---
title: Self-Serve Agent Discovery
description: Build your own agent inventory with an LLM, then connect ZioSec to discover every agent it finds, including shadow agents, and attack each one continuously.
url: https://ziosec.com/use-cases/diy-agent-inventory
---

# Self-Serve Agent Discovery

**Discover-to-Test / Self-Serve Agent Discovery**

Ask an LLM to build your agent inventory, then connect ZioSec to it. We discover every agent the inventory lists, surface the shadow agents it should have listed, and attack each one continuously. You own the inventory. We own the attacks.

[Talk to Our Team](/contact) | [See a Sample Report](/sample-report)

## You can build the inventory. The hard part is testing what is in it.

Inventory is now a self-serve job. Point Claude or any capable LLM at your cloud accounts, code repositories, MCP servers, and identity logs, and it will draft a working catalog of the agents running in your environment. That solves discovery on paper. It does not tell you whether any of those agents can be turned against you. ZioSec plugs into the inventory you built and answers the question your catalog cannot: what happens when an attacker reaches each agent, its tools, and its data. Incumbents discover and govern. ZioSec discovers and attacks.

## You build the inventory. We plug in and attack it.

This is a clean division of labor. You, or the LLM you direct, build and maintain the agent inventory: a structured catalog of custom agents, Claude Code instances, and any agent built on MCP or A2A protocols, with their tools, data scopes, and entry points. ZioSec connects to that inventory as a live source of truth. Every agent it lists becomes a target for autonomous offensive testing. When your LLM updates the catalog, our coverage updates with it. You keep full control of how the inventory is built and what it contains. We take responsibility for proving whether each entry can be broken.

## Wire your inventory to ZioSec through the API.

The inventory you built does not have to live anywhere specific. It can be a database, a config file, a spreadsheet your LLM keeps current, or a service it queries on demand. You connect it to ZioSec through our API, which accepts the inventory as a feed and treats each agent record as a testable target. As records appear, change, or disappear, the API reconciles coverage so testing tracks reality instead of a stale snapshot. The same API exposes findings back out, so the LLM that built your inventory can also read what we found and annotate the catalog. See [/api](/api) for the full integration surface.

## We find the agents your inventory missed.

No self-built inventory is complete. Developers spin up agents in side projects, contractors leave MCP servers running, and an LLM cataloging your environment will miss what it was never pointed at. ZioSec correlates your inventory against the live signals an attacker would actually see: agent endpoints answering requests, MCP and A2A handshakes on the wire, tool-call patterns, and identities exercising agent permissions. Anything active that your catalog does not account for is flagged as a shadow agent and pulled into scope. Discovery is not a one-time import. It is a continuous reconciliation between what you cataloged and what is really running.

## AI attacks AI, against every agent we discover.

Discovery is the on-ramp. The product is the attack. For each agent in scope, ZioSec autonomously generates bespoke, deep-chained attack trees built from that specific agent's architecture, tools, and data access. The system probes a customer-support agent's refund path differently than a code agent's repository permissions, because it reads each target and composes attacks unique to it, then executes them in real time. It chains steps the way a real adversary would: prompt injection into tool misuse into privilege escalation into data exfiltration, adapting at each hop based on what the agent actually does. This autonomous generation of attacks per target is the non-copyable core. Static scanners and governance crawlers cannot reproduce it. Findings map into our methodology (A2OSF), the high-resolution taxonomy we classify each result in before exporting it to the public standards your auditors recognize.

## Every discovered agent stays under continuous test.

Agents change weekly. New tools get wired in, prompts get edited, data scopes widen, and a result that was safe last sprint is not guaranteed safe today. Once an agent enters scope through your inventory, ZioSec keeps testing it on an ongoing cadence and re-runs attack trees whenever the agent or its inventory record changes. You see drift the moment it becomes exploitable, not at the next annual review. Each cycle produces audit-ready evidence: a packet listing the attacks attempted, which succeeded, the severity of each, step-by-step reproduction, control-level mappings to OWASP AISVS, MITRE ATLAS, ISO 42001, NIST AI RMF, the EU AI Act, and AIUC-1, and timestamps, exportable for GRC and trust workflows.

