DISCOVERY

Shadow Agent Detection

RANKIGI detects ungoverned agents on your network — OpenClaw, LangChain, unknown processes. One-click onboarding.

How it works

Shadow Agent Detection scans for ungoverned agent processes running in your environment. When events arrive at RANKIGI without a registered agent ID, or when known framework signatures (OpenClaw, LangChain, AutoGen, CrewAI) are detected in event metadata, RANKIGI flags them as shadow agents. Security teams can also manually report ungoverned agents. Every detection includes the agent signature, host identifier, estimated actions per day, and risk level. One click onboards the shadow agent to full governance coverage.

Technical details

Detection methods: api_key_pattern, event_pattern, manual_report, network_scan. Risk levels: low (<10 actions/day), medium (10-99), high (100-999), critical (1000+). Status flow: detected → acknowledged → onboarded | dismissed.

Compliance mapping

NIST AI RMF (AI Asset Inventory)ISO 42001 6.1 (AI Risk Assessment)

Use cases

• Finding ungoverned OpenClaw instances on developer laptops
• Detecting unauthorized LangChain deployments on cloud servers
• Pre-acquisition due diligence on target company’s agent landscape

Related features

Agent Certificate→Production Readiness→Cost Intelligence→

Start governing your agents →Read the standard →