
Loading summary
A
Foreign.
B
Hello, this is Catalina Campano and this is a Risky Business sponsor interview with Brandon Dixon, co founder and CTO of ANT AI. Welcome, Brandon. Let's start with what does ANT AI do?
A
So we bring AI directly to the endpoint where people work and we prevent threats and mistakes from happening.
B
How does this work?
A
So the way that we've built out the system is we took a look at existing EDR solutions that were predominantly focused on hooking the system level telemetry. And we had observed that the control points there have actually gotten pretty good. And they've gotten so good, in fact, that the adversary has now shifted to emulating more of normal employee behavior or using techniques like living off the land. And as a result, if you're simply monitoring the system and looking for things like malware, you're potentially going to miss these classes of attacks that are exploiting, you know, legitimate applications or compromised logins where someone else is logging in, like the employee. So the way that ENT works is at the end point, we are applying an understanding of the behavior of the user and a behavior of any AI agent that's running on the system. And that behavior allows us to understand what's normal and what's not for the enterprise. And when we're taking that behavioral information, we're also taking semantic details along with it. So a user might be performing a click, they might do a copy and paste somewhere. We're looking at the circumstances of when those individual actions occur and looking for semantic references that allow us to understand what that user might be doing more specifically. And so when we took a look at the solutions that were out there, we realized that the only way to do what we wanted, which is prevention, was to create our own source of telemetry, inform that. So that's effectively what we do at the edge. If we identify that there's a deviation, a policy violation, something that could lead to a mistake or a potential threat, we have the capability of surfacing to the user, flashing the screen, popping up a dialog, overlaying on top of the application, collecting input from them. Or in the case where it might be an active threat, we're capable of taking a screenshot, collecting forensic based information, killing a network, logging the user out, etc.
B
From what you're describing, I'm hearing that you're viewing human behavior as the rawest and purest form of fraud era. Or is there a component that looks at the classic EDR telemetry sources as well?
A
We do mostly focus on behavior, however, because we are at the Endpoint, we have a lot of context available at our disposal. So we will perform surveys of the machine. So we'll look at applications that are installed, we'll look at wireless information, location, Bluetooth, USB peripherals, USB removable media, whether or not it's connected to a power source, a monitor, etc. Anything that we perceive we can profile. We will collect that information as well. It's not a full parody of what an EDR system would do, but what it does is it brings a level of understanding about the state of the system and that is pairing with the user operating behavior and any sort of AI behavior that's taking place.
B
So these portable tiny LLMs that you deploy on customer systems, do they ship with any kind of training or do they have a ramp up time as they learn the system? How does this initial setup work?
A
So for us, we explore all possible aspects of AI. So the way that we've designed our policy engine is that it'll still support deterministic outcomes like string matching, regular expressions. We will also take the behavioral information that we have and compress a representation of that user's baseline and ship that to the endpoint as well. And so within our rules, we can reference any sort of anomaly or deviation across any range of the behavioral profiles. And then from an AI perspective, we'll still make use of classical machine learning. So we'll do that for things like sensitive data classification, looking at the particular labeling of certain applications or interactions through the browser. And then in terms of more advanced techniques, we'll deploy both embedding models directly to the endpoint itself that are capable of running in sub second response times to determine a verdict. And then we also have a lightweight reasoning model that ships directly to the endpoint as well. For both the more advanced AI capabilities, we make use of open models. We try our best to keep the core untouched. And then we add additional layers or customizations into the models themselves that extend it and allow us to customize those outcomes.
B
That looks like a lot of joints and decision points in the product, like do these things generate false positives in any way or is that something that's not actually the case?
A
Behavior itself is not inherently malicious or non malicious. I think it's relative to the business and its normal operating procedures. So for cases where you have like a sanctioned application or an unsanctioned application, it's pretty clear whether or not there's a policy violation. If you see a user who's using an unsanctioned application in any material way, you can flag that as a violation and you're going to get a true positive. There's other cases where it's less clear what that outcome might be. So an example of this could be using something like Zoom, the meeting software. If I go and share my screen and then give remote access to someone outside of my organization, that action in of itself is not malicious or non malicious, but the contents and the motives or the intent of what the user is expressing in that moment is where things might go towards a malicious purpose or someone making a mistake. And so we're capable of highlighting the fact that these sort of behaviors are occurring. And I think it's up to the business to some degree to determine what is acceptable in the business versus what's not. And part of that is through the baselining technique. So for an IT support help, it might make complete sense to go and access someone's system. I guess through Zoom. Like that might be the corporate policy, but somebody inside of the business who's giving remote control of their system to an external party for malicious or non malicious purposes could be a mistake that might violate the policy. And so I think it's up to the business's judgment to make that determination. What we do is we provide the tooling and the ability to write policies to surface that type of behavior, which today is very difficult to find. I'm giving one example, but there's numerous examples that a traditional EDR would never see into related to human behavior. And then we do provide those AI capabilities that allow us to then say, okay, when a remote management session is established through something like Zoom, that may not be malicious. But if we see that user sharing sensitive information, if we can perceive that that additional party on the line is an external to the business, then those are things that we can then use to classify that, hey, this person is sharing and giving remote control over their system. They're doing it with an external party, they're sharing sensitive information. This likely violates the corporate policy. So in short, I think it's relative. It's not a great answer. There will be false positives with any system in which you're trying to make a determination. But what it is that ENT is trying to do is provide our users with a deep understanding of the behaviors that are taking place such that when they identify them, they're capable of guiding that user back to the right outcome or stopping the bad behavior from taking place.
