AI Management

BigFix Inventory includes a ready-to-use dashboard that delivers a single view of AI solutions across your fleet, local AI model files and MCP servers - with inventory, usage, spend, and compliance against FedRAMP, ISO 42001, and the EU AI Act.

BigFix Inventory discovers and governs the AI footprint on your computers, including the surfaces that network-based discovery tools miss: locally-hosted LLM weight files, local AI software and Model Context Protocol connections configured in agentic AI clients.

Required permission: View Raw Data, View Endpoints, View License Metrics, View Contracts, Manage Catalogs

You can perform the following actions using the dashboard:

  • Classify discovered AI products against your organization's policy and the EU AI Act risk tiers (Unacceptable, High, Limited, Minimal).
  • Manage AI-related risk directly from the dashboard. Products carrying compliance obligations are flagged when those obligations haven't been activated in your program.
  • Track spend and enterprise plan coverage to identify uncontracted use of paid AI tools at scale.

AI Management dashboard widgets

Overview
The Overview tile shows the following:
  • Data Train Risk: The number of discovered AI Tool products which have High data train risk
  • FedRAMP Certified: The number of discovered AI Tool products which have FedRAMP certification class: High, Moderate, and Low
  • Total AI Spend: The sum of expenses in contracts having AI Tool category. Note: in some cases the value may be different than the sum of expenses in AI Inventory grid. For example, a contract has an AI product but its metric does not match the metric assign to discovered software (0 software installations under a contract but > 0 instances under a product in AI Inventory grid), or when a contract contains multiple products. Drill down to All Contracts report with the filter by AI Tool category.
  • Blocklisted AI Instances: This is the number of discovered software instances of software in AI Tool category, which have 'blocklist' tag on software component or software instance level.
  • AIPC Candidates: The number of computers which are not AI capable but have currently non-blocklisted software containing ‘Local LLM Runtime’ or ‘AI Automation Agent’ subcategory. ‘Not AI capable’ means a desktop computer with Intel or AMD processor not indicated as AI capable by the manufacturer, what is recognized by Processor Brand String.
Top 5 AI Categories
Shows the top five subcategories of AI Tool category per the number of discovered software instances. Click on the links to view the Software Classification with the respective filters.
EU AI Risk Level in AI Products

Discovered AI Tool products per assigned EU AI Risk Assessment and Managed values

Grids in the dashboard

AI Inventory
Every AI product discovered across managed endpoints, with instances count, expense, enterprise plan status, and blocklist counts.
AI Compliance
  • Data Train Risk: Refers to multiple risks associated with providing data to learning models, may be Low/High, and it depends also on enterprise license usage. If there is a contract for the product then No, else it is retrieved from the software catalog data feed
  • FedRAMP Certified: Federal Risk and Authorization Management Program, federal-level standard for security assessment, providing a database with information about product's designation (class): B/C/D (Low/Moderate/High). This value is retrieved from the software catalog data feed. the values are: High, Moderate, Low, or Disallowed.
Local Models
It lists discovered locally stored AI model files.
MCP Servers

It lists discovered MCP server connections discovered via Initiate Software Scan fixlets (i.e.. saved as slmtag files with MCP_SERVER metric type and imported to BFI), grouped by: Software Name (AI Tool name), Instance (Protocol and Server Name). It is initially sorted by Count descending and AI Tool ascending.

MCP Servers

The following are the requirements of the MCP Server Data Collection mechanism:
  • MCP server scanning is only supported on Windows endpoints and requires BigFix Scanner and bfi-utils version 11.0.43.
  • Row data is collected via the SLM tags mechanism and can be reviewed in the Resource Utilization Report.
  • Data is generated during the Initiate Software Scan fixlet execution.
  • Problems can be investigated using the <endpoint_id>_citlog.log and bfi-utils.log files.
The following are the MCP Server Detection mechanisms:
  • The detection mechanism is based on the existence of JSON configuration files on the disc and detecting patterns inside those files. It supports the TOML format. This approach allows detecting potential use of MCP servers from most popular AI tools, such as Claude or ChatGPT, along with the path where the configuration file exists.