ENDPOINTS
Govern the AI on every machine.
Waxell Endpoints discovers and governs the AI tools your team runs locally — Claude Desktop, Cursor, Claude Code, Copilot, ChatGPT, browser assistants — on real laptops, not just the agents you build with an SDK. A small, signed desktop agent answers the three questions every security team is now asking: what AI is running, what is it doing, and can we control it.
Free to start. 2-line setup.
SOC 2 Ready
Free to start. 2-line setup.
SOC 2 Ready
Free to start. 2-line setup.
SOC 2 Ready
Runtime governs the agents you build.
Endpoints governs the AI your team runs.
Waxell Observe and Connect bring the agents you write — and the third-party agents your team adopts — under governance. Endpoints extends that to the machines themselves: the desktop apps, IDEs, CLIs, and browser tabs that talk to a model provider all day, often touching source code, customer data, and secrets.
These tools install themselves one developer at a time. Most organizations have no inventory of which are running, on whose machine, against which provider. Endpoints closes that gap.
Runtime governs the agents you build.
Endpoints governs the AI your team runs.
Runtime governs the agents you build.
Endpoints governs the AI your team runs.
Waxell Observe and Connect bring the agents you write — and the third-party agents your team adopts — under governance. Endpoints extends that to the machines themselves: the desktop apps, IDEs, CLIs, and browser tabs that talk to a model provider all day, often touching source code, customer data, and secrets.
These tools install themselves one developer at a time. Most organizations have no inventory of which are running, on whose machine, against which provider. Endpoints closes that gap.
THE PROBLEM
AI traffic looks like normal HTTPS, and your existing stack was built before every employee had a continuous outbound connection to a model.
Every call to api.openai.com or api.anthropic.com goes out over port 443 — no anomalous port, no signature to match. Web proxies and SSL inspection can't reach desktop apps that route directly to provider APIs. EDR doesn't flag Claude Desktop or Copilot, because they aren't malicious. Network DLP works on identified traffic — and AI traffic isn't identified. The result: an average of $670,000 added to breach costs specifically from shadow AI, on a fleet you currently can't see.
THE PROBLEM
AI traffic looks like normal HTTPS, and your existing stack was built before every employee had a continuous outbound connection to a model.
Every call to api.openai.com or api.anthropic.com goes out over port 443 — no anomalous port, no signature to match. Web proxies and SSL inspection can't reach desktop apps that route directly to provider APIs. EDR doesn't flag Claude Desktop or Copilot, because they aren't malicious. Network DLP works on identified traffic — and AI traffic isn't identified. The result: an average of $670,000 added to breach costs specifically from shadow AI, on a fleet you currently can't see.
What Endpoints delivers
DISCOVERY
The agent scans each machine and reports every AI app it finds — Claude Desktop, Cursor, Claude Code, GitHub Copilot, ChatGPT, Perplexity, browser assistants — per device, per user. The unknown inventory becomes a known one on day one.
ATTRIBUTION
It records the metadata of outbound AI traffic — which process, which provider host, when — attributed to the process and the user. Reading the TLS handshake, not decrypting it. You see who is calling which provider, not the contents.
CONTROL
Through policy, you leave an app observe-only, block it at the network layer before data leaves the machine, or — only when you explicitly turn it on — capture the request/response payload with on-device redaction.
ONE CONTROL PLANE
Apps, devices, policy, captures, and a live activity feed land in one place: Governance → Connect → AI Endpoints.
Apps, devices, policy, captures, and a live activity feed land in one place: Governance → Connect → AI Endpoints.
Governed vs. Ungoverned
Why your current stack can't do this — and how Endpoints does
SSL inspection would require a root CA on every machine, creates legal exposure, and kills developer trust. Most organizations that try it walk it back. Endpoints reaches the same visibility without that cost: on macOS a signed system extension reads the TLS handshake's plaintext hostname — no decryption — and on Windows an ETW consumer does the equivalent. You see hostname, process, IP, and timestamp. You do not see prompt or response content, unless you later enable capture for a specific provider, with on-device DLP.
It's governance, not just another agent in the stack: the same policy plane that governs your SDK agents now reaches the laptops.
How you deploy it
A whole fleet → MDM.
Push one per-tenant profile plus the signed installer from Hexnode, Jamf, Kandji, Mosyle, or Intune. Devices trust your tenant's certificate authority, enroll silently, scan themselves, and appear in your workspace — zero end-user action, no "Allow" dialogs. The profile uses only primitives every MDM supports, which is why it's MDM-agnostic.
One machine → manual install.
Download the signed app and install it yourself in a couple of minutes — no MDM, no IT ticket. The right way to try Endpoints on your own laptop first.
Each tenant gets its own certificate authority, so one customer's CA never touches another's, and attribution stays clean.
Worried about privacy and trust?
Three guarantees, by design:
Capture is off by default — installation gives you discovery and metadata, nothing more.
