Inactive AI models expand your attack surface and inflate cloud costs. Learn how Cortex Cloud helps security teams gain visibility and reduce risk without runtime dependencies.
As new LLMs and toolkits emerge, developers are quick to experiment and deploy, often leaving unused or forgotten AI models behind. Lingering artifacts, however, introduce hidden risks and unnecessary cloud costs.
Today, we’re excited to share a new Cortex Cloud capability that helps you gain even more control – Automatic Inactive AI Models Identification.
Addressing Model Proliferation and Risk Sprawl
The AI landscape is evolving fast, with new LLMs like DeepSeek emerging regularly. Developers, in turn, are testing them with no hesitation, often spinning up self-hosted or unmanaged models for short-term use. But these models typically lack proper documentation, ownership or governance.
Security teams are left with limited visibility into:
- Which models are active or idle
- What data they’re accessing
- Who is using them and for what purpose
From a CISO’s perspective, this is more than technical debt. It's unseen risk. A developer, for example, may spin up a model to test a chatbot workflow and forget to decommission it. The model remains live in the cloud, still connected to sensitive resources yet completely invisible to security. Multiply that by dozens of developers and teams, and you get unchecked model sprawl and rising exposure.

These blind spots result in two major concerns:
- Attack surface expansion: Inactive models often retain permissions, expose sensitive data or rely on outdated configurations.
- Compliance and governance gaps: Without visibility, security and risk leaders can't ensure that AI use aligns with internal policy or regulatory frameworks.
New in Cortex Cloud: Model Activity Insights
Leveraging activity analysis to generate key insights, Cortex Cloud now offers teams a better way to track and manage AI model activity.
- Usage tracking: See how often a model has been invoked in the last 30 days.
- Last used date: Know exactly when a model was last active.
- Inactive flag: Receive a list of inactive models – those in which no activity has been detected for 30 days.
A new Inactive Models filter in the inventory view enables quick identification and cleanup.

No Agents, No Runtime Dependency
Unlike other solutions that require runtime agents or developer instrumentation, Cortex Cloud discovers both active and inactive models by ingesting cloud logs. No code changes or manual configuration are required, which means:
- Faster time to value
- Broader cross-environment coverage
- No dependency on developer adoption or runtime usage
Why It Matters
With Cortex Cloud's new built-in activity analysis, security teams can distinguish between active, idle and forgotten models, enabling faster decisions and cleaner AI environments.
These new insights unlock several critical benefits:
- Reduced AI attack surface by identifying and removing unused models
- Focused remediation efforts by prioritizing active models for security reviews and policy enforcement
- Lower cloud costs by cleaning up idle infrastructure
- Prevented model theft and misuse especially for publicly exposed endpoints
For CISOs, Risk Leaders and AI Owners
Whether your focus is enterprise security, regulatory compliance or safe AI innovation, this advanced capability provides you with a powerful new lens into your AI landscape.
- Security leaders reduce exposure and improve prioritization.
- Risk and compliance teams gain better assurance over governance.
- AI leaders drive innovation while maintaining visibility and managing costs.
Take the Next Step
Model sprawl is real. But with the right tools, it’s manageable. Start identifying and cleaning up inactive AI models with Cortex Cloud today. Cortex Cloud’s activity analysis helps you cut through the noise and take action where it matters most.