Above Security is Turning Insider Risk into a Smoking Gun Science
If you have spent any time in a CISO chair, you already know the drill. HR or Legal walks in with that look. Someone named Pete has been doing “something suspicious” and now it is your problem. You pull logs from ten different tools, beg your SIEM to be helpful, try to reconstruct a story from half-retained telemetry and a few lucky alerts. Best case, you get a fuzzy picture. Worst case, the evidence never existed in the first place.
According to the team at Above Security, that world is not just broken. It is obsolete.
“We’re saying that historically, insider risk has been a problem that is very much reserved for federal agencies, banks, big institutions that could afford it,” explained the company’s cofounder and CEO during our conversation. Traditional insider risk meant hiring human investigators, “assets in chairs,” to sift through enormous volumes of data and piece together what actually happened. It was expensive, reactive and often inconclusive.
Today, Above Security is betting that a different kind of asset can do this work: a fleet of AI investigators that never gets tired, never forgets a log source, and never has to choose between one case file and another because of time.
From Reactive Witch Hunts To Proactive Investigations
The old insider risk model is basically incident response with a personnel file attached. Nothing happens until HR or Legal brings you a name.
“HR and legal would come into the room. They would ask the CISO, ‘Hey, we’ve heard that Pete has been doing some nefarious things. Can you please investigate Pete for us?’” the CEO recalled. The CISO then goes on a stitched-together data scavenger hunt involving “logs from 10 different tools” and varying levels of retention and granularity. Often, even with effort, “he doesn’t manage to understand what Pete did.”
That is the “world this has been up until now.”
Above Security’s thesis is simple: in 2026, you should not still be living in that world.
“We’ve got AI agents at scale. We can deploy them in organizations. They can do practically human work,” he said. Instead of waiting for a complaint, the platform deploys “a fleet of AI investigators that constantly run investigations against all of your employees.” The goal is to always understand the context around behavior:
- Who is this identity?
- Why might they be doing this?
- What is the motive or intent?
As a CISO, you do not just get another alert. “You get a full-blown investigation. You don’t get an alert, almost like a single alert in time. It’s the entire investigation, with all the forensics, all of the action plan that we plan for you.”
In a market saturated with “AI” stickers on old dashboards, the difference here is the promise of work that looks like a human investigator’s case file, not another rule-based ping that says, “Good luck, figure it out.”
Monitoring Everyone, Letting Only The Machines Look
Continuous employee monitoring is where many conversations about insider risk usually die. The privacy alarms start flashing, the lawyers clear their throats and suddenly everyone remembers a meeting they have to be in.
Above Security takes a pretty direct stance: they want to flip insider risk from reactive to proactive, which means watching everyone all the time. The crucial twist is who actually sees what.
“Yes, we monitor all the employees all the time,” the CEO said, then paused for the important qualifier. “However, no human is accessible to the data. No human can look through the data that we monitor, that we collect. It’s solely for the eyes of the AI agents.”
The system does not obsess over fuzzy “risk scores” or arbitrary thresholds. “Once an infringement happens, because we don’t speak in thresholds, we speak in smoking guns. That actually happens: Pete exfiltrated data. Pete installed unapproved software. Pete created fraudulent pay slips. This is what we essentially create an investigation for.”
For security leaders, that framing matters. You are not being asked to act on a user with a risk score of 73. You are responding to clearly documented behavior: here is the evidence, here is the timeline, here is the recommended action.
In an industry where too many tools specialize in sophisticated ways to tell you very little, the focus on “smoking guns” is refreshingly blunt.
Out Of Stealth, Into Revenue
Above Security is not an idea in a slide deck. It is a young company that has already tested itself in the wild.
“We are coming out of stealth with 50 million dollars in total funding,” the CEO shared. That capital comes from a notable roster of investors including Maryland Ventures, Northwest Ventures with Wells Fargo, and Ballistic Ventures, a tier-one cyber-focused VC. One of the names involved is Phil Venables, CISO of Google, who sits on the Ballistic side.
