Getting Started
An overview of SuperAlign Surface — AI asset discovery and endpoint visibility for your organization.
What is SuperAlign Surface?
SuperAlign Surface is an AI asset discovery and endpoint visibility platform designed to help organizations understand exactly what AI applications, agents, MCP servers, skills, browser extensions, and IDE plugins are installed and running across every employee device.
Using Surface, you gain a ground-level view of the AI software that exists on your endpoints, regardless of whether it has been used or approved. It discovers, categorizes, and risk-scores every AI asset across your fleet, empowering security and IT teams to govern AI adoption before it becomes a threat.
Key Features
- Endpoint-level discovery — Detect AI assets installed on every macOS, Windows, and Linux device across your organization
- Unified asset inventory — Browse and filter all discovered AI assets in one place, organized by type, risk level, and governance status
- Risk scoring — Gain unique risk signals for every asset type to automatically understand risk levels (Critical, High, Medium, Low) so you can prioritize action
- Multi-asset-type coverage — Surface identifies AI applications, agents, skills, Browser Extensions, IDE Plugins, MCP Servers, and more
- Real-time endpoint health — Track which devices are active, which have gone stale, and when each was last seen
How does it work?
SuperAlign Surface provides organizations with visibility and governance over AI assets running across employee endpoints. Using a lightweight endpoint agent, the platform discovers AI assets, evaluates their risk, and enables governance controls across your organization.
Surface operates through a continuous monitoring pipeline:
Endpoint Agent → Discovery → Asset Classification → Risk Assessment → Governance Enforcement
Endpoint Agent Architecture
Surface deploys a lightweight agent across macOS, Windows, and Linux endpoints. The agent runs in the background and analyzes the system environment to detect AI-related tools and infrastructure.
The agent collects telemetry from:
- Installed applications
- Browser extensions
- IDE plugins and developer tools
- Running processes
- Background services
- Local development environments
- AI infrastructure such as Model Context Protocol (MCP) servers
Telemetry is securely transmitted to the Surface platform for normalization and analysis. The agent is designed to be lightweight and minimally disruptive, ensuring normal device performance.
Discovery
Surface continuously scans endpoints with a multi-layer discovery engine to identify AI assets across applications, development environments, agent hosts, and more. This enables organizations to identify both approved and shadow AI usage.
Asset Classification
Discovered assets are automatically categorized to provide context about how AI tools operate within the organization. This classification helps administrators understand the role and behavior of AI assets across endpoints.
Surface supports classification across several asset types:
| Asset Type | Description |
|---|---|
| Autonomous Agents | AI agents that operate continuously without human-in-the-loop, executing tasks, making decisions, and taking actions independently. Includes Molbot, Openclaw, Clawbot. |
| Browser Agents | Browsers or browser modes with a built-in AI agent that autonomously navigates the web, fills forms, and executes tasks. Includes Perplexity Comet, ChatGPT Atlas. |
| Cloud Agents | AI capabilities embedded inside cloud-hosted SaaS products, accessed through a vendor's interface with no local model. Includes ChatGPT, Claude.ai, Notion AI, Microsoft Copilot. |
| Coding Agents | AI coding assistants and command-line agents embedded in developer environments, with direct access to source code, terminal, and filesystem. Includes Claude Code, Gemini CLI, Cursor, GitHub Copilot CLI. |
| Local Agents | Model hosting environments that run LLMs entirely on the local device, with no data leaving the machine. Includes Ollama, LM Studio, GGUF-based runners. |
| MCP Servers | Local or remote servers that expose tools and data to AI agents via the Model Context Protocol (MCP). |
| Skills | Skills are portable, modular packages of instructions, scripts, and resources that provide AI agents with specialized capabilities and domain expertise. Typically found in the form of markdown files. |
| Browser Extensions | AI-powered extensions running directly in the browser, with potential access to web activity, form data, and credentials. |
| IDE Extensions | AI coding assistants and plugins embedded inside development environments, with visibility into source code. |
| Models | The underlying large language models (LLMs) and multimodal models that power AI agents and assistants — either running locally on the device (e.g. Ollama-hosted models, GGUF files) or accessed remotely via API (e.g. GPT-4, Claude, Gemini). Represents the core inference engine behind agentic behavior. |
| Agent Tools | Coming soon |
| Agent Memory | Coming soon |
Risk Assessment
Surface evaluates each asset to determine its potential security and compliance impact.
Risk levels are assigned based on factors such as:
- Data access capabilities
- Integration with external services
- Execution privileges on the endpoint
- Known governance or security concerns
Assets are categorized using a four-tier risk model that helps teams prioritize governance and security actions.
| Risk Level | Description |
|---|---|
| Critical | Severe risk requiring immediate remediation |
| High | Significant risk requiring prompt review |
| Medium | Moderate risk requiring monitoring |
| Low | Minimal risk under standard governance policies |
Governance Status
Newly discovered assets are marked as Ungoverned, indicating they have not yet been reviewed within the organization's AI governance framework.
Administrators can:
- Approve the asset for use
- Restrict or block the tool
- Acknowledge the asset while applying monitoring policies
Governance status provides visibility into which AI tools are approved, restricted, or unmanaged.
Real-Time Endpoint Monitoring
Surface continuously monitors endpoint activity to maintain an accurate inventory of AI tools across the organization.
Administrators can track:
- Active endpoints reporting telemetry
- Devices that have become inactive
- Newly installed AI tools
- Changes in asset behavior or execution patterns
Each endpoint includes a Last Seen timestamp, indicating the most recent telemetry report.
Who should use Surface
Key Stakeholders
- Security & IT Teams: Identify unauthorized or risky AI software installed across the device fleet.
- CISOs & IT Leaders: Understand the full scope of AI adoption at the endpoint level, beyond what network monitoring alone reveals.
- Compliance & Risk Teams: Audit which AI tools exist in the environment and confirm governance coverage.
- Engineering Managers: Track what AI development tools — IDE plugins, MCP servers, AI skills — are in use across engineering endpoints.
- Data Security & Privacy Teams: Identify AI tools that may access sensitive organizational data such as code repositories, internal documents, or customer information.
- AI Governance Teams: Monitor organizational AI adoption and ensure usage aligns with responsible AI policies and governance frameworks.
- Platform & Infrastructure Teams: Track AI infrastructure components such as local model runners, agent frameworks, and MCP servers across endpoints.
- Internal Audit Teams: Review AI asset inventories and governance status to support internal audits and compliance reviews.
Data Security and Privacy Controls
Surface is built with enterprise-grade security and privacy protections.
The platform collects software and system metadata, not user-generated content, allowing AI asset discovery while preserving privacy.
Security controls include:
- Encrypted telemetry transmission
- Encryption of stored data
- Role-based access control