Human or agent? The attribution problem
When something breaks, the only question that matters is who acted. We walk through why session-level attribution is the foundation of agentic security.
Marek Halloran
Field CISO
Article — lead image
Incident response assumes a person at a keyboard. That assumption is now wrong often enough to be dangerous.
When an agent operates inside a human’s session, the logs say the human did it. Real attribution means separating the two in real time — across thousands of endpoints, at the speed actions happen.
This is the difference between discovery and control. Knowing what is running is table stakes. Knowing who did what, and being able to stop it, is the job.
Get started
Put NEO to work on your hardest problem.
Bring a use case. We will show you a working loop on your data in the first session.