Jamf AI Governance for Mac Addresses Shadow AI and Policy Enforcement
Jamf has launched AI Governance for Mac, a new feature enabling organizations to discover, manage, and control the use of AI tools on their macOS devices.
Jamf has announced the general availability of AI Governance, a new capability designed to empower IT and security teams in managing the rapidly expanding landscape of artificial intelligence tools on Mac devices. This feature allows organizations to discover actively used AI applications, enforce granular policy controls, and generate audit-ready reports, directly addressing the growing challenge of tracking both sanctioned and unsanctioned AI usage across a device fleet.
Many organizations grapple with the difficulty of auditing and reporting on AI tool adoption, particularly concerning shadow AI – applications that are deployed and used without explicit IT approval. AI Governance aims to provide comprehensive visibility into which AI applications are in use, offering deep insights into their behavior on the endpoint. This level of detail, which network or cloud-based solutions often miss, is crucial for security teams to identify risks, ensure compliance, and make informed governance decisions.
Initially, AI Governance offers deep governance coverage for popular AI tools including Claude Code, Claude Desktop, and OpenAI Codex. It provides granular control over aspects such as model access, tenancy, network permissions, file system controls, and other vendor-specific AI configurations. A continuous monitoring engine tracks supported AI platforms for new or updated controls, ensuring that governance policies remain current as AI tools evolve at a rapid pace. Importantly, these policies are enforced offline and before a user's first login to an AI agent, establishing a foundational, tamper-resistant policy baseline.
The solution addresses a critical gap in managing AI on macOS, where AI tools often run natively on Apple Silicon and operate as processes that traditional network proxies and cloud-based tooling cannot fully monitor or govern. Jamf AI Governance closes this gap by providing native visibility into shadow AI and enabling granular AI configurations through the familiar endpoint management control plane. This offers a unified approach to device management, deep AI tool configuration coverage, and the translation of governance intent into vendor-correct configurations on macOS.
Key features include enhanced visibility through Jamf's existing telemetry agent, which discovers AI tools, agents, and LLM runtimes across the fleet without requiring a new agent. Control is achieved through AI access policy controls that allow IT to define sanctioned tools, deploy policies at scale, and scope different postures to various teams, with vendor-correct configurations applied automatically. For governance, an executive AI posture report offers CISOs a snapshot of AI usage, with SIEM compatibility to aid in reporting against compliance frameworks.
Jamf's integration with Okta further enhances AI agent security. Organizations can register discovered AI agents directly with Okta for AI Agents, granting them managed identities and scoped access to necessary resources. This integration, deployed directly from Jamf's console, ensures that agents use short-lived, vaulted credentials rather than static keys, with every action authorized and logged from the endpoint to the cloud. This coordinated security between endpoint and identity layers provides organizations with a clear audit trail of agent activity.
The urgency for enterprise AI governance is escalating as organizations increasingly integrate AI-powered tools into their workflows. Jamf's recent AI Governance Survey highlighted that organizations with deeply integrated AI are significantly more likely to report security incidents, underscoring the need for robust management solutions. AI Governance for Mac aims to provide the necessary visibility, control, and reporting to navigate this evolving AI landscape securely and compliantly.