{"slug": "you-can-t-govern-the-ai-you-can-t-see", "title": "You Can't Govern the AI You Can't See", "summary": "Maxim AI's Bifrost AI gateway and Bifrost Edge aim to close the AI visibility gap by monitoring endpoint AI traffic that bypasses traditional network controls. A 2025 Gartner survey found 69% of cybersecurity leaders suspect employees use public generative AI at work, yet most such traffic remains unseen. The open-source gateway provides a point of visibility and governance for AI requests originating from desktop apps, browser tabs, and coding agents.", "body_md": "*AI governance starts with visibility: a policy, a budget, or a guardrail can only act on the AI traffic a team can actually see. This guide explains why so much AI use stays out of IT's view, why that gap stops governance before it starts, and how the Bifrost AI gateway and Bifrost Edge close it by making endpoint AI both visible and governable.*\n\nEvery AI governance control an organization owns, from budgets and access rules to guardrails and audit trails, can only act on the AI traffic it can actually see. That ability to see what AI is running and what it is sending, often called AI visibility, is the precondition for everything else. The trouble is that most AI used at work now runs on the endpoint, inside desktop apps, browser tabs, and coding agents that reach a model provider directly, so the activity never reaches the systems security teams watch. A request that leaves a laptop for a third-party model without crossing a monitored path is, for governance purposes, a request that did not happen. The gap is wide, as a 2025 Gartner survey of cybersecurity leaders found that 69 percent have evidence or suspicion that employees are using public generative AI at work, which is exactly the usage most teams cannot account for.\n\nGovernance is a chain of steps, and visibility is the first link. To act on an AI request, a system has to see it, attach an identity and a policy to it, enforce limits on it, and record what happened. When the first step is missing, none of the steps after it can run, because a control that never observes a request has nothing to act on.\n\nThis plays out the same way across every control a security or platform team relies on. A data guardrail that never inspects a prompt cannot redact the secret inside it. A budget that never counts a call cannot cap spending on it. A policy that never sees a tool cannot decide whether the tool is allowed. The result is not weak governance but absent governance, applied with confidence to the fraction of AI traffic that happens to be visible while the rest moves untouched.\n\nAI goes out of view wherever it runs close to the user and connects straight to a provider, which describes most of where it now runs. Four blind spots account for the bulk of it:\n\nThe list of tools an IT team can name is routinely a fraction of what employees actually use, because every new app, browser feature, and MCP server is one more thing to find, and discovery has no natural endpoint. The tools no one tracks are not necessarily malicious; they are simply outside anyone's view, which is what places them beyond the reach of any control. Gartner has predicted that by 2030, more than 40 percent of organizations will experience [security or compliance incidents tied to the use of unauthorized AI](https://www.infosecurity-magazine.com/news/gartner-40-firms-hit-shadow-ai/), a direct consequence of governing only the share of activity a team can see.\n\nTraditional controls do not close the visibility gap because they were built to watch the network, while endpoint AI mostly avoids the network they watch. Network proxies and data loss prevention systems inspect what crosses the corporate perimeter, yet a large share of AI traffic leaves the device for a provider directly, over an encrypted connection that resembles ordinary web browsing and that often never passes through a corporate proxy at all.\n\nThree gaps recur across these approaches:\n\nEach of these methods produces a partial list at a single moment, while the real usage is continuous and changes by the day. Closing the gap calls for visibility at the point where the AI actually runs, which is the endpoint itself.\n\nMaking AI governable takes two things in sequence: a place where AI traffic can be seen and governed, and a way to route the AI on every machine into that place. Bifrost, the [open-source AI gateway](https://github.com/maximhq/bifrost) built by Maxim AI, is that place, and [Bifrost Edge](https://docs.getbifrost.ai/edge/overview) is what brings the endpoint into it.\n\nOn the gateway, every request that passes through is recorded by [built-in observability](https://docs.getbifrost.ai/features/observability), which captures the prompt, the response, the model, the token counts, the cost, and the latency for each call, with no change to the application. The same gateway holds the [virtual keys, budgets, and rate limits](https://docs.getbifrost.ai/deployment-guides/config-json/governance) that tie usage to a person or project, along with the [guardrail profiles](https://docs.getbifrost.ai/enterprise/guardrails) that inspect prompts and responses. The limit, until now, has been reach: the gateway could see and govern only the traffic that something had already pointed at it.