High, Medium, or Low
Asset TypeThe category: Application, AI Skill, Browser Extension, IDE Plugin, MCP Server, etc.

This view is useful for:

  • Device audits — Reviewing what is installed on a specific machine before offboarding a user
  • Incident investigation — Checking whether a device involved in a security event has high-risk AI tools installed
  • Compliance spot checks — Verifying that a device in a sensitive department is not running unauthorized AI software
  1. Start with Active endpoints and sort by Assets Discovered (highest first) to find the devices with the largest AI footprint
  2. Open the Overview tab for high-asset-count devices to check the risk level distribution
  3. Switch to the Asset Types tab to review specific assets, particularly any rated Medium or above
  4. Investigate Stale endpoints to ensure they are not creating gaps in your coverage
  5. Use the department tag to prioritize reviews for endpoints in sensitive teams (Finance, Legal, HR, Security)

Next Steps

After reviewing your endpoints, head to the Inventory page to govern specific assets across your organization.

Inventory

Browse and govern all discovered AI assets across your organization

Dashboard

Return to the Dashboard for a high-level view of your AI asset risk posture

Inventory

The Inventory page gives you a complete, filterable list of every AI asset discovered across your organization's endpoints, with risk profiles and governance coverage insights.

On this page

What is the Endpoints Page?Reading the Endpoints TableEndpoint StatusEndpoint Detail PanelOverview TabAsset Types TabRecommended Workflow