Artificial Intelligence at TruU
Artificial Intelligence at TruU
AI is intricately woven into every fabric of our professional lives. Whether you’re a financial planner, a CIO, an assembly line worker, or a software engineer, you’re using AI directly or indirectly.
AI is woven throughout TruU’s products to protect each layer of your infrastructure and strengthen the overall system.
AI IN TOTAL PROTECT
Continuous Identity
Continuous Identity extends protection beyond sign-on, using behavioral AI to detect when a machine or identity has been taken over by an attacker.
At its core is an AI-first system built on an LSTM model, a neural network designed to recognize patterns that unfold over time. It learns directly from native signals -- how each person types, moves their mouse, and interacts with their environment -- building a unique persona of what “normal” looks like for every user. The model was trained to distinguish genuine users from imposters using a dataset of 136 million keystrokes from 168,000 subjects.
Building on this foundation, the system applies advanced temporal reasoning to separate meaningful behavioral shifts from normal activity. A changepoint detection layer is used to pinpoint statistically significant changes in user patterns. Those changes are then analyzed using a Hidden Markov Model, which tracks how identity confidence evolves over time.
Finally, TruU’s patented decay model brings everything together. It fuses signals from the keyboard, mouse, and environment into a single, dynamic risk score. When behavior suddenly shifts, risk rises quickly; as normal patterns return, confidence rebuilds gradually. The result is a system that reacts instantly to real threats without overreacting to harmless, short-lived anomalies.
AI in TOTAL Predict
TOTAL Predict is TruU’s AI engine that turns raw enterprise signals into real-time security decisions.
Events alone are meaningless without identity context, so we craft individualized Personas for every employee in the organization. Using those personas, we contextualize every event and reduce false positives.
Personas are built from entitlement graphs, organizational topology, device and network posture, access traces, and communication semantics. They update in real time using modern sequence and state space encoders, so context stays fresh and false positives continue to fall.
This persona context is injected into TOTAL’s AI Security Agent, which then performs retrieval augmented reasoning over a proprietary attack vector corpus, using dense, lexical, and graph retrieval with mixture-of-experts (MoE) routing by threat family. Given this persona and a locus of risky events, the agent selects the appropriate response: surface suspicious cases to the SOC, continue AI driven monitoring, or take an immediate enforcement action.
Ambiguous cases become valuable learning signals that allow the agent to align better with each organization’s unique risk profile. We learn from analyst outcome labels to internalize your SOC’s adjudications and automate routine cases, reducing manual review over time. Analyst outcomes seed preference pairs, and we optimize using Direct Preference Optimization (DPO), expanding supervision via self-consistency. LoRA adapters enable tenant and sector specialization, drift monitors and score calibration keep thresholds steady, and new attack vectors go live immediately through RAG updates.
AI IN TOTAL PREDICT
Insider Threat
TruU Insider Threat protects organizations from risks arising within trusted identities.
Detecting insider threats requires understanding the intent behind actions, not just the actions themselves. TOTAL Predict applies an LLM-powered behavioral intelligence architecture that captures human context and interprets subtle patterns at scale.
Driven by this contextual intelligence, multi-agent neural screening layers process diverse streams of behavioral telemetry, removing benign noise while preserving high-value indicators of potential threats. At its core, the inference engine fuses LLMs, transformer-based context encoders, and domain-specific classifiers to surface malicious intent hidden within complex digital ecosystems.
Unlike traditional keyword-based systems, TOTAL applies semantic reasoning and temporal correlation across user histories to understand intent in real time. Each detection includes explainable AI outputs with natural-language justifications, extracted evidence phrases, and multidimensional risk scores that provide transparency and explainability for security teams.
AI IN TOTAL PREDICT
Collusion Detection
TruU Collusion Detection uncovers collusive campaigns by linking subtle behavioral patterns between users to reveal coordinated reconnaissance and early signs of insider compromise.