## Live attacks, under your control.

ZioSec runs real attacks against agents you built and listed, so the engagement is scoped to stay inside your fences. You define the blast radius: which agents from the inventory are in bounds, which tools may be exercised, and which data classes may be touched. Destructive actions are simulated or approval-gated and never executed blind. There is a one-click stop, rate limits to protect production, and a full audit log of every action we take. Discovery widens what we can see. You decide what we are allowed to attack.

## From inventory to continuous attack

Three steps turn the catalog you built into live, ongoing offensive validation.

- **Connect your inventory.** Wire the agent catalog your LLM built into ZioSec through the API. Database, config file, or live service. Each record becomes a testable target.
- **Discover every agent, including shadow.** We reconcile your inventory against live signals on the wire and flag active agents your catalog missed, so nothing runs untested.
- **Continuously attack each one.** AI generates bespoke attack trees per agent and runs them on an ongoing cadence, with audit-ready evidence mapped to the six standards every cycle.

## Frequently asked questions

**Do I have to use your inventory tool?**

No. There is no ZioSec inventory tool to adopt. You build the inventory yourself, or have an LLM like Claude build it from your environment. ZioSec connects to whatever catalog you produce and uses it as the source of truth for what to discover and test. The boundary is deliberate: you own how the inventory is built, we own the attacks.

**How is this different from agent discovery and governance tools?**

Incumbents discover agents and then govern them: they apply policy, track posture, and flag drift. ZioSec discovers agents and then attacks them. We autonomously generate bespoke, deep-chained attack trees against each agent's specific architecture, tools, and data access and run them in real time. Governance tells you an agent exists and whether it follows policy. ZioSec tells you whether an attacker can break it. If you want continuous governance alongside attack, see [/use-cases/continuous-agent-governance](/use-cases/continuous-agent-governance).

**What counts as a shadow agent, and how do you find it?**

A shadow agent is any agent active in your environment that your inventory does not account for: a side-project agent, a leftover MCP server, an agent a contractor stood up. We find them by correlating your inventory against the live signals an attacker would see, including agent endpoints, MCP and A2A handshakes, tool-call patterns, and identities exercising agent permissions. Anything live that your catalog misses is flagged and pulled into scope.

**How does my inventory connect to ZioSec?**

Through the ZioSec API. The API accepts your inventory as a feed, treats each agent record as a testable target, reconciles coverage as records change, and exposes findings back out so the LLM that built your inventory can read results and annotate the catalog. Full details are at [/api](/api).

**Is it safe to run live attacks against agents I just inventoried?**

Yes, because you control the scope. You define which discovered agents are in bounds, which tools may be exercised, and which data classes may be touched. Destructive actions are simulated or approval-gated and never executed blind. There is a one-click stop, rate limits, and a full audit log. Discovery widens visibility. You decide what is in scope to attack.

**Can I start small before connecting a full inventory?**

Yes. A scoped pentest engagement is the low-commitment on-ramp: a fixed $10,000 offensive assessment of a defined set of agents, delivered with the same AI-attacks-AI engine and audit-ready evidence. It credits 100 percent toward an annual platform subscription, so a scoped engagement on a few agents is a natural first step before wiring your whole inventory in. See [/ai-agent-pentesting](/ai-agent-pentesting).

## Related

- [ZioSec API and integration surface](/api)
- [Continuous Agent Governance](/use-cases/continuous-agent-governance)
- [All use cases](/use-cases)

## Build the inventory. Let us break what is in it.

Connect the catalog your LLM built, and ZioSec discovers every agent it lists plus the shadow agents it missed, then attacks each one continuously. Talk to our team about wiring your inventory to the API, or see a sample report first.

[Talk to Our Team](/contact) | [See a Sample Report](/sample-report)

## Contact

ZioSec, Boulder CO. Email [info@ziosec.com](mailto:info@ziosec.com) or call +1-720-807-2737. Book a demo at [/demo](/demo).