> For the complete documentation index, see [llms.txt](https://help.nightfall.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.nightfall.ai/data-exfiltration-prevention/ai-agent-security/ai-governance/auditability-and-control.md).

# Auditability and Control

Nightfall uses two complementary mechanisms to protect AI agent activity:

#### Hooks - Real-Time Enforcement

Hooks intercept AI agent actions before they execute. When a developer submits a prompt, calls a tool, or runs a shell command, Nightfall scans the content against your policies and can block the action if a violation is detected.

* Supported agents: Claude Code, Cursor, VS Code
* Enforcement: Block or Monitor

#### OpenTelemetry - Async Monitoring

OpenTelemetry (OTel) captures a complete telemetry stream of AI agent activity after actions complete. This provides full session audit trails including cost tracking, model information, and tool activity.

* Supported agents: Claude Cowork
* Enforcement: Monitor only (no real-time blocking)
* Additional data: Token usage, cost per prompt, model name, API errors

***

### Prerequisites

Before AI Agent Security can function on your endpoints, ensure the following requirements are met:

#### Nightfall Endpoint Agent

* Version 1.2.12.11 or later is required.
* The agent must be installed and running on each endpoint where AI agents are used.

#### MDM Configuration Profile

{% hint style="info" %}
Required: You must deploy the Nightfall MDM configuration profile (v3 or later) via your MDM provider (Jamf, Mosyle, Kandji, etc.). This profile grants the necessary system permissions for the Nightfall agent to monitor AI agent activity.
{% endhint %}

#### AI Agent Policy

At least one AI Agent Security policy must be active in your Nightfall console. SecOps or IT administrators must install hooks using an MDM script or the IDE console for Cursor, Claude Code or VS Code.&#x20;

***

### Next Steps

* [Setup & Installation](/data-exfiltration-prevention/ai-agent-security/ai-governance/auditability-and-control/setup-and-installation.md) - Verify your deployment and understand how hooks are installed
* [Hooks vs. Open Telemetry](/data-exfiltration-prevention/ai-agent-security/ai-governance/auditability-and-control/hooks-vs.-open-telemetry.md) - Compare the two enforcement mechanisms
* [Policy management](/data-exfiltration-prevention/ai-agent-security/ai-governance/auditability-and-control/creating-an-ai-agent-security-policy.md) - Step-by-step policy creation guide
* [Policy incidents](/data-exfiltration-prevention/ai-agent-security/ai-governance/auditability-and-control/investigating-ai-agent-security-incidents.md) - How to review and respond to AI agent violations
* MCP server collections - Discover and manage MCP servers across your fleet<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.nightfall.ai/data-exfiltration-prevention/ai-agent-security/ai-governance/auditability-and-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.