Back to feed
Dev.to
Dev.to
6/15/2026
How I got a threat-classification AI running on-agent in under 8ms — no GPU, no cloud

How I got a threat-classification AI running on-agent in under 8ms — no GPU, no cloud

Short summary

A threat-classification system (Cortex) runs on-agent in <8ms using XGBoost ensembles and a lightweight autoencoder for anomaly detection, solving reliability and latency problems with cloud-based monitoring. The author engineered ~140 features from kernel events (process ancestry, network patterns, temporal behavior, file integrity) and uses eBPF probes for sub-millisecond event capture. Feature engineering dominated the work; SHAP values explain classifications to operators without LLM-generated summaries.

  • On-agent XGBoost inference achieves <8ms threat classification without GPU or cloud round-trips
  • Feature engineering (140+ contextual features from kernel events) enabled reliable threat detection at scale
  • eBPF probes + in-memory state store deliver sub-millisecond event processing for real-time security response

Generated with AI, which can make mistakes.

Is this a good recommendation for you?

Explore more