At its heart is a multi-layer knowledge graph that models how people interact across the organization. It moves beyond simple correlation rules to understand relationships and patterns of communication. Each layer adds a new dimension of context, beginning with access and identity data, then extending into behavioral signals and system usage. The graph then models how people communicate and how risk dynamics unfold across teams, showing how influence and intent spread within the organization. Finally, it grounds these patterns in persona context, interpreting every interaction through the lens of each individual’s job role.
Using this approach, TOTAL identifies emerging threat clusters before they escalate and exposes the early stages of collusion.
AI IN TOTAL PREDICT
Identity Vulnerability
TOTAL Identity Vulnerability detects and quantifies weaknesses in digital identities, uncovering signs of Account Takeover before they manifest as active threats.
TOTAL uses Multi-Modal Risk Perception to analyze orthogonal behavioral vectors such as device fingerprints, spatiotemporal patterns, network topology, registration dynamics, and environmental context. A Hidden Markov Model (HMM) powers a Bayesian Inference Engine that continuously updates threat probabilities for each user based on evolving telemetry.
This architecture enables adaptive threat belief propagation across multiple risk dimensions. When device transitions coincide with improbable location changes and network irregularities, the system identifies correlated indicators of attack. Operating with sub-second latency, TOTAL Predict detects gradual, multi-stage account takeovers that conventional anomaly detection methods consistently overlook.
AI to Identify Patterns in Unstructured Data
We aspire for TOTAL to be the system of record for all access and security events. There will always be a place for SIEMs, more so for offline case management for complex incidents. The challenge now is extracting intelligence from the vast, unstructured data they collect.
TOTAL continuously runs AI methods across your enterprise security event repository, interpreting unstructured data to uncover patterns, relationships, and risks that would otherwise remain buried.
All rights reserved.
Copyright © 2025 TruU, Inc.
AI at TruU
Artificial Intelligence at TruU
AI is intricately woven into every fabric of our professional lives. Whether you’re a financial planner, a CIO, an assembly line worker, or a software engineer, you’re using AI directly or indirectly.
AI is woven throughout TruU’s products to protect each layer of your infrastructure and strengthen the overall system.
AI in TOTAL Predict
TOTAL Predict is TruU’s AI engine that turns raw enterprise signals into real-time security decisions.
Events alone are meaningless without identity context, so we craft individualized Personas for every employee in the organization. Using those personas, we contextualize every event and reduce false positives.
Personas are built from entitlement graphs, organizational topology, device and network posture, access traces, and communication semantics. They update in real time using modern sequence and state space encoders, so context stays fresh and false positives continue to fall.
This persona context is injected into TOTAL’s AI Security Agent, which then performs retrieval augmented reasoning over a proprietary attack vector corpus, using dense, lexical, and graph retrieval with mixture-of-experts (MoE) routing by threat family. Given this persona and a locus of risky events, the agent selects the appropriate response: surface suspicious cases to the SOC, continue AI driven monitoring, or take an immediate enforcement action.
Ambiguous cases become valuable learning signals that allow the agent to align better with each organization’s unique risk profile. We learn from analyst outcome labels to internalize your SOC’s adjudications and automate routine cases, reducing manual review over time. Analyst outcomes seed preference pairs, and we optimize using Direct Preference Optimization (DPO), expanding supervision via self-consistency. LoRA adapters enable tenant and sector specialization, drift monitors and score calibration keep thresholds steady, and new attack vectors go live immediately through RAG updates.
AI IN TOTAL PREDICT
Insider Threat
TruU Insider Threat protects organizations from risks arising within trusted identities.
Detecting insider threats requires understanding the intent behind actions, not just the actions themselves. TOTAL Predict applies an LLM-powered behavioral intelligence architecture that captures human context and interprets subtle patterns at scale.
Driven by this contextual intelligence, multi-agent neural screening layers process diverse streams of behavioral telemetry, removing benign noise while preserving high-value indicators of potential threats. At its core, the inference engine fuses LLMs, transformer-based context encoders, and domain-specific classifiers to surface malicious intent hidden within complex digital ecosystems.
