> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/release-notes/enterprise/endpoint-privilege-manager/endpoint-privilege-manager-2.0.md).
# Endpoint Privilege Manager 2.0
### Agentic AI Governance & Automatic Agent Updater
### **Overview**
Keeper Endpoint Privilege Manager extends privilege enforcement to a new kind of principal: **AI agents**. Coding assistants and autonomous agents now run on endpoints, take actions on a user's behalf, and request privileges of their own — outside the visibility of traditional privilege management.
EPM brings AI agents under the same policy and audit model KEPM already applies to users. KEPM detects agents (both known tools and unknown look-alikes), gives each a verifiable identity, monitors their behavior, scores the risk of their actions, and lets you **actively govern them through three new policy types**. The release also adds endpoint asset intelligence — service and scheduled-task inventory, and CVE-backed vulnerability detection — and introduces **automatic agent updates with version pinning** so the fleet stays current without manual reinstalls.
### **New Keeper EPM Agent Features**
#### **AI Agent Governance Policy Types**
* **KPAM-2006:** Three new policy types let you govern AI agents directly from the Admin Console, using the same controls you apply to users — Auto-Approve, Auto-Deny, MFA, Justification, Admin Approval, and End User Approval:
* **Agentic AI** — controls *who* can run AI agents.
* **Agentic Access** — controls *what* an agent may do on a user's behalf, including access to sensitive files, executables, and commands.
* **Agentic Privilege Elevation** — controls *how* agents request administrative elevation.
* Each policy type supports a full lifecycle — Off, Monitor, Monitor & Notify, and Enforce — and defaults to Monitor mode so you can observe agent activity before turning on enforcement. When a policy requires human approval, the end user is prompted to allow or deny the agent's action before it proceeds.
#### **Known AI Agent Detection**
* **KPAM-1777:** KEPM detects and enumerates named AI agents — such as GitHub Copilot, Cursor, Claude Code, Tabnine, Codeium, and Amazon Q — within 60 seconds of process start, using a signed registry of process names, paths, publisher certificates, and network fingerprints. Detected agents appear in a per-endpoint, per-user inventory in the Admin Console. Certificate mismatches against a registry entry raise a spoof-attempt alert.
#### **"Possible" AI Agent Detection**
* **KPAM-1779:** For agents not in the known registry — custom tools, wrappers, and novel third-party agents — a behavioral heuristic engine flags processes that act like AI agents based on signals such as LLM API traffic, model-file access, agent-framework signatures, tool-use subprocess chains, and credential access. Each flagged process gets a 0–100 confidence score and a Low/Medium/High tier. Admins can dismiss false positives, maintain an exclusion list, or promote a high-confidence detection to the known registry.
#### **AI Agent Identity**
* **KPAM-1694:** Each detected agent is issued a verifiable identity, separate from the user that launched it, scoped to its declared purpose, allowed tools, and an expiration. Identity is bound to the model version and code hash in use, so a change to either invalidates it. Revoked identities are immediately blocked.
#### **AI Behavior Monitoring & Drift Detection**
* **KPAM-1696:** KEPM monitors agent actions in real time and captures an execution trace for each one. When an agent's behavior drifts beyond a configurable threshold from its baseline, KEPM raises an alert. A kill-switch — manual or automatic on threshold breach — can immediately halt a running agent.
#### **AI Observability**
* **KPAM-1702:** Security teams get full visibility into agent activity: prompts and responses (with automatic redaction of sensitive fields), tool invocations, data-access events, and model version per request. Execution traces are stored in a replayable, tamper-evident format with configurable retention.
#### **AI Risk Scoring**
* **KPAM-1780:** Every agent action receives a composite 0–100 risk score based on weighted signals including privilege level, sensitive-resource access, behavioral drift, process lineage, and external threat intelligence. Scores roll up to per-agent and per-deployment trends. Threshold bands (Low through Severe) trigger configured responses — alert, approval gate, or kill-switch — and scores are enriched with MITRE ATLAS technique mappings, NIST AI RMF references, and an optional STIX/TAXII threat feed.
#### **AI Governance & Compliance**
* **KPAM-1703:** AI behavior policies are versioned and deployed through the standard KEPM policy pipeline. High-risk actions require human-in-the-loop approval, with the approver's decision logged. A separate AI audit trail captures agent actions, policy decisions, and compliance events, and a compliance view maps controls to EU AI Act and NIST AI RMF requirements.
#### **Automatic Updates & Version Pinning**
* **KPAM-1352:** KEPM can now keep its agent and plugins current automatically. You set a desired version per component — the latest release or a pinned version — and endpoints converge on it. Update packages are integrity- and signature-verified before install, and an unstable update rolls back automatically to the last known good version. End users can defer non-critical updates within a configured window. A new Admin Console **Updates** page shows current vs. desired version per component across the fleet, and end users can check their installed version from a new **About** dialog in the Keeper agent.
