Artificial Intelligence at TruU
Artificial Intelligence at TruU
AI is intricately woven into every fabric of our professional lives. Whether you are a financial planner, a CIO, an assembly line worker, or a software engineer, you are using AI directly or indirectly.
AI is woven into TruU’s products to protect your infrastructure in each product but also overall in the system.
AI IN TOTAL PROTECT
Continuous Identity
Continuous Identity extends protection beyond sign-on, using behavioral AI to detect when a machine or identity has been taken over by an attacker.
At its core is an AI-first system built on an LSTM model, a neural network designed to recognize patterns that unfold over time. It learns directly from native signals -- how each person types, moves their mouse, and interacts with their environment -- building a unique persona of what “normal” looks like for every user. The model was trained to distinguish genuine users from imposters using a dataset of 136 million keystrokes from 168,000 subjects.
Building on this foundation, the system applies advanced temporal reasoning to separate meaningful behavioral shifts from routine variation. A changepoint detection layer monitors confidence scores to pinpoint statistically significant changes in user patterns, distinguishing genuine shifts from natural fluctuations. Those changes are then analyzed using a probabilistic sequence model based on Hidden Markov logic, which tracks how identity confidence evolves over time.
Finally, TruU’s patented decay model brings everything together. It fuses signals from the keyboard, mouse, and environment into a single, dynamic risk score. When behavior suddenly shifts, risk rises quickly; as normal patterns return, confidence rebuilds gradually. The result is a system that reacts instantly to real threats without overreacting to harmless, short-lived anomalies.
AI IN TOTAL PREDICT
Insider Threat
TruU Insider Threat protects organizations from risks arising from trusted identities, detecting malicious intent and risky behavior that legacy rule-based tools overlook.
Detecting insider threats requires understanding the intent behind actions, not just the actions themselves. TOTAL Predict applies an LLM-based Behavioral AI to capture this context and interpret subtle human behavioral patterns at scale. Its inference engine combines context-aware transformers with persona modeling to perform hierarchical event classification tailored to each user’s behavioral baseline. To ensure explicability, every decision is accompanied by a reasoning pass from a Small Language Model (SLM).
These models are fine-tuned on native TruU signals and continuously improve through Direct Preference Optimization (DPO). As SOC analysts assign outcome labels to insider threat cases (e.g., benign, suspicious, confirmed threat), their feedback serves as a reinforcement signal, enabling the system to learn over time and reduce its reliance on human input.
That evolving intelligence is orchestrated by TOTAL’s Judge Agent, a state-of-the-art reasoning model that fuses behavioral, identity, and communication signals with historical context to understand user intent and risk in real time. Grounded in a Retrieval-Augmented (RAG) knowledge base of known threats and refined through preference-aligned reinforcement learning, the Judge Agent delivers transparent, evidence-driven policy decisions.
AI IN TOTAL PREDICT
Collusion Detection
TruU Collusion Detection uncovers collusive campaigns by linking subtle behavioral patterns between users to reveal coordinated reconnaissance and early signs of insider compromise.
At its heart is a multi-layer knowledge graph that models how people interact across the organization. It goes beyond basic correlation rules to understand human relationships and communication pathways. Using graph embeddings and temporal correlation, the system learns how these connections evolve over time to detect coordination that traditional tools can’t see.
Using this approach, TOTAL identifies emerging threat clusters before they escalate and exposes the early stages of collusion.
AI IN TOTAL PREDICT
Identity Vulnerability
TruU Identity Vulnerability detects and quantifies weaknesses in digital identities, uncovering signs of Account Takeover before they manifest as active threats.
TOTAL uses Multi-Modal Risk Perception to analyze orthogonal behavioral vectors such as device fingerprints, spatiotemporal patterns, network topology, registration dynamics, and environmental context. A Hidden Markov Model (HMM) powers a Bayesian Inference Engine that continuously updates threat probabilities for each user based on evolving telemetry.
This architecture enables adaptive threat belief propagation across multiple risk dimensions. When device transitions coincide with improbable location changes and network irregularities, the system identifies correlated indicators of attack. Operating with sub-second latency and maintaining user state across sessions, TOTAL Predict detects gradual, multi-stage account takeovers that conventional single-event anomaly detection consistently overlooks.
AI to Identify Patterns in Unstructured Data
We aspire for TOTAL to be the system of record for all access and all security events. There will always be a place for SIEMs, more so for offline case management for complex cases.
TOTAL continuously runs AI methods behind the scenes on your enterprise security event repository.
All rights reserved.
