Shadow AI discovery
Find the AI your org didn't know it was running.
Governance starts with knowing what is out there. AxioRank turns the logs and directory you already have into a live map of ungoverned AI, ties each finding to a person, and streams it to your SIEM. No agent to install.
egress logs · mcp scans · cloudtrail · entra and casb · streamed to your siem
The blind spot
You can't govern what you can't see.
Your gateway governs the agents that route through it. The risky ones rarely do. Someone wires an MCP server into Cursor, a team authorizes an AI app in your directory, a Lambda calls Bedrock, an engineer pipes data to an API the proxy never flagged. That is shadow AI, and it is invisible until you go looking for it.
Honest by design
Four signals you already produce
No new agent. Point what you have at one endpoint.
Each signal is pushed to a per-workspace ingest token. We keep only the AI-relevant subset and drop the rest, so we never store your full logs.
Egress and proxy logs
Forward your Zscaler, Squid, Cloudflare Gateway, or firewall logs as NDJSON. A call to an AI endpoint from a host that is not an enrolled agent is direct evidence of ungoverned use.
MCP-client scans
Pipe @axiorank/mcpaudit at a developer's Cursor or Claude config and it surfaces the MCP servers wired into their AI client that never touch the gateway.
AWS CloudTrail
Bedrock model invocations never hit a network proxy. We read CloudTrail and attribute each one to the IAM identity that called it.
Microsoft Entra and Defender
App consents and sign-in logs reveal which AI SaaS apps your tenant authorized and uses. Defender for Cloud Apps adds the network-discovered ones.
One app, one finding
Four signals about the same app become one row.
ChatGPT seen as an Entra consent, in sign-in logs, and by Defender is one finding, not three. Each signal resolves to a known app and merges by identity, so you read a clean map instead of a pile of duplicates.
app ChatGPT (OpenAI) channels consent · sign-in · casb scopes User.Read, Mail.Read, offline_access who alice@corp.com (top sign-in for 203.0.113.5) risk 75 status new -> acknowledge · govern · ignore
Who, not just what
Every finding points at a person.
Entra sign-ins map an IP to a user. So an ungoverned call from 203.0.113.5 is not an anonymous address, it is the person who was signed in from it. The correlation is heuristic and shown as context, and it only raises confidence when it matches an agent you already enrolled. It never quietly marks a finding governed for you.
Identity correlation
An IP-to-user map from your directory turns a raw source into a named owner you can actually go talk to.
Conservative by default
Findings stay candidates. A human confirms. We never imply governance from a heuristic, because a false all-clear hides the very thing you are hunting.
Close the loop
Stream discoveries straight to your SIEM.
The same destinations that receive your audit log can receive shadow AI. Flip on forwarding and every discovery lands in Splunk, Datadog, or any OTLP collector as a structured event, so your team triages it where they already work.
Keep exploring
Continue across the control plane.
See the AI your org is actually running.
Connect a source, get a live map of ungoverned AI tied to identity, and bring each finding under governance in a click.