Capture targets catalog AI hosts only — TLS is never terminated for banking, health, or mail.
Redaction happens on the device — when capture is on, secrets and PII are stripped locally and the raw payload never leaves the machine; the control plane only ever receives the redacted form.
What Endpoints supports
Platforms
macOS (signed and Apple-notarized) · Windows (in active pilot)
Policy model
a layered Guard cascade — Global → App type → User group → Device → Agent group → Agent
Discovers
Claude Desktop, Cursor, Claude Code, GitHub Copilot, ChatGPT, Perplexity, browser assistants, and more — a curated catalog of 60+ AI provider domains, auto-synced
Deploys via
Hexnode · Jamf · Kandji · Mosyle · Intune — or manual single-machine install
Postures
observe-only (default) · block (preventive) · capture (opt-in, per host, DLP-redacted)
Visibility first. Capture is opt-in.
This is the principle that makes Endpoints safe to deploy.
Installing the agent turns on discovery and metadata only. Nothing is intercepted, decrypted, or uploaded as payload until an admin deliberately enables capture for a specific AI host. And even then, TLS is terminated only for catalog AI providers — never banking, health, or mail — and secrets and PII are redacted on the device before anything leaves it.
You get an accurate, low-risk inventory and activity picture immediately. Payload capture — the higher-sensitivity capability — is a separate, per-host, policy-gated decision you make later, with full privacy controls. It is off until you turn it on.
Governed vs. Ungoverned
Why your current stack can't do this — and how Endpoints does
SSL inspection would require a root CA on every machine, creates legal exposure, and kills developer trust. Most organizations that try it walk it back. Endpoints reaches the same visibility without that cost: on macOS a signed system extension reads the TLS handshake's plaintext hostname — no decryption — and on Windows an ETW consumer does the equivalent. You see hostname, process, IP, and timestamp. You do not see prompt or response content, unless you later enable capture for a specific provider, with on-device DLP.
It's governance, not just another agent in the stack: the same policy plane that governs your SDK agents now reaches the laptops.
Why your current stack can't do this — and how Endpoints does
Why your current stack can't do this — and how Endpoints does
SSL inspection would require a root CA on every machine, creates legal exposure, and kills developer trust. Most organizations that try it walk it back. Endpoints reaches the same visibility without that cost: on macOS a signed system extension reads the TLS handshake's plaintext hostname — no decryption — and on Windows an ETW consumer does the equivalent. You see hostname, process, IP, and timestamp. You do not see prompt or response content, unless you later enable capture for a specific provider, with on-device DLP.
It's governance, not just another agent in the stack: the same policy plane that governs your SDK agents now reaches the laptops.
How you deploy it
A whole fleet → MDM.
Push one per-tenant profile plus the signed installer from Hexnode, Jamf, Kandji, Mosyle, or Intune. Devices trust your tenant's certificate authority, enroll silently, scan themselves, and appear in your workspace — zero end-user action, no "Allow" dialogs. The profile uses only primitives every MDM supports, which is why it's MDM-agnostic.
One machine → manual install.
Download the signed app and install it yourself in a couple of minutes — no MDM, no IT ticket. The right way to try Endpoints on your own laptop first.
Each tenant gets its own certificate authority, so one customer's CA never touches another's, and attribution stays clean.
Worried about privacy and trust?
Three guarantees, by design:
Capture is off by default — installation gives you discovery and metadata, nothing more.
Capture targets catalog AI hosts only — TLS is never terminated for banking, health, or mail.
Redaction happens on the device — when capture is on, secrets and PII are stripped locally and the raw payload never leaves the machine; the control plane only ever receives the redacted form.
What Endpoints supports
Platforms
macOS (signed and Apple-notarized) · Windows
Policy model
a layered Guard cascade — Global → App type → User group → Device → Agent group → Agent
Discovers
Claude Desktop, Cursor, Claude Code, GitHub Copilot, ChatGPT, Perplexity, browser assistants, and more — a curated catalog of 60+ AI provider domains, auto-synced
Deploys via
Hexnode · Jamf · Kandji · Mosyle · Intune — or manual single-machine install
Postures
observe-only (default) · block (preventive) · capture (opt-in, per host, DLP-redacted)
Platforms
macOS (signed and Apple-notarized) · Windows
Deploys via
Hexnode · Jamf · Kandji · Mosyle · Intune — or manual single-machine install
Policy model
a layered Guard cascade — Global → App type → User group → Device → Agent group → Agent
Postures
observe-only (default) · block (preventive) · capture (opt-in, per host, DLP-redacted)
Discovers
Claude Desktop, Cursor, Claude Code, GitHub Copilot, ChatGPT, Perplexity, browser assistants, and more — a curated catalog of 60+ AI provider domains, auto-synced
POLICY A
POLICY B
POLICY C
POLICY D
Designed to scale
Centralized, reference-based policies scale cleanly across workflows, teams, and environments.
