A fundamental shift in the security landscape is taking place: as AI reshapes how people and software work, risk is moving back to the endpoint.

We founded Bold to meet that challenge with a modern endpoint security solution built for the AI era - not patched together from decade-old architecture, but designed from scratch for the world we're actually living in.

At the center of our solution is the Bold Agent: An intelligent, AI-driven agent that runs directly on computers and endpoint devices, monitoring how users and AI agents behave and delivering real-time protection.

When we started building our agent we asked ourselves: What should a modern endpoint security agent, one that is born in the AI era, look like?

We arrived at four core principles that have guided us since and directed us in our path towards building a new kind of endpoint security:

Principle 1: Edge AI to power real-time decisions

A modern security agent must run AI directly on the endpoint itself. User behavior and data are inherently complex, and making sense of them reliably requires AI. At the same time, sending every signal to the cloud for analysis isn’t the answer. Beyond the privacy concerns, it simply doesn't scale - just imagine the token costs. Edge AI solves this: when models run locally, they can act privately and at scale to detect risk and drive decisions in real time, with low latency and high reliability.

In the past year, we have seen models and hardware reach a point where Edge AI can be applied for business critical missions - making accurate predictions while keeping data private and meeting enterprise-scale demands.

Bold’s agent is designed with Edge AI at its core - utilizing models to take decisions in real time. To make Edge AI valuable for our customers, we have trained and optimized our own models to interpret data in a business context, understand user behavior, and detect risk as it happens - with a very low footprint.

Principle 2: Protecting users without slowing them down

A modern security agent must run invisibly, letting users work without interruption. We’ve all experienced older endpoint solutions - frozen screens, CPU spiking, and work that can’t get done. A modern agent must run completely silent, and only be felt only when taking active protective actions.

The first method to ensure friction-less experience is to treat efficiency as a core engineering principle. We optimize obsessively, investigating every CPU cycle and every memory allocation. We built dynamic hardware adaptation to ensure our agent runs silently even on older devices. In addition, to ensure our AI models can run everywhere without impact, we compressed, accelerated, and minimized them with lots of engineering sophistication.

Another core aspect of this principle is that users should never be made to wait. To achieve this, we designed our solution to offload most of the risk detection to run before the risky operation actually occurs - so that by the time the agent takes preventative action, the decision has already been made silently in the background.

Principle 3: Adaptability to a fast-changing AI landscape

A modern security agent must be rapidly adaptable to emerging risks. New AI tools and agents are appearing daily - and employees want to adopt them faster than security teams can track. Organizations cannot afford to wait through weeks- or months-long update cycles, which are common in the endpoint ecosystem, while knows risks are unaddressed.

To achieve true adaptability, we have designed our agent in three main layers:

1. The infrastructure layer - Handles the low-level, OS-dependent operations that are necessary to detect and stop risk on endpoint devices.
2. The model layer - Runs AI on the edge in a way that allows seamless model updates and flexible adaptation across multiple detection tasks.
3. The logical layer - Defines the detection and risk-prevention logic, and requires the most adaptability to keep pace with changing threats. For maximal flexibility we built safe, lean, sandboxed virtualization directly into the agent, enabling full flexibility in how we ship and update detection logic.

This infrastructure investment allows us to ship new functionality rapidly, while maintaining our fundamental commitment to safety and stability. This architecture has already demonstrated its value multiple times over, enabling us to deliver new capabilities in hours or days rather than months.

Principle 4: Safety-first design

A modern security agent must be built from the ground up to be safe, meaning it operates reliably across the enormous variety of devices, environments, and inputs it encounters in the real world, without ever becoming a pain for IT and Security teams.

Building endpoint solutions has historically been difficult in this regard: the software runs on devices with limited resources, in uncontrolled environments, and on unknown inputs. We took that challenge seriously from day one.

To tackle it, we took several deliberate design choices:

• We built our agent from the ground up in Rust as our core programming language, avoiding the security and stability issues that have long plagued C/C++ projects, while maximizing efficiency. This wasn't always the easy path - the ecosystem is less mature than others, and major components had to be written from scratch or validated in-house.
• We designed an automated, multi-tier deployment process to gradually roll out new versions. The process begins in a lab where new features undergo rigorous stress and functionality testing, then continues to beta sites, before finally rolling out gradually across the customer base. This process helps surface bugs and performance issues very early on, allowing for rapid releases while keeping the system stable.
• We integrated observability into every part of the system. Metrics about resource consumption, agent activity and functionality are constantly collected and monitored. The agent even monitors itself and recovers silently. We’ll deep dive on that in a future post.

Conclusion

The barrier to entry for endpoint security products is notoriously high, and following these principles required serious engineering work, discipline, and more than a few late nights. Investment in safety, infrastructure, and efficiency is now in our DNA, and the engineering team has been done genuinely impressive work to bring the product to life.

We can say today that it has paid off, with large enterprises trusting Bold to secure their endpoints. We look forward to sharing more about our technology and the problems we are solving in future posts.