B
I don't know if this is possible from the entire client. Is this like a supercharged allow listing capability?
A
Yeah, in a way. I Think that's one capability that we bring is this concept of application control,
B
like a classic allow listing, like airlock, with the ability to see the context of the user.
A
Yeah, for us we build a pretty extensive application catalog and URL catalog. And so because we baseline the users and we form peer groups across the wider organization, we're capable of understanding what's normal for the enterprise versus what's not, what's normal for the individual versus what's not, what's normal for those who look or act in a similar way to that individual. And so it allows us to make very interesting determinations like, hey, this is the first time you're using this type of application, it's not typical for your role and it's deemed risky. Therefore ANT can get in the way and put an overlay on top of that application and ask the user in that moment of time, you know, what is it that you're trying to achieve here? And make sure that the outcome or the work that they're trying to do aligns with something that the business deems acceptable. Now, there's obviously other ways of doing this too. We could kill the process, we could just say it's blocked and you have to request. But the point here is because we are an endpoint agent, we have a feature rich set of functionality that allows us to go and find all sorts of ways to engage. We don't have to necessarily just stop the user or block them. We don't want to get in their way of their workflow. We can collect information or the business can essentially customize it.
B
You're talking about these baselines. Do you have a catalog of such deployments that companies can run on their networks from the get go without spending too much time setting out the product and then customize it as they learn it?
A
Yeah, for sure. So the baseline process is quite simple. You effectively install the application and we'll immediately begin baselining what's normal and not normal for the organization. We can collect the corporate policy in natural language from the company, we can collect the approved software list, and with those two pieces alone, we're in a very good state to understand where violations may be occurring and immediately highlight application use or browser based use, local AI use, for example, in places that businesses may not be aware of. And then beyond making them aware that those applications or AI runtimes might exist on the system, we're then capable of giving them the context of how are they being used and conceivably what are they being used for. So a great example of this would be, you might have a bunch of Windows developers who are using the Windows substrate for Linux. And that creates a barrier in which EDR can typically not see into those Linux systems. And so you might have a developer who is hosting an MCP server and doing a variety of things inside of a Linux system on their Windows laptop. And the business may be completely unaware of this. They may be okay with Windows substrate for Linux, but they may, they're completely blind to this AI runtime and what's actually taking place inside of that Linux image. So that's a big opportunity where ENT can not only identify the use of Windows substrate for Linux or any conceivable application, but at the moment that that's being done, we can understand who is that person, Are they a developer, are they technical? And then we can see the inputs that are going into that particular Linux session. And then we also have the ability to deploy our endpoint agent within that Linux container or virtual machine or runtime to then collect more information to then determine what is the potential AI harness doing. As just one example.
B
Okay, so basically you're 100% raising an alarm if your accountant is running its copy pasting power, right?
A
Yeah, not even just copy pasting. Like, you know, we've, we've. I don't want to like point out like just the. There's a lot of mistakes that occur. I think that threats are relatively small across the broader ecosystem. Most people are trying to use AI for good. But I can give you an example that's, that's sort of interesting. I think that borders between both being somewhat malicious or potentially malicious, but also could be conceived as a mistake as well. So we were working with a financial institution. They had laid off several employees. Some of those employees were able to freely download some of the information that they had collected through the job. And so that business was okay with them downloading materials. They had a DLP solution in place. The problem with that DLP solution is that it lacked the context of what was being downloaded and it was difficult for them to instrument that. So they wanted a solution. They put ENT inside of the business. And they said after those announcements took place they wanted to do an enhanced level of monitoring to determine what was occurring. And so in one instance, we saw an individual go into Anthropic because they were using a CLAUDE subscription and they instructed that AI to build a mind map of all of the interactions that they've had within the AI system and then describe that and put all that information into a single HTML file. And then you could imagine they went and downloaded that file. So that's a case where I don't think that that individual was acting in sort of a malicious way. However, because of the use of AI and being able to see into that particular workload, and that's not particularly advanced, but seeing that context, we were able to identify that, okay, this person might have downloaded a lot more information than what the company was comfortable with. And that allowed them to make a determination of, do we go and advise that user to delete that? You know, we saw where it went afterwards. It went to a Google Drive. So, like, the company is now informed, and that's a decision that they have to make of whether or not something like that is acceptable. And this extends further too, because that person then later went to Granola and Fireflies and downloaded all of that information from those systems. And so I think we're living in an interesting period in which AI is incredible at stitching data together, but it also makes it easy to exfiltrate that data out or derive new types of products in which sensitivity labels might get removed or confidential information might make its way into other parts of the organization where somebody didn't mean to do that. But unless you have that visibility and you understand what's normal for that user and what's not, it's going to be very difficult to determine what actually happened.