Copyright © 2025 TruU, Inc.
AI at TruU
Artificial Intelligence at TruU
AI is intricately woven into every fabric of our professional lives. Whether you are a financial planner, a CIO, an assembly line worker, or a software engineer, you are using AI directly or indirectly.
AI is woven into TruU’s products to protect your infrastructure in each product but also overall in the system.
AI IN TOTAL PROTECT
Continuous Identity
Continuous Identity extends protection beyond sign-on, using behavioral AI to detect when a machine or identity has been taken over by an attacker.
At its core is an AI-first system built on an LSTM model, a neural network designed to recognize patterns that unfold over time. It learns directly from native signals -- how each person types, moves their mouse, and interacts with their environment -- building a unique persona of what “normal” looks like for every user. The model was trained to distinguish genuine users from imposters using a dataset of 136 million keystrokes from 168,000 subjects.
Building on this foundation, the system applies advanced temporal reasoning to separate meaningful behavioral shifts from routine variation. A changepoint detection layer monitors confidence scores to pinpoint statistically significant changes in user patterns, distinguishing genuine shifts from natural fluctuations. Those changes are then analyzed using a probabilistic sequence model based on Hidden Markov logic, which tracks how identity confidence evolves over time.
Finally, TruU’s patented decay model brings everything together. It fuses signals from the keyboard, mouse, and environment into a single, dynamic risk score. When behavior suddenly shifts, risk rises quickly; as normal patterns return, confidence rebuilds gradually. The result is a system that reacts instantly to real threats without overreacting to harmless, short-lived anomalies.
AI IN TOTAL PREDICT
Insider Threat
TruU Insider Threat protects organizations from risks arising from trusted identities, detecting malicious intent and risky behavior that legacy rule-based tools overlook.
Detecting insider threats requires understanding the intent behind actions, not just the actions themselves. TOTAL Predict applies an LLM-based Behavioral AI to capture this context and interpret subtle human behavioral patterns at scale. Its inference engine combines context-aware transformers with persona modeling to perform hierarchical event classification tailored to each user’s behavioral baseline. To ensure explicability, every decision is accompanied by a reasoning pass from a Small Language Model (SLM).
These models are fine-tuned on native TruU signals and continuously improve through Direct Preference Optimization (DPO). As SOC analysts assign outcome labels to insider threat cases (e.g., benign, suspicious, confirmed threat), their feedback serves as a reinforcement signal, enabling the system to learn over time and reduce its reliance on human input.
That evolving intelligence is orchestrated by TOTAL’s Judge Agent, a state-of-the-art reasoning model that fuses behavioral, identity, and communication signals with historical context to understand user intent and risk in real time. Grounded in a Retrieval-Augmented (RAG) knowledge base of known threats and refined through preference-aligned reinforcement learning, the Judge Agent delivers transparent, evidence-driven policy decisions.
AI IN TOTAL PREDICT
Collusion Detection
TruU Collusion Detection uncovers collusive campaigns by linking subtle behavioral patterns between users to reveal coordinated reconnaissance and early signs of insider compromise.
At its heart is a multi-layer knowledge graph that models how people interact across the organization. It goes beyond basic correlation rules to understand human relationships and communication pathways. Using graph embeddings and temporal correlation, the system learns how these connections evolve over time to detect coordination that traditional tools can’t see.
Using this approach, TOTAL identifies emerging threat clusters before they escalate and exposes the early stages of collusion.
AI IN TOTAL PREDICT
Identity Vulnerability
TruU Identity Vulnerability detects and quantifies weaknesses in digital identities, uncovering signs of Account Takeover before they manifest as active threats.
TOTAL uses Multi-Modal Risk Perception to analyze orthogonal behavioral vectors such as device fingerprints, spatiotemporal patterns, network topology, registration dynamics, and environmental context. A Hidden Markov Model (HMM) powers a Bayesian Inference Engine that continuously updates threat probabilities for each user based on evolving telemetry.
This architecture enables adaptive threat belief propagation across multiple risk dimensions. When device transitions coincide with improbable location changes and network irregularities, the system identifies correlated indicators of attack. Operating with sub-second latency and maintaining user state across sessions, TOTAL Predict detects gradual, multi-stage account takeovers that conventional single-event anomaly detection consistently overlooks.
AI to Identity Patterns in Unstructured Data
We aspire for TOTAL to be the system of record for all access and all security events. There will always be a place for SIEMs, more so for offline case management for complex cases.
TOTAL continuously runs AI methods behind the scenes on your enterprise security event repository.