\n\nBifrost Edge closes that reach by [routing all supported AI traffic on a machine through Bifrost](https://docs.getbifrost.ai/edge/how-it-works) rather than letting it go straight to the provider. The AI that used to leave the laptop unseen now appears in the same logs, under the same policies, as the rest of an organization's AI. The division of labor is straightforward: Edge supplies the sight by inventorying endpoint AI and routing it through the gateway, and the gateway supplies the governance by recording, inspecting, and enforcing on the traffic it can now see. The gateway stays the single control plane, and Edge becomes its reach to the endpoint, so there is no separate visibility tool and no second policy model to maintain.\n\nVisibility begins with knowing what is present. Bifrost Edge discovers the [MCP servers configured in each app](https://docs.getbifrost.ai/edge/mcp-governance) and the [AI applications in use](https://docs.getbifrost.ai/edge/app-governance) on every machine, then assembles a live view across the fleet of which assistants and which servers are running, on which apps, and on how many devices. New apps and servers surface as they appear rather than during a periodic audit, and each one can be allowed or denied from a single console, with the decision enforced on the device.\n\nOnce endpoint AI is visible, the same controls that protect gateway traffic apply to it. The [guardrail profiles configured in Bifrost](https://docs.getbifrost.ai/edge/security) run before a prompt reaches a model and before a response returns, so secrets and personal data are caught or redacted before they leave the machine. Virtual keys and budgets tie each request to a person and a limit, while an [administrative audit trail](https://docs.getbifrost.ai/enterprise/audit-logs) records who changed which policy and when, signed and retained for later review.\n\n[Bifrost Edge deploys through the device management platforms](https://docs.getbifrost.ai/edge/deployment-mdm) an organization already runs, including Jamf, Microsoft Intune, Kandji, Omnissa Workspace ONE, and JumpCloud, across macOS, Windows, and Linux. Identity and keys come from the user's single sign-on, so no secrets sit on the device, and central changes to policy and routing reach the fleet on their own once a machine is signed in.\n\nAI visibility is the ability to see which AI tools, models, and services are in use across an organization, and to see the individual requests they send and receive. Without it, governance controls have nothing to act on, which is why visibility is treated as the first step rather than a report generated at the end.\n\nShadow AI is discovered by observing AI activity where it originates. Because most of it runs on endpoints, an agent on the device, such as Bifrost Edge, can inventory the apps and MCP servers in use and route their traffic through a gateway, which turns a guess about what employees might be using into a current list of what they actually use.\n\nVisibility does not have to mean blocking AI. Routing endpoint AI through the Bifrost gateway makes each request visible and subject to guardrails and budgets while the tools keep working normally, so an organization can approve and govern AI rather than ban it. Blocking remains available for tools a team decides to disallow, but that is a policy choice rather than a side effect of gaining visibility.\n\nShadow AI is, at its core, a visibility problem before it is a policy problem, because the strongest policy in the world cannot reach a request no one can see. The organizations that handle it well start by making endpoint AI visible, then apply the controls they already trust to the usage that visibility reveals.\n\nPairing the Bifrost AI gateway with Bifrost Edge gives security and platform teams both halves at once: the gateway records, inspects, and enforces, and Edge, currently in alpha, brings the AI on every machine into view so those controls have something to act on. Teams working through their own visibility gap can see how the combined approach fits together on the [Bifrost Edge overview](https://docs.getbifrost.ai/edge/overview) and register there for alpha access.", "url": "https://wpnews.pro/news/you-can-t-govern-the-ai-you-can-t-see", "canonical_source": "https://dev.to/elise_moreau/you-cant-govern-the-ai-you-cant-see-1kkj", "published_at": "2026-06-22 06:16:13+00:00", "updated_at": "2026-06-22 06:39:58.842293+00:00", "lang": "en", "topics": ["ai-safety", "developer-tools", "ai-infrastructure", "ai-policy"], "entities": ["Maxim AI", "Bifrost", "Bifrost Edge", "Gartner"], "alternates": {"html": "https://wpnews.pro/news/you-can-t-govern-the-ai-you-can-t-see", "markdown": "https://wpnews.pro/news/you-can-t-govern-the-ai-you-can-t-see.md", "text": "https://wpnews.pro/news/you-can-t-govern-the-ai-you-can-t-see.txt", "jsonld": "https://wpnews.pro/news/you-can-t-govern-the-ai-you-can-t-see.jsonld"}}