§ Plain-English Field Guide · 2-minute read

Doors, robots, and plumbing: the three things you're inventorying

Endpoints, agents, and APIs — in plain pictures.

By Lindsay Hiebert · Founder · CISSP

The app asks you about three kinds of AI. Plain pictures for each:

Endpoints are doors. Each one is a door your network opens to an outside AI service — ChatGPT, Gemini, Claude, or an AI feature inside software you already own. The more doors, the more you want to know who’s walking through them.

Agents are robots that act. Not just answering questions — doing things: sending an email, moving a file, making a call on its own. A robot that acts unsupervised deserves more attention than one that only talks, which is why agents carry the most weight.

APIs and tools are the plumbing. The pipes that let your other software use AI automatically, behind the walls, often without anyone noticing.

You don’t need to know how any of it works under the hood. You check plain-English boxes; SanctumShield handles what each one means and how much it matters.

You answer plain questions. SanctumShield turns them into proof you can show.

Go deeper: More on agents (Layer 4)

Free Shadow AI Risk Audit

See what your current stack is missing — in 12 questions.

The SanctumShield free Shadow AI Risk Calculator runs in your browser. No account, no email, no credit card. Twelve questions, instant risk score, three primary findings tailored to what you submit.

Doors, Robots, and Plumbing: The Three Things You're Inventorying | SanctumShield