Ctrlk
HomepageSystem Status
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Endpoint Privilege Manager 2.0

Overview

Keeper Endpoint Privilege Manager (KEPM) version 2.0 represents the most significant expansion of the product since its initial release, extending KEPM's privilege enforcement model to cover an entirely new class of principal: AI agents. As coding assistants, autonomous agents, and LLM-integrated tools proliferate across enterprise endpoints, organizations face a governance gap that traditional PEDM cannot address — AI agents operate outside the user session, accumulate their own privileges, make autonomous decisions, and can drift from their intended purpose without any visibility or control mechanism in place.

v2.0 closes that gap. This release introduces a complete AI agent governance framework — detection, identity, behavioral monitoring, risk scoring, compliance enforcement, and observability — built natively into the KEPM policy and audit pipeline. Known agents such as GitHub Copilot, Cursor, Claude Code, and Amazon Q are detected by signature; unknown and custom agents are identified through a heuristic behavioral engine operating across 10 independently weighted detection rules. Every detected agent is issued a unique cryptographic identity scoped to its declared purpose, the model version it uses, and the tools it is permitted to invoke. Agent behavior is continuously monitored for drift from baseline, with a configurable risk scoring model backed by MITRE ATLAS technique mappings, NIST AI RMF controls, and live STIX/TAXII threat intelligence feeds. High-risk actions require human-in-the-loop approval before execution. All agent activity is captured in tamper-evident, replayable audit traces.

Alongside the AI governance framework, v2.0 expands KEPM's endpoint asset intelligence with service and scheduled task inventory collection, CVE-backed vulnerability detection for installed executables and modules, VirusTotal reputation integration, and two new Admin Console sections — Product Inventory and Certificate Inventory — each surfacing fleet-wide data with CVE-informed risk scoring. A foundational endpoint telemetry pipeline underpins all of these capabilities, capturing process lineage, script execution, and AI agent execution traces as first-class security events.

New Features

Known AI Agent Detection

  • KPAM-1777: KEPM now maintains a versioned registry of known AI agent signatures — including process names, binary path patterns, publisher certificates, and LLM API network fingerprints — and uses that registry to detect and enumerate named AI agents operating on managed endpoints with high confidence. Covered agents include tools such as GitHub Copilot, Cursor, Claude Code, Tabnine, Codeium, Amazon Q, Aider, and others. Detection occurs within 60 seconds of process start. A KnownAgentDetected event is emitted on first observation, followed by KnownAgentSessionStart and KnownAgentSessionEnd pairs to capture active session windows. Publisher certificate mismatches against known registry entries generate a distinct KnownAgentSpoofAttempt alert. Admins can view a real-time and historical inventory of known AI agents per endpoint and per user from the Admin Console.

Heuristic-Based Possible AI Agent Detection

  • KPAM-1779: For AI agents not present in the known registry — including custom-built tools, obfuscated LLM wrappers, and novel third-party agents — KEPM now applies a 10-rule heuristic behavioral detection engine to all monitored processes. Rules cover outbound LLM API communication, large structured payload transmission, model-related file system access (.gguf, .safetensors, .faiss, .chroma), agent framework process signatures (langchain, autogen, crewai, llamaindex), subprocess chains consistent with tool use, credential and API key access patterns, self-modifying code execution, and vector store operations. Each rule is independently weighted and configurable via policy. A composite PossibleAgentConfidenceScore (0–100) determines the detection tier — Low, Medium, or High confidence — with high-confidence detections (≥ 85) automatically activating the risk scoring pipeline. Admins can dismiss false positives, manage a persistent exclusion list, and promote high-confidence detections directly to the known agent registry.

AI Agent Identity & Authentication

  • KPAM-1694: Each AI agent detected on a managed endpoint is now issued a unique cryptographic identity that is distinct from the user identity that launched it. Agent identity records include the agent's declared purpose, permitted scope, allowed tools, and an expiration timestamp. Identity is cryptographically bound to the model version and code hash in use — a change in either invalidates the identity. Agents are required to mutually authenticate with target systems before performing any action; unauthenticated requests are rejected. Long-running agents automatically trigger identity rotation on a configurable schedule without disruption to ongoing tasks. Revoked identities are immediately blocked from accessing any system or resource.

AI Behavior Monitoring & Drift Detection

  • KPAM-1696: KEPM now continuously monitors AI agent behavior in real time, capturing a full execution trace per agent action with timestamp, action type, inputs, and outputs. An intent classification model evaluates each action against the agent's declared purpose and flags deviations. Behavioral drift is detected when an agent's action patterns diverge beyond a configurable threshold from its established baseline, triggering an alert. Each action is assigned a risk score; high-risk actions are flagged for review or automatically blocked based on policy. A kill-switch mechanism — triggerable manually or automatically when risk thresholds are breached — can immediately halt a running agent. Agents can respond to explainability queries with a human-readable rationale for their current action.

AI Model & Agent Observability

  • KPAM-1702: Security teams now have complete observability into AI model and agent activity across managed endpoints. All prompts and responses are logged with configurable automatic redaction of sensitive fields. Every tool invocation is recorded with tool name, inputs, outputs, and outcome. All data access events are captured with the resource accessed, access type, and agent identity. The model version is captured per request. Agent decision points are logged with sufficient context to reconstruct the reasoning chain for any given action, and execution traces are stored in a replayable format for investigation and incident response. Logs are tamper-evident and retention is configurable to meet compliance requirements.