The company itself has only existed for eight months. In the first six, it hit “1 million dollars in revenue” and “10 customers,” and the team has already “created hundreds of relevant investigations and saved, essentially, thousands of hours of human investigators.”
In a market where a lot of AI stories are still stuck in proof-of-concept purgatory, Above Security already has production stories to tell. The results are not theoretical, and they are not shy about putting those use cases on the table.
When Insider Risk Gets Real
Ask most vendors for “use cases” and you will hear about synthetic personas and hypothetical finance departments. Ask Above Security, and you get stories that sound more like a crime blotter.
“We are saying that insider risk is way broader than just data exfiltration,” the CEO argued. “It’s a whole blanket term of what an insider inside an organization can do.”
Then he laid out what the platform has actually caught:
- An employee “working two jobs,” collecting a paycheck from their main employer while quietly working for another.
- Someone who looks a lot like a nation-state asset: “We literally caught a Chinese, practically spy, who was constantly uploading all of the network diagrams and everything into a Chinese, obscure third party forum.” There was no time spent debating titles. “He was terminated immediately.”
- “Literally yesterday morning,” the platform “caught someone creating fraudulent pay slips for his company.”
- In a large enterprise deployment, they found “one of three salesmen actively interviewing for a competitor.” On its own, job hunting is an HR issue, and the CEO concedes that. The problem was the rest of the story. The salesperson not only accepted an offer “on his personal email, but on the managed device that he opened.” While still employed, he was “already working for the next employer, which is a direct competitor.” Then came the real smoking gun: he “created a slideshow about how he plans to steal the top 10 accounts from his current employer and move them on to the next employer.”
The interviewer’s reaction captured the moment: “Yeah, smoking gun.” The CEO did not disagree. “Yeah, I would say. Yeah, still warm.”
For CISOs who spend their time trying to persuade executives that insider risk is more than a theoretical compliance requirement, these examples will feel painfully familiar. This is what happens when real people with real access behave badly. The question is whether your tools can show you the slideshow in time.
Teaching Employees, Not Just Catching Them
Not every incident needs to end in termination and a box for desk belongings. The vast majority of risky behavior inside companies is not malicious. It is human.
“Today, you have 1000 employees in your organization. Next year, we’re probably going to have 10,000 in the image of AI agents,” the CEO said, but he was just as focused on the ordinary users. “Ninety percent of what happens is negligence.”
Above Security’s platform tries to handle that kind of risk in the moment, not in a quarterly training module that everyone clicks through while multitasking.
“When something non nefarious happens, and it’s 90 percent of what happens, when something non nefarious happens, what we do is we try to intervene in line with the employee,” he explained. The system might nudge a user with something like: “Hey, maybe you shouldn’t be using this obscure third party AI. Maybe you should be using ChatGPT Enterprise, which is the allowed tool in this company.”
The language matters. “The language and the words we use is very empathetic,” he said. The messages explain “why this is risky, what we did to prevent it” and even ask, “Do you want to say anything in order for us to maybe look at this request?”
It is an attempt to combine coaching with control: “We try to do the best of both worlds, right? We try to both educate the employee and to run the investigations at scale.”
There is also a darker side of the spectrum. When behavior looks truly malicious, the system shifts posture. “If it’s malicious, the AI mastermind would deem not to educate the user,” he noted. At that point, the priority is to “collect the evidence for the nefarious stuff, which is the really cool stuff” from an investigative standpoint. As any human detective will tell you, sometimes you have to let the suspect keep going in order to fully understand and contain the damage.
Identities, Not Just Employees
One of the more forward-looking ideas that Above Security is leaning into is the definition of who, or what, is an insider.
“Today, you have 1000 employees in your organization. Next year, we’re probably gonna have 10,000 in the image of AI agents, which will act as employees to every extent,” the CEO predicted. These agents will read email, access repositories, call APIs and touch production systems. In some environments, they already do.
Above Security is planning to watch them just as closely as the humans.
“We’re going to be there as well. We’re going to monitor your AI agents which act as employees, and we’re going to see whether they have deviations and whether they’re up to something nefarious, and whether they do something out of negligence.”
