Fortinet will expand FortiEndpoint with features to identify applications and AI agents, inspect data sent to these services, and adjust access based on the risk level of each device. The updates, expected in Q3 2026, will be managed from a common console and share an agent with platform capabilities for protection, detection, and secure access.
The key points of FortiEndpoint in 20 seconds
- It will detect authorized, unknown, or prohibited applications and AI agents.
- Data Loss Prevention (DLP) will inspect information sent to AI tools.
- FortiAI-Assist will help investigate events using natural language.
- Dynamic risk scoring will enable access restrictions.
- Availability is planned for Q3 2026.
This update addresses an increasingly common issue in organizations: employees not only use approved AI tools but also install external applications, extensions, assistants, and agents that can receive documents, source code, financial information, or personal data without passing through corporate controls.
Fortinet refers to this phenomenon as shadow AI, similar to the well-known shadow IT, but with an important difference. A generative application does more than store or transmit information; it can analyze data, combine it with other sources, utilize connected tools, and perform actions on behalf of the user.
FortiEndpoint will monitor AI applications, agents, and web services
The new version will provide a centralized view of AI tools used from corporate devices. The inventory will cover installed applications, accessible agents, and web services through browsers.
Administrators will be able to see which users use each tool, distinguish between approved and unauthorized services, and apply policies to permit, monitor, limit, or block their operation. Fortinet positions these measures as part of a strategy combining AI governance with traditional endpoint security.
| Announced capability | What it enables | Risk it aims to reduce |
|---|---|---|
| AI application inventory | Identify installed or web-used tools | Use of unknown services |
| Agent visibility | Detect agents on endpoints | Unsupervised automation |
| Tool classification | Separate approved and unapproved applications | Shadow AI |
| Granular policies | Allow, monitor, restrict, or block applications | Internal non-compliance |
| Activity tracking | Relate users, devices, and AI usage | Lack of traceability |
| Integration with Security Fabric | Share telemetry and risk info across controls | Isolated decisions |
Blocking an application alone doesn’t solve AI governance. Companies must first define which tools are authorized, for which groups, with what data, and under what conditions.
For example, a service might be acceptable for generating marketing drafts but prohibited for processing medical records. An enterprise subscription version authorized by the organization could be permitted, while personal accounts from the same provider might not.
Policies will also need to consider agents acting over extended periods. A conventional assistant typically receives a query and returns a response. An agent could access email, consult databases, download files, and call various APIs, increasing the number of operations that must be logged and controlled.
Fortinet has not yet published a recognized list of applications or agents, nor detailed how this catalog will be updated. It’s also unclear if the system will automatically classify new tools or depend on signatures and policies assigned by administrators.
DLP will inspect data users send to AI
The integration of Data Loss Prevention (DLP) is one of the most significant updates. FortiEndpoint will analyze information shared with AI applications, agents, generative services, SaaS platforms, and web pages.
The goal is to detect Personally Identifiable Information (PII), intellectual property, financial data, and other sensitive content before it leaves the device. Depending on policies, the system can intervene in the transfer or display warnings to the user.
| Endpoint scenario | Possible FortiEndpoint response |
|---|---|
| Employee pastes customer data into a public AI | Detect content and block or warn |
| Attempt to upload proprietary code to an assistant | Apply IP protection policy |
| An agent accesses financial documents | Log activity and verify permissions |
| Unapproved application used | Monitor, restrict, or block its execution |
| Device violates corporate policy | Limit access to protected resources |
| User initiates risky action | Display real-time guidance |
Contextual training aims to intervene at the moment of action. Instead of just alerting security teams, the application could explain why certain content shouldn’t be sent to an external model.
This approach can reduce accidental errors without completely blocking AI use. Its effectiveness depends on classification accuracy. Overly permissive policies might allow sensitive info to pass, while overly strict settings could disrupt legitimate tasks and encourage users to find workarounds.
