Challenges

Cresta had an insider risk solution in place. However, like most traditional insider risk platforms, the solution required a dedicated team to operate effectively.

Standing up and maintaining the program involved:

• Continuous alert triage and case management
• Rigid policies requiring intensive tuning and refinement
• Manual investigation of flagged activity, with scattered evidence, forensics and behavioral insights  
• Manual remediation steps without prevention capabilities 

While the platform could surface potentially risky behavior, reducing actual exposure depended on the capacity of the insider risk team to review, investigate, and follow up.

This created structural challenges:

• Risk mitigation was resource-dependent
• Scaling protection required additional operational investment
• The burden of translating alerts into action fell on security analysts
• Controls risked slowing engineering workflows if expanded
  
  

As a fast-growing AI company handling sensitive client and proprietary data, Cresta needed a more scalable approach.

They needed a model that could reduce risk directly, without requiring a large monitoring and investigation function to manage it.

‍

Solution

Cresta deployed Bold’s on-device AI platform to move from investigation-driven insider monitoring to autonomous risk reduction. Bold runs AI locally on the endpoint, where risk occurs, turning the endpoint into a security agent focused on reducing user-based risks. 

1. Semantic Understanding of Sensitive Data 

Bold uses local AI to understand the actual content of data in real time, with out-of-the-box classification. 

This allowed Cresta to:

• Identify source code, AI models, and sensitive client data
• Understand business context around data movement
• Prioritize risk based on content and behavior, not volume of alerts

2. Full Data Lineage and Behavioral Context 

Within weeks, Bold automatically mapped how sensitive data moved:

• Where it originated
• How it traveled across endpoints and services
• Who interacted with it
• Whether behavior deviated from normal patterns

This consolidated data content, movement, and user behavior into a single view, reducing the need for manual signal correlation across systems.

3. Real-Time Enforcement at the Moment of Exposure

The most significant difference was intervention.

When a user attempted to move sensitive data to an unmanaged or high-risk destination, Bold acted immediately.

Instead of generating an alert for later review:

• The action was intercepted in real time
• Users were guided toward secure alternatives
• Risky behavior was corrected before exposure occurred

This shifted Cresta from monitoring insider activity to actively reducing insider risk, without expanding the insider risk team.

‍