Open source infrastructure mapping tool Cartography can now scan production container images for AI agent components and stitch that data directly into an organisation's cloud infrastructure graph. The project, maintained under the Linux Foundation and extended by contributor Alex Chantavy, uses Cisco's AIBOM (AI Bill of Materials) scanner to detect agent frameworks — including pydantic_ai, LangChain, and the OpenAI SDK — extracting declared tools, models, memory stores, and prompts down to the file path and line number. Each detected component becomes a typed node in Cartography's property graph, linked via container image manifest digest to the broader AWS environment.
Where the integration pays off is in what Cartography already knew. Long-standing connectors for AWS ECS, ECR, IAM, load balancers, and DNS mean the new AI component nodes automatically inherit full infrastructure context. A single Neo4j Cypher query can traverse from an AIAgent node through its ECS task, IAM role, load balancer, and DNS record — surfacing every internet-reachable agent in an organisation alongside its privilege surface and declared tool integrations. No specialised AI gateway infrastructure is required; the approach works against container images and cloud deployments teams already have in production.
The motivation is part security, part compliance. The EU AI Act and the NIST AI Risk Management Framework are both pushing organisations toward live inventories of operating AI systems, and Cartography's authors argue that agents present a qualitatively different risk profile from traditional microservices: designed to be adaptive and helpful, they may opportunistically exploit whatever permissions and tools are available without any attacker involvement. The project draws an explicit parallel to container security in the 2010s — the era before SBOMs, service meshes, and cloud-native security APIs existed — when the gap between what was deployed and what was understood was similarly wide.
Open source matters here for practical reasons. Teams can inspect the schema, extend the data model as agent frameworks multiply, and run ad-hoc forensic queries during incidents without waiting on a commercial vendor to ship support for the latest library. Framework coverage currently spans a handful of popular libraries and the project is upfront about being early-stage — an honest position given how fast the landscape is moving. The graph-native data model is already there for teams that need it.