EDR was not built for agents
Endpoint detection guards the OS-to-app boundary. The agentic workforce operates a layer above it — and that layer is invisible to the controls most enterprises already own.
Dana Okonkwo
Head of Detection Engineering
Article — lead image
For fifteen years, endpoint security has been organized around one boundary: the line where an application asks the operating system to do something. EDR watches that boundary. It is very good at it.
But the work has moved. An AI agent reading a developer’s .env file, an MCP server calling an external tool, a browser extension exfiltrating data through a sanctioned API — none of these cross the OS boundary in a way EDR was designed to flag. They look like the application doing what the application does.
Neo was built for this layer. It inventories every agent, plugin, and MCP server, attributes every action to the human or agent that caused it, and enforces policy on the actions themselves — not just the binaries underneath.
Get started
Put NEO to work on your hardest problem.
Bring a use case. We will show you a working loop on your data in the first session.