AI Risk Score Modeling & External Data Integration

  • KPAM-1780: Introduced a fully specified, version-controlled AI risk scoring model that assigns a composite 0–100 risk score to every agent action based on seven independently weighted input signals: action deviation from declared purpose, behavioral drift from baseline, privilege level of current action, sensitive resource access, external communication anomaly, process lineage deviation, and external threat intelligence match. Scores are computed per-action, aggregated to session and agent-level trends, and persisted for 90-day retention. Threshold bands (Low, Elevated, High, Critical, Severe) trigger configured policy responses including alerts, approval gates, and automatic kill-switch activation. External data integration includes MITRE ATLAS adversarial ML technique mappings, NIST AI RMF 1.0 control references for compliance context, and a configurable STIX 2.1 / TAXII 2.1 threat intelligence feed for AI-specific indicators. All signal weights are admin-configurable per policy and tracked in the audit log.

AI Governance, Compliance & Policy Enforcement

  • KPAM-1703: KEPM now supports policy-as-code for AI behavior, enabling administrators to define, version, and deploy governance rules for AI agents through the same policy pipeline used for endpoint privilege enforcement. All AI behavior policies are versioned, and ad hoc changes outside the defined process are not permitted. Every AI action receives a runtime risk score that feeds enforcement decisions and reporting dashboards. The system provides a compliance mapping view linking implemented controls to EU AI Act and NIST AI RMF requirements. High-risk AI actions require human-in-the-loop approval before execution, with the approver's decision logged. An AI-specific audit trail — maintained separately from general system logs — captures all agent actions, policy decisions, and compliance events. Model usage is governed by role-based access policies that define which users or systems may invoke which models and for what declared purposes. Compliance reports are available on demand for audit purposes.

Core Endpoint Protection & Detection

  • KPAM-1670: Established a foundational endpoint telemetry pipeline that captures process lineage, script execution (PowerShell, Bash, Python), and AI agent execution traces as first-class security events, integrated into a unified event pipeline. This telemetry layer is the data foundation that underlies all AI detection, behavioral monitoring, and risk scoring capabilities in this release.

Vulnerable Executable & Module Detection

  • KPAM-1990: The KEPM agent now detects executables and loaded modules on managed endpoints that have known vulnerabilities, surfacing them to administrators with severity and exploitation context including CVSS scores, CISA Known Exploited Vulnerabilities (KEV) status, and EPSS probability ratings. Vulnerability matching is performed locally on the endpoint against a per-platform catalog sourced from CVE List V5, CISA KEV, and EPSS, refreshed daily and distributed as signed public artifacts. Match results are encrypted with the customer key and relayed through the backend without Keeper ever decrypting the data. Administrators can author policies that block launches or enforce upgrades of vulnerable software based on KEV status or CVSS score thresholds.

Service Inventory Collection

  • KPAM-50: The KEPM agent now collects and maintains a real-time inventory of all system services on managed endpoints — Windows services, Linux systemd units, and macOS launchd daemons — including service name, display name, executable path, startup type, current state, and the account under which the service runs. Service installation, removal, and state-change events are captured as timestamped audit events. Service inventory data feeds directly into the AI agent detection pipeline to identify AI agents that operate as persistent background services under elevated service accounts.

Scheduled Task Inventory Collection

  • KPAM-51: The KEPM agent now collects and maintains a real-time inventory of all scheduled tasks on managed endpoints — Windows Task Scheduler jobs, Linux cron jobs and systemd timers, and macOS launchd agents and daemons — including task name, executable path and arguments, trigger type and schedule, last and next run times, run-as account, and enabled state. Task creation, modification, deletion, and execution events are captured as audit events. Scheduled task inventory is a key behavioral heuristic signal for detecting AI agents that register recurring jobs to persist across reboots, execute autonomously on a schedule, or exfiltrate data outside of user-initiated sessions.

VirusTotal Reputation Integration

  • KPAM-145: Application inventory records now include each file's SHA-256 hash, enabling integration with the VirusTotal reputation database. A "Check with VirusTotal" link is surfaced in the application detail view, allowing administrators to query a file's reputation score on demand. Reputation data feeds into the product's risk scoring model and lays the groundwork for automated reputation-based policy decisions in a future release.

Admin Console

Product Inventory — New Top-Level Section

  • KPAM-1841: A new Product Inventory section is now available as a top-level item in the KEPM Admin Console. It surfaces a fleet-wide tabular view of all detected software products — including product name, publisher, version, install date, endpoint count, license/edition, and a CVE-informed risk score. Clicking any product opens a detail view showing full metadata, per-endpoint version data (surfacing version drift across the fleet), associated application objects, and a CVE References section listing individual CVE identifiers, CVSS scores, descriptions, and links to authoritative records. The risk score is computed by the backend using CPE matching against the NVD/CVE dataset and is never derived from customer process data.

Certificate Inventory — New Top-Level Section

  • KPAM-1840: A new Certificate Inventory section is now available as a top-level item in the KEPM Admin Console. It provides a fleet-wide tabular view of all certificates detected on managed endpoints — including common name, issuer, serial number, validity window with color-coded status (Valid / Expiring Soon / Expired), thumbprint, endpoint count, store location, and a CVE-informed risk score. The risk score accounts for expiry status, trust chain validity, and CVE associations tied to the certificate's cryptographic algorithm (for example, certificates using deprecated SHA-1 or RSA < 2048-bit keys reflect elevated risk). The detail view lists affected endpoints and individual CVE references with CVSS scores.

Resources

Last updated