#### **Core Endpoint Telemetry**
* **KPAM-1670:** A foundational telemetry pipeline captures process lineage, script execution (PowerShell, Bash, Python), and AI agent execution traces as first-class security events. This layer is the data foundation for all AI detection, monitoring, and risk scoring in this release.
#### **Vulnerable Executable & Module Detection**
* **KPAM-1990:** KEPM detects executables and loaded modules with known vulnerabilities and surfaces them with severity context — CVSS scores, CISA KEV status, and EPSS ratings. Matching runs locally on the endpoint against a signed, daily-refreshed public catalog (CVE List V5, CISA KEV, EPSS); match results are encrypted with your key and relayed without Keeper decrypting them. You can author policies that block launches or force upgrades of vulnerable software by KEV status or CVSS threshold.
#### **Service Inventory**
* **KPAM-50:** KEPM maintains a real-time inventory of system services across endpoints (Windows services, Linux systemd units, macOS launchd daemons), including name, executable path, startup type, state, and run-as account. Install, removal, and state-change events are audited. This feeds detection of agents that run as persistent background services.
#### **Scheduled Task Inventory**
* **KPAM-51:** KEPM maintains a real-time inventory of scheduled tasks (Windows Task Scheduler, Linux cron and systemd timers, macOS launchd agents), including path, trigger, schedule, run times, and run-as account. Task create/modify/delete/execute events are audited and feed detection of agents that persist or run autonomously on a schedule.
### **New Keeper Admin Console Features**
#### **Redesigned Dashboard**
* The KEPM Dashboard adds at-a-glance widgets — Open Requests, High-Risk Events Today, Registered Managed Endpoints, High-Risk AI Identities, Over-Privileged AI Agents, and Least Privilege Policy Not Applied — plus a Policy Activity panel with a decisions breakdown (Allowed, Pending MFA or Justification, Denied, Approval Required) and your top matched policies.
#### **New Events Tab**
* A dedicated Events tab surfaces Today's Events, Agents Pending Approvals, and Agents with Least Privilege Policy counts, along with a Recent Events table you can filter by event type, target, user, status, and time.
#### **Agentic AI Collections**
* Collections now include an **Agentic AI** type for grouping AI agents, so the new agentic policy types can target them the same way Application, Machine, and User collections work for existing policies.
#### **New Policy Controls & Filters**
* The policy editor adds an expanded control set — Auto-Approve, Auto-Deny, MFA, Justification, Admin Approval, and End User Approval (human-in-the-loop). The Policies list can now be filtered by control, collection, and machine.
***
### **Resolved Customer-Reported Issues**
This release also addresses issues reported by customers in the field.
* **KPAM-2064 — keepersudo with piped commands (Linux):** Fixed a case where running a piped command through `keepersudo` (for example, `echo "…" | keepersudo tee `) skipped the justification prompt and went straight to the password step, after which the command silently failed to write its output. Piped and chained commands now correctly trigger the configured Command Line policy controls (justification, MFA, or approval) and execute as expected.
* **KPAM-2017 — AutoCAD installer elevation (Windows):** Resolved a case where privilege elevation did not complete correctly during installation of AutoCAD. Elevation now applies correctly so the installer completes under a Privilege Elevation policy.
***
**Stability & Hardening**
This release also includes a broad round of stability, enforcement-accuracy, and platform hardening across Windows, macOS, and Linux:
* **Installation, upgrade & registration** — more reliable first-time registration and re-registration, cleaner configuration handling across upgrades, and clearer registration dialogs.
* **Policy enforcement accuracy** — corrected elevation and launch behavior across direct, shortcut, and agent-initiated paths, including PowerShell/MFA elevation, Deny and Least Privilege enforcement, application-collection matching, and policy evaluation timing.
* **File access grant handling** — file access grants now persist correctly within their active window and are no longer re-prompted or revoked unexpectedly on sync.
* **Agent stability & sessions** — eliminated duplicate agent processes and windows, and improved multi-session launch, crash resilience, watchdog recovery, and resume-from-sleep behavior.
* **UI, localization & notifications** — dialog sizing and caption fixes, display-scale and tray-icon corrections, and accurate routing of approval notifications to the correct user session.
* **Inventory & telemetry** — more accurate endpoint status reporting, multi-byte user name resolution, app-bundle path validation, reduced startup overhead, and audit-detail fixes.
***
#### **Resources**
* [Endpoint Privilege Manager Documentation](https://docs.keeper.io/en/keeperpam/endpoint-privilege-manager/overview)
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.keeper.io/release-notes/enterprise/endpoint-privilege-manager/endpoint-privilege-manager-2.0.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.