# Why EDR Fails at AI Security & The Rise of Endpoint Behavior Modeling

Page: https://stenobird.com/podcast/cloud-security-podcast-612345/why-edr-fails-at-ai-security-the-rise-of-endpoint-behavior-modeling
Text version: https://stenobird.com/podcast/cloud-security-podcast-612345/why-edr-fails-at-ai-security-the-rise-of-endpoint-behavior-modeling.md
Podcast: [Cloud Security Podcast](https://stenobird.com/podcast/cloud-security-podcast-612345)
Published: 2026-04-14T18:15:00+00:00
Episode link: https://podcasters.spotify.com/pod/show/cloudsecuritypodcast/episodes/Why-EDR-Fails-at-AI-Security--The-Rise-of-Endpoint-Behavior-Modeling-e3htf6l
Audio file: https://anchor.fm/s/10fb9928/podcast/play/118454933/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2026-3-14%2F422067319-44100-2-d9af6da2234f2.mp3
Processing state: not_requested
JSON: https://stenobird.com/v1/public/podcasts/cloud-security-podcast-612345/episodes/why-edr-fails-at-ai-security-the-rise-of-endpoint-behavior-modeling
Duration seconds: 1866

## Resource

Is your EDR blinding you to insider threats? In this episode, Ashish is joined by Brandon Dixon (Co-Founder & CTO of Ent AI , and former Microsoft Security Copilot leader) to discuss why traditional endpoint security tools are failing in the AI era . Brandon talks about the reality of modern "Insider Risk." Attackers are no longer relying on malware; they are "living off the land" by using legitimate enterprise software (like Zoom or Microsoft Office) to look like everyday employees . Why EDR tools can see that Zoom is running, but are completely blind to a user granting remote control to an outsider . We also explore the explosion of Shadow AI, highlighting a real-world HIPAA violation where an HR employee tried to feed patient records into Meta AI via WhatsApp . If your SOC team is drowning in alerts from "dumb control points," this episode talks about how to move from reactive pattern matching (legacy DLP) to proactive behavioral intent modeling at the endpoint Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠ Brandon's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podca…

## Actions

- request_transcript: `POST https://stenobird.com/v1/public/podcasts/cloud-security-podcast-612345/episodes/why-edr-fails-at-ai-security-the-rise-of-endpoint-behavior-modeling/transcription-requests` — Idempotently request low-priority transcript generation for this episode.
- read_markdown: `GET https://stenobird.com/podcast/cloud-security-podcast-612345/why-edr-fails-at-ai-security-the-rise-of-endpoint-behavior-modeling.md` — Read the agent-friendly Markdown representation of this episode resource.

A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed.

## Transcript

Full transcripts are not published on public pages unless there is a clear rights basis.