Cartography Open Source Tool Enables Detection and Mapping of Production AI Agents to Infrastructure

Summary

The open-source Cartography project has announced new capabilities to detect and map AI agents running in production environments to their underlying infrastructure, including IAM roles, tools, network exposure, and connected services. The enhancement addresses a critical gap in AI security and governance, as most organizations currently lack visibility into which services run AI agents, what permissions they have, or whether they're exposed to the internet. Using container image scanning and AWS APIs, Cartography can now traverse from detected AI agents through ECS tasks to IAM roles, load balancers, and DNS records, providing a comprehensive view of agent-to-infrastructure relationships. The project leverages Cisco's AIBOM scanner to identify agents by framework (pydantic_ai, langchain, OpenAI, and others) and map their declared tools, models, memory, embeddings, and prompts within the infrastructure graph.

• As AI governance requirements from regulations like the EU AI Act and NIST AI RMF push organizations toward maintaining AI system inventories, Cartography provides foundational visibility needed for risk assessment and incident response

Editorial Opinion

The announcement highlights a critical infrastructure blind spot in the rapid deployment of AI agents—organizations are running autonomous systems in production without basic visibility into their permissions, tools, and network exposure. While Cartography's contribution to open-source agent discovery is valuable, it underscores how immature the AI security ecosystem remains compared to traditional cloud infrastructure. As AI agents become more autonomous and adaptive by design, the gap between their capabilities and organizational control mechanisms poses genuine governance and security risks that will only widen without industry-wide adoption of detection and mapping tools.