Unlike traditional keyword-based systems, TOTAL applies semantic reasoning and temporal correlation across user histories to understand intent in real time. Each detection includes explainable AI outputs with natural-language justifications, extracted evidence phrases, and multidimensional risk scores that provide transparency and explainability for security teams.
AI IN TOTAL PREDICT
Collusion Detection
TruU Collusion Detection uncovers collusive campaigns by linking subtle behavioral patterns between users to reveal coordinated reconnaissance and early signs of insider compromise.
At its heart is a multi-layer knowledge graph that models how people interact across the organization. It moves beyond simple correlation rules to understand relationships and patterns of communication. Each layer adds a new dimension of context, beginning with access and identity data, then extending into behavioral signals and system usage. The graph then models how people communicate and how risk dynamics unfold across teams, showing how influence and intent spread within the organization. Finally, it grounds these patterns in persona context, interpreting every interaction through the lens of each individual’s job role.
Using this approach, TOTAL identifies emerging threat clusters before they escalate and exposes the early stages of collusion.
AI IN TOTAL PREDICT
Identity Vulnerability
TOTAL Identity Vulnerability detects and quantifies weaknesses in digital identities, uncovering signs of Account Takeover before they manifest as active threats.
TOTAL uses Multi-Modal Risk Perception to analyze orthogonal behavioral vectors such as device fingerprints, spatiotemporal patterns, network topology, registration dynamics, and environmental context. A Hidden Markov Model (HMM) powers a Bayesian Inference Engine that continuously updates threat probabilities for each user based on evolving telemetry.
This architecture enables adaptive threat belief propagation across multiple risk dimensions. When device transitions coincide with improbable location changes and network irregularities, the system identifies correlated indicators of attack. Operating with sub-second latency, TOTAL Predict detects gradual, multi-stage account takeovers that conventional anomaly detection methods consistently overlook.
AI to Identify Patterns in Unstructured Data
We aspire for TOTAL to be the system of record for all access and security events. There will always be a place for SIEMs, more so for offline case management for complex incidents. The challenge now is extracting intelligence from the vast, unstructured data they collect.
TOTAL continuously runs AI methods across your enterprise security event repository, interpreting unstructured data to uncover patterns, relationships, and risks that would otherwise remain buried.
AI IN TOTAL PROTECT
Continuous Identity
Continuous Identity extends protection beyond sign-on, using behavioral AI to detect when a machine or identity has been taken over by an attacker.
At its core is an AI-first system built on an LSTM model, a neural network designed to recognize patterns that unfold over time. It learns directly from native signals -- how each person types, moves their mouse, and interacts with their environment -- building a unique persona of what “normal” looks like for every user. The model was trained to distinguish genuine users from imposters using a dataset of 136 million keystrokes from 168,000 subjects.
Building on this foundation, the system applies advanced temporal reasoning to separate meaningful behavioral shifts from normal activity. A changepoint detection layer is used to pinpoint statistically significant changes in user patterns. Those changes are then analyzed using a Hidden Markov Model, which tracks how identity confidence evolves over time.
Finally, TruU’s patented decay model brings everything together. It fuses signals from the keyboard, mouse, and environment into a single, dynamic risk score. When behavior suddenly shifts, risk rises quickly; as normal patterns return, confidence rebuilds gradually. The result is a system that reacts instantly to real threats without overreacting to harmless, short-lived anomalies.
AI is not just here and now, but it’s intricately woven into every fabric of our professional lives. Whether you are a financial planner, a CIO, an assembly line worker, or a software engineer, you are using AI directly or indirectly.
AI is woven into TruU’s products to protect your infrastructure similarly.
AI IN TOTAL PROTECT
Continuous Identity
Continuous Identity extends protection beyond sign-on, using behavioral AI to detect when a machine or identity has been taken over by an attacker.
