Unresolved trust
3 entities
1 key, 1 endpoint, and 1 identity chain are changing attribution confidence.
Meaning-layer inventory
Inventory should show which entities weaken trust, widen blast radius, and cross company boundaries before it shows the full catalog.
This mockup reframes inventory around the questions above the raw lists: who is unresolved, what sensitive company context matters most, where activity can leave the company, and which shared lanes could amplify impact.
Operator brief
Inventory needs review
3 trust anchors unresolved, 2 exposure paths matter now, and 1 shared execution lane is widening scope.
Sensitive context
5 touchpoints
A small set of repos, files, credentials, and capabilities carry most of the company consequence.
External boundaries
2 paths
One plain HTTP edge and one unlabeled destination deserve review.
Shared blast radius
1 lane
A shared automation path is beginning to span more endpoints and sensitive paths.
Where inventory matters most
Start with the few entity stories that change response
These lanes explain why an entity type matters before the user opens its focused meaning page.
trust changed3
Credential trust
One unknown API key is now a company-wide question, not just a row in inventory.
Why it matters
Shared credentials can span users, endpoints, and downstream systems. Security needs to know quickly whether this is approved activity or a real unknown.
Affected scope
1 unknown key, shared AI credential lane, active session against auth-related code.
Open the raw API key list, verify owner, then decide whether to suspend immediately.
Open api keys storyownership weak19
Endpoint ownership
The environment cannot be secured confidently if active hosts are not bound to owners and expected environments.
Why it matters
When endpoint inventory is incomplete, every live session on that host becomes harder to verify, contain, or dismiss.
Affected scope
1 unresolved endpoint, 1 live session, unclear team ownership.
Bind the unresolved host to a person, team, or environment.
Open endpoints storyconsequence high8
Sensitive company context
Files and repos matter most when they reveal which services, configs, or secrets could widen company exposure.
Why it matters
Security should be able to spot the small set of sensitive paths and codebases that carry most of the consequence without paging through every row.
Affected scope
auth-service, customer-web, auth.ts, .env, deploy configs, and related active sessions.
Open repo inventory first, then confirm which files, capabilities, and sessions sit nearest the highest-consequence codebases.
Open repos storyboundary crossed28
Outbound boundaries
Secondary calls and external tool paths matter because they show where AI activity can leave the company.
Why it matters
The dangerous moment is rarely the existence of a file or key alone. It is the connection between company context and a destination outside the expected trust boundary.
Affected scope
1 HTTP destination, 1 unlabeled host, one session window crossing from file access to network.
Classify the destination and verify whether the path is expected internal traffic.
Open secondary calls storyEntity catalog by security meaning
Keep the raw catalog, but group it by the question security is trying to answer
Who or what can we trust?
Identity and ownership inventory determines whether security can attribute activity confidently.
Users
Security uses user inventory to anchor attribution, ownership, and accountability around the rest of the entity graph.
Endpoints
Hosts matter because they anchor environment posture, owner confidence, and containment options around the rest of the graph.
API Keys
Credentials are one of the clearest blast-radius surfaces in the inventory. The first read should make that consequence obvious.
What carries company consequence?
Consequence comes from sensitive content and the tools that can reach or transform it.
Files
Security wants to know which file clusters matter to trust, boundary, and containment, and which repo or service gives those paths business meaning.
Repos
Files are evidence, but repos tell the operator what team, service, and company consequence that evidence belongs to. This page should make that context explicit.
Tools & Skills
The important question is what agents can do, not just what tools are registered.
Sessions
The raw session table is still useful, but the first read should explain which sessions widened scope, changed confidence, or created the next investigation path.
Where can activity leave the company?
Boundary-crossing inventory should stay easy to scan because that is where many stories become real risk.
Secondary Calls
The first read should explain which outbound destinations matter, why they matter, and what internal context was nearby.
MCP Servers
Transport, exposure, and tool reach matter more than the server list itself when security is deciding where to look first.
Models
Security and platform teams care about which model choices matter operationally, not only which model ids have appeared.
What could amplify blast radius?
Shared infrastructure matters because one mistaken trust assumption can spread farther.
Agents
Security cares about the execution lane each agent opens: how broadly it is deployed, what tools it can reach, and what kinds of work it normalizes.
Sessions
The raw session table is still useful, but the first read should explain which sessions widened scope, changed confidence, or created the next investigation path.
Surfaced patterns
What makes this feel like detection, not taxonomy
Known user on a new machine
UsersA familiar developer account starts showing up from an endpoint that is not yet in inventory.
Unknown key touching shared credentials and files
API KeysA first-seen credential now appears in sessions against company-critical code paths.
Sensitive file access followed by a rare destination
Secondary CallsA session that touched important code then made an outbound call to an unfamiliar host.
Shared automation path expanding
AgentsOne automation identity is beginning to appear across more endpoints and sensitive paths than before.
One credential lane now spans two critical repos
ReposA shared key or automation path now touches both auth-service and customer-web within the same recent workstream.
First-seen server path with unclear purpose
MCP ServersA new MCP server appears, but its business function and expected callers are still unknown.
Gaps blocking trust
Weak inventory is itself a security problem
Endpoint ownership is incomplete
The most important current host still lacks team and environment labeling.
Unblocks: Attribution, host isolation, and whether current AI usage is legitimate company activity.
Credential inventory may be stale
An unknown key could be real drift or delayed sync, and the page should show that distinction clearly.
Unblocks: Faster revoke-or-verify decisions for the shared credential lane.
Destination intent is under-labeled
Some secondary calls still lack business-purpose classification.
Unblocks: Clearer separation between expected internal services and possible exfiltration paths.
Stable coverage
Normal inventory should reassure
Known-good identity coverage
34 / 36 sessionsMost activity still maps cleanly to known users, endpoints, and expected credentials.
Expected outbound traffic
7 / 8 pathsNearly all destinations remain encrypted and familiar to the organization.
Contained execution footprint
3 agent lanesThe software footprint is still narrow enough for security to reason about quickly.