In this 90-minute hands-on lab, you’ll work an end-to-end governance scenario for shadow AI — the unauthorized AI agent tools that run persistently in the background, make autonomous outbound connections to LLM providers, access local file systems, and bundle vulnerable runtimes that carry measurable CVE exposure. Using Tanium Cloud, you’ll detect and triage AI software through Security Operations’ process-level behavioral telemetry and network-connection evidence (not just software presence), assess the CVE delta against your AI acceptable use policy with Exposure Management, then deploy enforcement controls with Endpoint Management and execute coordinated silent remediation paired with targeted user communication across the entire fleet — including remote, off-VPN endpoints. By the end of the session, you’ll have built an automated playbook that chains detection through remediation end-to-end, turning a multi-day manual fire drill into a sub-10-minute autonomous workflow, and produced a compliance evidence package that maps directly to auditor requirements.

Pre-Req(s): General familiarity with Windows endpoint environments — processes, services, and installed software, Conceptual understanding of shadow IT, software execution controls, and CVE severity ratings, Comfort with a web-based enterprise console (no command-line proficiency required)

Additional details