Jamf brings AI governance and shadow AI detection to Mac

Applications of AI


Jamf announced the general availability of AI Governance, a new feature within Jamf for Mac. This allows IT and security teams to discover which AI tools are actively being used, apply policy controls, and generate audit-ready reports.

Jamf AI Governance

Many organizations struggle to confidently audit and report on AI tool usage across devices, including both sanctioned applications and unsanctioned or prohibited tools. AI Governance provides comprehensive visibility into which AI applications are in use and provides detailed insight into how they behave on endpoints.

This gives organizations a level of understanding of AI activity that network and cloud-based reporting solutions alone cannot provide, helping security teams identify risk, support compliance, and make informed governance decisions.

With launch support for Claude Code, Claude Desktop, and OpenAI Codex, this feature provides granular governance across model access, tenancy, network permissions, file system controls, MCP server limits, and other vendor-specific AI configurations.

The Vendor Control Tracking Engine continuously monitors new or updated controls for supported AI platforms, helping organizations keep governance policies current as AI tools rapidly evolve. All of these policies are applied offline, before a user logs into the AI ​​agent for the first time, enforcing a basic day-zero and tamper-resistant policy baseline.

Native Mac control plane for enterprise AI

AI tools run natively on Apple Silicon and operate as processes that cannot be fully seen or managed by existing network proxies or cloud-based tools. There are no existing tools that integrate platform-native device management, deep AI tool configuration coverage, and workflows that translate governance intent into vendor-friendly configurations on macOS.

Jamf AI Governance bridges that gap by enabling shadow AI visibility and natively providing detailed AI configurations that are deployed in minutes through the same endpoint management control plane that administrators use today, providing:

  • Visibility: AI Application Visibility and Shadow AI Detection uses Jamf’s existing telemetry agents that use native, high-performance macOS frameworks to surface AI tools, agents, and LLM runtimes across your fleet, including CLI-based developer tools and background agents. No new agent required.
  • control: AI access policy controls allow IT to define authorized tools, deploy access policies at scale, and enforce different regimes for different teams. Automatically apply vendor-appropriate configurations at scale.
  • Governance: The Executive AI Status Report provides CIOs and CISOs with a snapshot overview of their AI usage. This feature provides SIEM compatibility and is designed to allow businesses to report against their existing compliance frameworks.

Beth Tschida, CEO of Jamf, said: “Organizations need governance that aligns with how their AI tools actually work on Macs. That means visibility into what’s running, policy controls applied directly at the endpoint, and reporting that helps security teams prove compliance. Our AI governance capabilities deliver that natively from the same platform that customers already trust to manage and secure their Apple devices.”

“Like many organizations, we want to enable our teams to use AI tools productively while maintaining proper governance and oversight,” said Sam Lalli, Security Engineering and SOC Manager at Eventbrite. “What impressed us about Jamf’s AI governance was how quickly we could enforce policies across our Mac fleet without adding another point solution or creating friction for our developers. Having this critical functionality built into the same device management platform we already use really simplifies AI governance for our team.”

Jamf’s AI governance policies go beyond providing critical visibility and control to more effectively deploy and manage partner AI solutions.

IT and security teams can use Jamf to discover AI tools running across MacOS devices and register those agents directly with Okta for AI agents. This gives each user a managed identity and limited access to only the resources they are authorized to access. Jamf controls which MCP servers can run on your device, and Okta controls which cloud resources those MCP servers can access.

The agent uses short-lived vaulted credentials instead of long-lived static keys, and all actions are authorized and logged from the endpoint to the cloud. The Okta integration is deployed directly from the Jamf console without requiring manual API setup or certificate management.

Organizations can also configure their preferred agent builder platform, such as Amazon Bedrock AgentCore, to ensure that AI traffic is routed through sanctioned cloud infrastructure.

With Jamf handling device visibility and policy enforcement and Okta managing agent identity and access, organizations can answer questions such as which agents ran on which endpoints, what agents were authorized to reach, and what they did along the path from MacOS devices to SaaS apps.

“While some enterprise AI agents run locally, they access data across a vast cloud ecosystem and require coordinated security between the endpoint and identity layers,” said Harish Peri, senior vice president and general manager of AI Security at Okta. “By anchoring Okta for AI Agents to Jamf’s endpoint enforcement, all agent connections on managed Macs are authenticated, authorized, and have full visibility from the device to the data. Together, we are helping organizations become secure agent enterprises by giving them more control over what their AI agents can access and on whose behalf.”

The urgency of AI governance is accelerating

The need for enterprise AI governance is accelerating as organizations deploy AI-powered tools across employee workflows. Jamf’s recently released AI Governance Study found that organizations with deeply integrated AI are 40% more likely to report incidents than those still in the exploration stage, suggesting that AI governance is rapidly becoming an operational requirement rather than a planning exercise for the future.

Gartner says, “With AI governance spending expected to reach $492 million in 2026 and exceed $1 billion by 2030, organizations are reevaluating the tools and strategies they need to stay ahead of both regulatory and operational risks.”

Gartner also states in its 2026 Top Cybersecurity Trends report that “cybersecurity leaders must identify both sanctioned and unsanctioned AI agents, implement robust controls for each, and develop incident response playbooks to address potential risks.”



Source link