Inside the platform, this is not a semantic detail. “Everywhere on the platform, we don’t say employees. We say identities,” he said. If an entity on your network has rights and permissions and can cause damage, the system treats it as something that should be monitored and understood. That is a subtle but important departure from most insider risk tools that still assume a flesh-and-blood employee sitting at a desk.
Go To Market: From Warm Intros To Repeatable Motion
For now, Above Security is young and aggressive, very much in that Tel Aviv cybersecurity startup mold that conference organizers love to highlight.
Up to this point, “we had great support from Maryland and Ballistic. They’ve been making us intros day and night into CISOs, because they have a very big network,” the CEO said. That has been enough to get the early customer base, but not where they plan to stop.
“We’re going to double down channels,” he added, name-checking partners like GuidePoint, Octave and Trace3. With their recent funding round closed, they are “expanding our US presence” and hiring sales reps, a VP of Sales and a Head of Marketing. The key shift is that they now believe they have genuine product market fit.
“Now we believe it, now, since we have a product that we feel has a product market fit, because we actually deliver value to our customers, we can do a repeatable motion,” he said. That may sound like standard startup speak, but for CISOs it means something very practical: they are not just experimenting any more. They are building for scale.
Proving It In The POC
Of course, every vendor at RSAC will tell you they are different. CISOs have the scars to prove otherwise.
The interviewer in this conversation wears a CISO hat in his own work, and he was clear: “In my work as a CISO, it’s something that I would be interested in doing a POC for.”
The CEO has heard that skepticism before. “Once we get to a POC, it’s a guaranteed win,” he said with the confidence of someone who has watched the product turn up things customers did not know they had. “Usually CISOs don’t believe the value we’re about to give them, they don’t believe our story. They say, ‘Yeah, of course, I’ve heard it 1000 times.’ Then we come in, we do the investigations, and they realize what happens.”
That is the real test for any innovative security technology. Not how clever it sounds on a show floor, but what it digs out of your own environment that you wish you had found six months earlier.
Why This Matters For CISOs
Insider risk has always been the uncomfortable category at the edge of security programs. It touches HR, Legal, privacy, culture and employee trust. It involves messy human stories, not just IP addresses and CVEs. Many CISOs quietly hope their existing tooling and some annual training will be enough.
Above Security is a reminder that hope is not a strategy.
By pairing continuous monitoring with AI-driven investigations and a clear focus on “smoking guns,” the company is trying to give CISOs something they rarely have in insider cases: a complete narrative. Who did what, when, using which systems, with what intent, and what you can do about it right now.
It will not make the conversations with HR any more pleasant. It does not remove the judgement calls about when to educate and when to terminate. It does, however, promise to replace the shrugging and the “we do not have the logs” moments with case files that a board, a regulator or a prosecutor can actually understand.
In a world where the number of “identities” on your network is about to explode, both human and machine, that might be the difference between a contained incident and a career-defining breach.
A Call To Action For CISOs
If you are responsible for protecting a medium or large organization, you likely already have an insider risk problem. The only real question is whether you have the evidence and context to see it clearly.
Here are practical next steps to consider:
- Take a hard look at your current insider investigations. How many rely on luck, partial logs or heroic manual work by a small team? If the honest answer is “most of them,” you have a gap.
- Consider running a tightly scoped proof of concept with a platform like Above Security that can deploy AI investigators across a subset of your environment. Measure it not by how impressive the AI looks, but by what it actually finds and how much human time it frees.
Insider risk is not going away. It is getting more complex as AI agents join your workforce and your data spreads across SaaS, cloud, endpoints and everything in between. Tools that treat insiders as a checkbox under “compliance” will not cut it.
Solutions that can quietly build full investigations in the background and present you with a warm, sometimes literally smoking gun just might.
Author’s Note:
The author sat down with the interviewee from Above Security during the 2026 RSAC Conference in San Francisco, held March 23rd to 25th, 2026. The conversation took place on site at the event as part of CyberDefense Magazine’s Innovators Spotlight series, with a focus on emerging approaches to insider risk and AI-driven security operations.
For more information, please visit www.above.security.
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
