DTEX AI Risk Management: Monitoring Employee and Agent Use of Generative AI Across the Enterprise

The Problem DTEX Is Solving

Most enterprise security tools can log activity. Fewer can judge whether that activity aligns with intent. As copilots, embedded AI applications, and autonomous agents gain access to corporate data and workflows, the distinction matters enormously.

An agent operating within its assigned permissions can still expose sensitive data. A developer experimenting with an unsanctioned AI tool may not realize they are leaking source code. Conventional logging captures the action — but not the risk behind it.

DTEX is positioning AI Risk Management as the layer that closes this interpretive gap.

Discovering and Classifying AI Use

The platform is built to surface the full landscape of AI activity across an organization — sanctioned and unsanctioned alike. It covers browser-based AI tools, standalone applications, and embedded copilots, flagging shadow AI in real time and building an inventory of approved tools while classifying the risk profile of unknown ones.

This matters because most enterprises do not have a complete picture of which AI tools their employees are actually using. Shadow AI is not a theoretical risk; it is a daily operational reality in most large organizations.

Separating Human from Agent Activity

The most technically ambitious claim is the ability to distinguish human-driven actions from AI-agent-driven ones. DTEX calls this visibility into “Computer Use AI” — tracking what an agent was instructed to do, how it executed those instructions, and the full lineage of actions taken across systems.

By correlating prompts, behavioral baselines, and agent actions over time, the platform aims to separate routine experimentation from genuinely risky or malicious behavior. In one early deployment, DTEX reported identifying an autonomous agent exposing sensitive data while operating entirely within its intended workflow and permissions — a scenario that would have been invisible to most conventional tools.

Two New Autonomous Security Agents

Alongside the monitoring capabilities, DTEX is introducing two autonomous agents designed to act on what the platform finds.

Triage Guardian uses a multi-agent approach to automate investigation workflows. It gathers evidence and runs independent reviewer agents that validate findings — a mechanism specifically designed to reduce false positives, which remain one of the most persistent drains on security operations teams.

Threat Hunter allows analysts to launch investigations using natural language queries. The agent then correlates findings independently and surfaces unknown threats without requiring manual correlation work.

Both agents draw on DTEX i³ research, including work conducted with MITRE and Five Eyes defense partners. The company reports that early deployments saved more than 40 hours per analyst per month — a figure that, if it holds at scale, represents a meaningful shift in security operations capacity.

Context: Who DTEX Is and Where This Fits

Founded in 2000, DTEX operates at the intersection of insider risk management, data loss prevention, user behavior analytics, and user activity monitoring — unified on a single platform. The company raised $50 million from Alphabet’s growth fund CapitalG in 2024, signaling institutional confidence in its approach.

Chief Executive Marshall Heilman framed the launch plainly:

“AI agents are rapidly becoming operational actors inside the enterprise, with the ability to access data, interact with systems and take autonomous action. Many security solutions can monitor AI activity, but they still can’t determine whether that behavior aligns with intent or introduces risk.”

That framing is accurate. The market for AI security tooling is crowded with activity monitoring. Intent detection at the agent level is a narrower, harder problem — and one that is becoming more urgent as agentic AI moves from experimentation into production workflows.

Availability and What to Watch

AI Risk Management is currently in private preview, with broader availability expected next quarter. Organizations running active AI agent deployments or managing large populations of knowledge workers using generative AI tools should be evaluating this category now, not after an incident.

The Broader Signal

DTEX’s launch reflects a structural shift in enterprise security requirements. The perimeter is no longer just users and devices — it now includes AI agents that can act, reason, and move data autonomously. Security tooling that cannot distinguish intent from action, or human behavior from agent behavior, is operating with a fundamental blind spot.

The question for enterprise security teams is not whether to monitor AI use. It is whether their current tools can actually tell them what that use means.