Integrated DLP is also part of Fortinet’s broader strategy to unify controls. The company claims customers will be able to enforce data protections without deploying additional standalone products or management consoles.
This should be seen as a claim from the manufacturer. The actual outcome will depend on included features in each license, OS compatibility, and how well policies can recognize documents, forms, clipboard data, web uploads, and encrypted communications.
Access based on the device’s real-time status
FortiEndpoint will introduce dynamic risk and compliance scoring. The platform will continuously assess device health, configuration, and detected threats to determine what level of access to grant.
A fully updated, encrypted, and uncompromised device might access an enterprise AI app. A device with vulnerabilities, active detections, or misconfigurations could receive limited access until issues are resolved.
This extends the zero trust approach. Passwords and identities alone aren’t enough for session continuity; device state and risk at that moment are also evaluated.
| Evaluated factor | Possible impact on access |
|---|---|
| Endpoint protection status | Maintain or restrict permissions |
| Policy compliance | Allow or deny resources |
| Vulnerabilities and misconfigurations | Increase risk score |
| Malware detections or anomalous behavior | Isolate or limit device |
| Unauthorized AI applications | Activate additional controls |
| Changes during session | Recalculate access decision |
Telemetry can be shared with Fortinet Security Fabric, allowing other connected products to use endpoint context in their policies. Fortinet envisions a coordinated response integrating device, network, and access services.
FortiAI-Assist brings natural language to security operations
This update embeds FortiAI-Assist within the console. Analysts can ask questions in natural language to investigate events, visualize results, generate summaries, find high-risk devices, and troubleshoot configurations.
It can also offer policy recommendations and context on alerts. The aim is to reduce the time spent navigating dashboards and performing manual searches, especially for security teams managing large volumes of events.
| Security team task | FortiAI-Assist help |
|---|---|
| Review an incident | Summarize events and findings |
| Identify compromised devices | Flag higher-risk endpoints |
| Investigate an alert | Query information using natural language |
| Conduct threat hunting | Assist in expanding and guiding searches |
| Fix a configuration | Suggest steps and recommendations |
| Create policies | Provide risk and compliance context |
FortiAI-Assist does not replace analyst validation. Its recommendations can simplify investigations, but decisions on isolation, blocking, or access require controls, logs, and sometimes human approval.
Fortinet presents FortiEndpoint as a platform combining endpoint protection, antivirus, EPP, EDR detection and response, zero trust access, VPN, DLP, AI visibility, and assisted operations. The company claims these functions will be delivered via an agent, a console, and a license.
| Area | Functions grouped in FortiEndpoint |
|---|---|
| Prevention | Antivirus, EPP, behavior analysis, sandboxing |
| Detection & Response | EDR, containment, investigation, recovery |
| Access | VPN and zero trust access |
| Data | DLP and internal risk management |
| AI | Discovery, monitoring, control of tools |
| Operations | FortiAI-Assist and centralized console |
| Risk context | Device status and compliance scoring |
Consolidation may reduce installed agents and simplify data correlation. It also consolidates more functions with a single provider, so organizations will need to review policy portability, agent resource use, and the impact of issues on a shared platform.
Fortinet has not announced pricing, complete technical requirements, or regional availability. The release is scheduled for Q3 2026, though the product page suggests a broader timeframe in H2 for AI visibility and DLP. Capabilities are considered planned until they reach commercial versions and can be tested in real environments.
Frequently Asked Questions
What is FortiEndpoint?
It is Fortinet’s unified platform for protecting devices, detecting threats, ensuring secure access, and managing controls related to data and AI.
Will it be able to block AI tools?
Yes. Fortinet announces policies to permit, monitor, restrict, or block applications and agents according to security and compliance standards.
How will it prevent sensitive data from being sent to AI?
DLP functionality will inspect data shared with applications, agents, and web services. Policies can be applied to block or warn about protected content.
When will new features be available?
Fortinet expects to release them in Q3 2026. Details on pricing, regions, and full requirements are still forthcoming.
via: fortinet