AI is not just here and now, but it’s intricately woven into every fabric of our professional lives. Whether you are a financial planner, a CIO, an assembly line worker, or a software engineer, you are using AI directly or indirectly.
AI is woven into TruU’s products to protect your infrastructure similarly.
AI IN TOTAL PROTECT
Continuous Identity
Continuous Identity extends protection beyond sign-on, using behavioral AI to detect when a machine or identity has been taken over by an attacker.
At its core is an AI-first system built on an LSTM model, a neural network designed to recognize patterns that unfold over time. It learns directly from native signals -- how each person types, moves their mouse, and interacts with their environment -- building a unique persona of what “normal” looks like for every user. The model was trained to distinguish genuine users from imposters using a dataset of 136 million keystrokes from 168,000 subjects.
Building on this foundation, the system applies advanced temporal reasoning to separate meaningful behavioral shifts from routine variation. A changepoint detection layer monitors confidence scores to pinpoint statistically significant changes in user patterns, distinguishing genuine shifts from natural fluctuations. Those changes are then analyzed through a probabilistic sequence model based on Hidden Markov logic, which tracks how identity confidence evolves naturally over time.
Finally, TruU’s patented decay model brings everything together. It fuses signals from the keyboard, mouse, and environment into a single, dynamic risk score. When behavior suddenly shifts, risk rises quickly; as normal patterns return, confidence rebuilds gradually. The result is a system that reacts instantly to real threats without overreacting to harmless, short-lived anomalies.
AI IN TOTAL PREDICT
Insider Threat
TruU Insider Threat protects organizations from risks that arise within trusted identities, detecting malicious intent and risky behavior that traditional rule-based systems overlook.
Detecting insider threats requires understanding the intent behind actions, not just the actions themselves. TOTAL Predict applies an LLM-based Behavioral AI to capture this context and interpret subtle human behavioral patterns at scale. Its inference engine combines context-aware transformers with persona modeling to perform hierarchical event classification tailored to each user’s behavioral baseline. To ensure explicability, every decision is accompanied by a reasoning pass from a Small Language Model (SLM).
These models are fine-tuned on native TruU signals and continuously improve through Direct Preference Optimization (DPO). As SOC analysts assign outcome labels to insider threat cases (e.g., benign, suspicious, confirmed threat), their feedback serves as a reinforcement signal, enabling the system to learn over time and reduce its reliance on human input.
The core of this intelligence layer is our Judge Agent, a state-of-the-art reasoning model that fuses behavioral, identity, and communication signals with historical context to understand user intent and risk in real time. Grounded in a retrieval-augmented knowledge base of known threats and refined through preference-aligned reinforcement learning, the Judge Agent delivers transparent, evidence-driven policy decisions that transform insider-risk detection into proactive, adaptive protection.
AI IN TOTAL PREDICT
Collusion Detection
TruU Collusion Detection uncovers collusive campaigns within trusted environments by connecting subtle behavioral links between users to expose hidden collaboration and intent.
Our multi-layer knowledge graph maps relationships and shared patterns across users, leveraging graph embeddings and temporal correlation models to identify collusive campaigns and reconnaissance. By analyzing communication pathways, access overlaps, and synchronized behavioral shifts, the system detects emerging threat clusters. This relational intelligence continuously refines its understanding of organizational dynamics, enabling early identification of coordinated risks before they escalate into active compromise.
AI IN TOTAL PREDICT
Identity Vulnerability
TruU Identity Vulnerability detects and quantifies weaknesses in digital identities, uncovering signs of compromise or takeover before they manifest as active threats.
TOTAL Predict uses Multi-Modal Risk Perception to analyze orthogonal behavioral vectors such as device fingerprints, spatiotemporal patterns, network topology, registration dynamics, and environmental context. At its core, a Hidden Markov Model (HMM) powers a Bayesian Inference Engine that continuously updates threat probabilities for each user based on evolving telemetry.
This architecture enables adaptive threat belief propagation across multiple risk dimensions. When device transitions coincide with improbable location changes and network irregularities, the system identifies correlated indicators of attack. Operating with sub-second latency and maintaining user state across sessions, TOTAL Predict detects gradual, multi-stage account takeovers that conventional single-event anomaly detection consistently overlooks.
AI to Identity Patterns in Unstructured Data
We aspire for TOTAL to be the system of record for all access and all security events. There will always be a place for SIEMs, more so for offline case management for complex cases.
TOTAL continuously runs AI methods behind the scenes on your enterprise security event repository.