Watch on YouTube
Watch on Vimeo
Wei Ling Neo discusses the evolving landscape of “Shadow AI” and the critical regulatory pressures facing modern enterprises. A central theme of the presentation is the upcoming enforcement of the EU AI Act, which carries massive financial penalties of up to €35 million or 7% of global revenue for non-compliance. While Fortinet previously focused on basic visibility and Data Loss Prevention (DLP) for generative AI applications, such as catching AWS access tokens pasted into prompts, the strategy has now shifted toward deeper inspection of the entire AI ecosystem. This includes monitoring Large Language Models (LLMs), AI agents, and Model Context Protocol (MCP) servers to provide a granular view of how data moves between users and autonomous agentic systems.
The presentation highlights new capabilities within FortiOS 8.0 that allow the FortiGate firewall to act as a primary inspection point for AI-driven traffic. By decoding protocols like WebSockets and MCP, Fortinet can now identify specific AI functions, such as when an agent like VS Code or Cursor attempts to list files, summarize code repositories, or check in new code to GitHub. This “Agent-to-Agent” (A2A) visibility ensures that even if developers use sophisticated desktop clients rather than web browsers, the security team can still see which models are being used and what data is being manipulated. The system also supports distinguishing between corporate and personal AI accounts by mapping user identity to session activity, allowing organizations to sanction authorized enterprise tools while blocking or monitoring risky, unsanctioned alternatives.
Beyond simple blocking, the session emphasizes the importance of a coordinated security fabric that includes endpoints and centralized reporting. Neo explains that while a firewall might offer a “deny” response, an integrated endpoint client like FortiClient can provide “user coaching” to explain why a specific AI action was restricted. To manage this at scale, FortiAnalyzer now includes dedicated Shadow AI reports that aggregate logs into a high-level overview, helping security teams discover new agents and transition them through the sanctioning process without disrupting developer workflows. Although some challenges remain–such as inspecting activity that stays entirely within a third-party SaaS environment like Salesforce–the presentation underscores Fortinet’s commitment to providing deep, transparent visibility into the burgeoning world of AI agents and their underlying communication protocols.
Personnel: Wei Ling Neo
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