B
Now, a more sensitive topic I want to touch is that someone listening to this interview come to the conclusion that Ant is basically a very sophisticated employee tracking software. When you designed your product, was there a line where you set up the agent to stop collecting data and employees that would cross into a realm that could incur GDPR or are the privacy laws violations for the company? Is this something you thought about?
A
Yeah, for sure. Like, that's a first principle part of us building the product. So one of the things that we learned in the age of AI is that companies are quite sensitive to the information that occurs within their data boundary. Not only is it for privacy and regulation and compliance, but it's also, in the age of AI, there's a huge advantage to utilizing that data to train models to distill processes, to help automate work and free up resources to do other things. So when we built the solution, we made a conscious decision to deploy directly within a customer's data boundary. So we of course, provide the option to host on behalf of a customer. But more importantly, when working with regulated entities or larger institutions, they want all of that information to stay within their data boundary. So ent can be completely deployed inside of that customer's environment in which we never see anything. So that is one kind of critical piece of what the privacy looks like. And then in terms of how does end operate on the endpoints themselves, it's great that the data stays within that data boundary, but what information is required to go from the endpoint to the that given customers back end? And that's a case where we've designed the product to be very flexible. So we allow users to create different groups and then users can be put in those groups with default policies where you can choose no logging, basically nothing. Which of course you may not get some of the baseline material or other details, but you can go as far as not really logging anything at all until that person, you know, activates a policy or does something else. We have material that can remain at the endpoint itself. So if you don't want it to go into the data boundary within the cloud, you can leave it on the endpoint. That of course creates operational complexity where if you do want to access it, the endpoint of course has to be online. And then in terms of the types of information that we collect, you can toggle that on and off and customize what those groups look like. And today, as the product is built, there is no automation around like increasing the level of collection that takes place. That's a manual effort today. If you want to go and increase the amount of information that you're getting, do what we would call evidence mode. That's something that has to be controlled by a person and they have to make that conscious choice and understand the type of information they're going to collect. Collect.
B
Okay, that's a perfect way to end it. Brandon, that was pleasure. Thank you very much for your time today.
A
Yeah, thank you very much.
Host: Catalina Campano (Risky Business Media)
Guest: Brandon Dixon, Co-founder & CTO of Ent AI
Date: June 14, 2026
This episode of Risky Bulletin delves into how Ent AI leverages artificial intelligence at the endpoint to understand and prevent threats stemming not only from malicious software but also from risky or out-of-policy human behavior. Catalina Campano interviews Brandon Dixon, CTO of Ent AI, exploring how behavioral telemetry, small footprint LLMs, and privacy-centric deployment models are shifting the landscape of endpoint detection and response (EDR) into a new, behavior-aware era.
On evolving attacker tactics:
"The adversary has now shifted to emulating more of normal employee behavior or using techniques like living off the land." — Brandon Dixon [00:25]
On the limits of classic EDR:
"A traditional EDR would never see into [user behaviors] related to human behavior." — Brandon Dixon [05:41]
On policy customization and context:
"You might have a developer who's hosting an MCP server and doing a variety of things… on their Windows laptop. The business may be completely unaware of this." — Brandon Dixon [11:54]
On privacy and deployment:
"Ent can be completely deployed inside of that customer's environment in which we never see anything." — Brandon Dixon [16:42]
"There is no automation around like increasing the level of collection… that's a manual effort today." — Brandon Dixon [18:28]
Brandon Dixon offers an incisive look at how Ent AI is reframing endpoint defense—not by chasing malware signatures, but by learning from human and machine behavior, baselining what's truly "normal," and marrying technical enforcement with real business context. This results in a powerful, privacy-conscious product that triages potential threats, mitigates mistakes, and shines a light on new shadow IT or AI-facilitated risks, all while giving enterprises granular control over policy and privacy.
Listeners come away with a strong impression: modern security demands more than just system telemetry—it requires a deep, context-rich understanding of human actions, and the careful application of AI at the most granular (yet privacy-respectful) level possible.