They are suitable for systems where execution is continuous, changes are expected, and governance must remain consistent over time.
Policies do not become harder to manage as automation expands. They become more important.
CallSine automatically finds and researches each prospect by analyzing their website, LinkedIn profile, and company information. Get comprehensive insights instantly without spending hours on manual research. It even works with your existing database.
Your agents are already calling tools.
The Waxell MCP Gateway gives you governance over which ones — and a record that proves you had it.
Free to start. 2-line setup.
SOC 2 Ready
FAQ
What is AI agent policy enforcement?
AI agent policy enforcement is the practice of applying predefined governance rules to autonomous agents at runtime — before or during execution — to ensure they operate within defined boundaries. Unlike observability, which records what agents did, enforcement prevents disallowed actions from completing. Waxell enforces policies deterministically across 26 categories, including cost limits, content filtering, kill switches, and PII protection.
How does Waxell enforce policies before execution begins?
When a workflow is triggered, Waxell evaluates all applicable policies against the current context before execution proceeds. Policies are stored centrally in the governance plane — not embedded in agent code — and applied by reference. If a policy condition is not met, execution stops and the outcome is logged with full context. There is no probabilistic reasoning, adaptive override, or silent exception.
What types of AI agent policies can Waxell enforce?
Waxell supports 26 policy categories covering the full surface area of agent behavior: cost and token limits, content and input scanning, PII protection, kill switches, rate limits, scheduling constraints, identity controls, data access restrictions, LLM-specific rules, human approval gates, and more. For teams with compliance requirements, Waxell Assurance covers how these policies map to audit, accountability, and operational trust.
Can Waxell policies be applied to existing agents without code changes?
Yes. Waxell instruments existing Python agents in two lines of code — install the SDK, initialize before your imports, and policy enforcement begins automatically. Waxell is framework-agnostic and works with LangChain, CrewAI, LlamaIndex, and custom Python agents. No changes to existing agent logic are required.
What happens when a Waxell policy blocks an agent execution?
When a policy condition is not met, execution halts and the event is recorded with full context — which policy applied, what condition failed, and the surrounding execution state. The record exists immediately and is inspectable without reconstructing from logs. Policy owners can review blocked executions, adjust rules, and retest using the same inputs and constraints that triggered the block.
See the AI running on your fleet.
See the AI running on your fleet.
Install the agent, and within minutes every managed device reports the AI apps it's running — with capture off until you decide otherwise.
Install the agent, and within minutes every managed device reports the AI apps it's running — with capture off until you decide otherwise.
Free to start. 2-line setup.
SOC 2 Ready
FAQ
What is Waxell Endpoints?
Waxell Endpoints is the part of Waxell that governs the AI tools running locally on your team's machines — desktop apps, IDEs, CLIs, and browser assistants — rather than the agents you build with the SDK. A small, signed desktop agent discovers every AI app on a device, reports the metadata of its AI traffic, and lets you block or capture that traffic under policy.
Does Waxell Endpoints decrypt my employees' AI conversations?
No — not by default. Installing the agent enables discovery and metadata only: which app, which provider host, and when, read from the TLS handshake without decryption. Payload capture is off until an admin explicitly enables it for a specific AI provider, and even then TLS is terminated only for catalog AI hosts — never banking, health, or mail — with secrets and PII redacted on the device before anything is uploaded.
How is Waxell Endpoints different from a web proxy or SSL inspection?
Web proxies and SSL inspection can't see AI desktop apps that route directly to provider APIs, and fleet-wide TLS interception carries legal and trust costs most organizations walk back. Endpoints gets visibility by reading the plaintext hostname in the TLS handshake — no decryption — and makes payload capture a deliberate, per-host, on-device-redacted decision rather than a blanket policy.
How do I deploy Waxell Endpoints?
Two ways. To a whole fleet: push one per-tenant profile and the signed installer through any MDM — Hexnode, Jamf, Kandji, Mosyle, or Intune — and devices enroll silently with zero end-user action. To a single machine: download the signed app and install it in a couple of minutes, no MDM required.
Which AI tools does Waxell Endpoints discover?
Claude Desktop, Cursor, Claude Code, GitHub Copilot, ChatGPT, Perplexity, browser-based assistants, and more, matched against a curated catalog of AI provider domains that auto-syncs. Any app talking to a provider not yet in the catalog surfaces as ungoverned.
Waxell
Waxell provides observability and governance for AI agents in production. Bring your own framework.
© 2026 Waxell. All rights reserved.
Patent Pending.
Waxell
Waxell provides observability and governance for AI agents in production. Bring your own framework.
© 2026 Waxell. All rights reserved.
Patent Pending.
Waxell
Waxell provides observability and governance for AI agents in production. Bring your own framework.
© 2026 Waxell. All rights reserved.
Patent Pending.