Waxell Endpoints
Endpoints is the part of Waxell that governs the AI tools your team runs locally — the desktop apps, IDEs, CLIs, and browser tabs on real laptops, not just the agents you build with the Waxell SDK. It answers three questions every security and platform team is now asking:
- What AI is actually running on our machines? (shadow-AI discovery)
- What is it doing? (per-app, per-device, per-user activity)
- Can we control it? (block, allow, or capture — under policy)
The problem: ungoverned AI on the endpoint
AI tools install themselves one developer at a time. Claude Desktop, Cursor, Claude Code, GitHub Copilot, ChatGPT's desktop app, Perplexity, a dozen browser-based assistants — each one talks to a model provider over the network, often touching source code, customer data, or secrets. Most organizations have no inventory of which of these are running, on whose machine, against which provider.
Waxell Endpoints closes that gap with a small, signed desktop agent that you deploy either to a whole fleet (via MDM) or to a single machine (a direct download). Once installed, the agent:
- Discovers every AI app on the machine and reports it to your workspace.
- Observes the metadata of their outbound AI traffic (which app, which host, when) — attributed to the process and the user.
- Governs that traffic through policy: leave it observe-only, block a specific app, or — only when you explicitly turn it on — capture the request/response payloads with on-device DLP redaction.
The headline principle: visibility first, capture is opt-in
Installing the agent turns on discovery and metadata only. Nothing is intercepted, decrypted, or uploaded as payload until an admin explicitly enables capture for a specific AI host on the Guard cascade. And even then, TLS is terminated only for catalog AI hosts — never banking, health, or mail — and secrets/PII are redacted on the device before anything leaves it.
This ordering is deliberate. You get an accurate, low-risk inventory and activity picture on day one. Payload capture — the higher-sensitivity capability — is a deliberate, per-host, policy-gated decision you make later, with full privacy controls. See Privacy & DLP.
Governed vs. ungoverned: the gap analysis
The product is, at heart, a gap analysis. For every machine it shows you:
| Ungoverned (before) | Governed (after Waxell) | |
|---|---|---|
| Inventory | Unknown which AI apps exist | Every AI app, per device, listed |
| Attribution | No idea who/what is calling providers | Per-process, per-user, per-host flows |
| Control | None | Block / allow / capture under policy |
| Evidence | None | Redacted, attributed activity record |
Two ways to deploy
- A whole fleet → MDM. Push one per-tenant profile plus the signed installer from Hexnode, Jamf, Kandji, or Intune. Devices enroll silently, zero end-user action.
- One machine → Manual install. Download the signed app and install it yourself in a couple of minutes — no MDM, no IT. Great for trying Waxell on your own laptop first.
Where to go next
- New to the concept? Read How it works and Key concepts.
- Rolling out to a team? Start at Deploy to a Fleet (MDM).
- Just you? Jump to Manual install.
- Ready to control traffic? See the Guard cascade.