At its core is an AI-first system built on an LSTM model, a neural network designed to recognize patterns that unfold over time. It learns directly from native signals -- how each person types, moves their mouse, and interacts with their environment -- building a unique persona of what “normal” looks like for every user. The model was trained to distinguish genuine users from imposters using a dataset of 136 million keystrokes from 168,000 subjects.
Building on this foundation, the system applies advanced temporal reasoning to separate meaningful behavioral shifts from routine variation. A changepoint detection layer monitors confidence scores to pinpoint statistically significant changes in user patterns, distinguishing genuine shifts from natural fluctuations. Those changes are then analyzed through a probabilistic sequence model based on Hidden Markov logic, which tracks how identity confidence evolves naturally over time.
Finally, TruU’s patented decay model brings everything together. It fuses signals from the keyboard, mouse, and environment into a single, dynamic risk score. When behavior suddenly shifts, risk rises quickly; as normal patterns return, confidence rebuilds gradually. The result is a system that reacts instantly to real threats without overreacting to harmless, short-lived anomalies.
AI IN TOTAL PREDICT
Insider Threat
TruU Insider Threat protects organizations from risks that arise within trusted identities, detecting malicious intent and risky behavior that traditional rule-based systems overlook.
Detecting insider threats requires understanding the intent behind actions, not just the actions themselves. TOTAL Predict applies an LLM-based Behavioral AI to capture this context and interpret subtle human behavioral patterns at scale. Its inference engine combines context-aware transformers with persona modeling to perform hierarchical event classification tailored to each user’s behavioral baseline. To ensure explicability, every decision is accompanied by a reasoning pass from a Small Language Model (SLM).
These models are fine-tuned on native TruU signals and continuously improve through Direct Preference Optimization (DPO). As SOC analysts assign outcome labels to insider threat cases (e.g., benign, suspicious, confirmed threat), their feedback serves as a reinforcement signal, enabling the system to learn over time and reduce its reliance on human input.
The core of this intelligence layer is our Judge Agent, a state-of-the-art reasoning model that fuses behavioral, identity, and communication signals with historical context to understand user intent and risk in real time. Grounded in a retrieval-augmented knowledge base of known threats and refined through preference-aligned reinforcement learning, the Judge Agent delivers transparent, evidence-driven policy decisions that transform insider-risk detection into proactive, adaptive protection.
AI IN TOTAL PREDICT
Collusion Detection
TruU Collusion Detection uncovers collusive campaigns within trusted environments by connecting subtle behavioral links between users to expose hidden collaboration and intent.
Our multi-layer knowledge graph maps relationships and shared patterns across users, leveraging graph embeddings and temporal correlation models to identify collusive campaigns and reconnaissance. By analyzing communication pathways, access overlaps, and synchronized behavioral shifts, the system detects emerging threat clusters. This relational intelligence continuously refines its understanding of organizational dynamics, enabling early identification of coordinated risks before they escalate into active compromise.
AI IN TOTAL PREDICT
Identity Vulnerability
TruU Identity Vulnerability detects and quantifies weaknesses in digital identities, uncovering signs of compromise or takeover before they manifest as active threats.
TOTAL Predict uses Multi-Modal Risk Perception to analyze orthogonal behavioral vectors such as device fingerprints, spatiotemporal patterns, network topology, registration dynamics, and environmental context. At its core, a Hidden Markov Model (HMM) powers a Bayesian Inference Engine that continuously updates threat probabilities for each user based on evolving telemetry.
This architecture enables adaptive threat belief propagation across multiple risk dimensions. When device transitions coincide with improbable location changes and network irregularities, the system identifies correlated indicators of attack. Operating with sub-second latency and maintaining user state across sessions, TOTAL Predict detects gradual, multi-stage account takeovers that conventional single-event anomaly detection consistently overlooks.
AI to Identity Patterns in Unstructured Data
We aspire for TOTAL to be the system of record for all access and all security events. There will always be a place for SIEMs, more so for offline case management for complex cases.
TOTAL continuously runs AI methods behind the scenes on your enterprise security event repository.