Skip to main content
platform

Know every agent on your network.

Quint's OS-level daemon detects 21+ AI agent platforms through a 6-layer detection stack and maps every relationship into a queryable graph. No agent configuration required.

GET STARTED
0+
Platforms
0
Detection Layers
0
Graph Node Types
0-hop
Hop Blast Radius
Discovery engine
Agent Detection Engine detected
Antigravity
Claude Code
Cursor
Cursor
Windsurf
Windsurf
GithubCopilot
Copilot
Dv
Devin
Ai
Aider
Cline
Cline
Tn
Tabnine
AQ
Amazon Q
Gemini
Gemini
Replit
Replit
OpenHands
OpenHands
V0
v0
Lovable
Lovable
Perplexity
Perplexity
Mistral
Mistral
Cohere
Cohere
OpenAI
OpenAI
Vercel
Vercel
++
Custom
Process AnalysisTraffic AnalysisPrompt AnalysisSignature Analysis
Detected platforms

21+ agent platforms detected out of the box. New signatures ship continuously.

AntigravityClaude Code
CursorCursor
GithubCopilotGitHub Copilot
WindsurfWindsurf
KKiro
CodexCodex
AAider
ClineCline
CContinue
AAugment
GooseGoose
GeminiGemini CLI
AmpAmp
ZZed
opencodeOpenCode
PPearAI
TRAETrae
VVoid
DDevin
RooCodeRoo Code
++More

Six-Layer Detection Stack

The daemon combines six independent detection signals: code signing (TeamID + SigningID, confidence 1.0), process name/path (1.0), HTTP headers like x-cursor-checksum and copilot-integration-id (0.9), system prompt fingerprinting (0.95), user-agent patterns (0.85), and protocol fingerprinting via TLS/HTTP2/gRPC/Protobuf (0.7). Each layer catches what the others miss.

  • 21+ agent platforms detected out of the box
  • No agent SDK or code changes needed
  • 7 LLM API parsers: Anthropic, OpenAI, Gemini, Bedrock, Azure OpenAI, Mistral, Cohere

Agent Hierarchy Detection

Parent/child/sub-agent tracking with confidence scores. Detection via model divergence (e.g. Opus parent producing Haiku child), concurrency spikes, and temporal gap analysis. HMAC-SHA256 spawn tickets provide cryptographic parent-child verification across delegation chains.

  • 3-layer sub-agent detection system
  • Catches privilege laundering across delegation chains
  • Cryptographic spawn tickets for verified hierarchy

Shadow Agent Discovery

A developer installs an AI coding tool without IT approval. Within 5 seconds, Quint's process scanner detects it, the ES extension starts monitoring its syscalls, and the proxy begins intercepting its API traffic. No configuration needed.

  • 65% of AI tools operate without IT approval (Gartner)
  • Non-human identities outnumber human users 82-to-1
  • Zero-config detection — no allow-lists, no enrollment

Divergence Detection

When Quint detects an agent, it monitors from two independent layers simultaneously. The proxy captures what the agent says it will do. The EndpointSecurity sensor captures what it actually does. Cross-validation between layers catches compromised, misconfigured, and malicious agents.

  • Proxy intent vs. OS truth — two independent observation layers
  • Catches agents that lie about their actions
  • Divergence score feeds directly into risk scoring

Agent Inventory & Fingerprinting

Every detected agent receives a persistent identity: what model it runs, which tools it accesses, when it operates, and how it behaves over time.

  • Per-agent behavioral profiles built automatically
  • Complete agent-to-tool-to-data relationship mapping

Retroactive Agent Backfill

Early requests classified as 'unknown' are automatically reclassified when richer signals arrive later. As the detection stack accumulates evidence — code signing, HTTP headers, prompt fingerprints — previously ambiguous traffic gets retroactively attributed to the correct agent.

  • No lost visibility during cold-start detection
  • Confidence scores improve as evidence accumulates

Session Tracking & Lifecycle

Full session fingerprinting using SHA-256 of tracker key, working directory, and platform. Conversation anchoring via hash of first messages enables resume detection. Each session follows a lifecycle: starting, active, draining, ended.

  • SHA-256 session fingerprints for unique identification
  • Conversation anchoring detects resumed sessions
  • Full lifecycle state machine per session
Agent graph
Delegation Chain17 nodes / 17 edges
DeveloperClaude Codecode-reviewsecurity-scandeploy-agentgiteslintsemgrepdockerkubectlrepoconfigvaultcluster
User
Agent
Tool
Resource
Action

Relationship Mapping

Automatically discovers agent-to-tool, tool-to-data, and agent-to-agent relationships from observed agent actions and tool call traffic. No manual configuration.

  • Heterogeneous graph: agent, action, target, data_field, context nodes
  • Automatic discovery from intercepted traffic

Blast Radius Analysis

When an agent is compromised, trace downstream dependencies: sub-agents, data sources, shared tool servers. Analysis that takes hours, computed in seconds.

  • A compromised agent can rapidly affect downstream decisions across the dependency chain
  • Multi-hop dependency analysis

Graph-Powered Risk Scoring

The graph engine learns risk patterns from structure. Unusual connectivity, over-privileged tool servers, and deep delegation chains score higher automatically.

  • Structural risk analysis
  • Comprehensive rule-based analysis

Delegation Chain Visibility

Map every link in multi-agent delegation chains. Enforce policies at each hop. If Agent B doesn't have permission, the chain breaks.

  • Sub-agent detection across 3 independent methods
  • Token hierarchy prevents privilege laundering

Secure your agents.
Ship with confidence.

One install. Every agent. Deploy in under 2 minutes. Free for your first two machines.

GET STARTED FREE