Dev.to
6/15/2026

How I got a threat-classification AI running on-agent in under 8ms — no GPU, no cloud
Short summary
A threat-classification system (Cortex) runs on-agent in <8ms using XGBoost ensembles and a lightweight autoencoder for anomaly detection, solving reliability and latency problems with cloud-based monitoring. The author engineered ~140 features from kernel events (process ancestry, network patterns, temporal behavior, file integrity) and uses eBPF probes for sub-millisecond event capture. Feature engineering dominated the work; SHAP values explain classifications to operators without LLM-generated summaries.
- •On-agent XGBoost inference achieves <8ms threat classification without GPU or cloud round-trips
- •Feature engineering (140+ contextual features from kernel events) enabled reliable threat detection at scale
- •eBPF probes + in-memory state store deliver sub-millisecond event processing for real-time security response
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



