Above Security Backs Open Framework to Tackle AI Insider Threats

NEW YORK and LONDON – April 27, 2026 – In a move that underscores the cybersecurity industry's struggle with internal risks, AI-native platform Above Security has been named the inaugural sponsor of the Insider Threat Matrix (ITM). The partnership directs commercial support to a critical open-source project, signaling a strategic shift toward creating a common, vendor-neutral language to combat a threat landscape being rapidly redefined by artificial intelligence.

The ITM, maintained by the insider threat-focused firm Forscie, is a practitioner-built framework that catalogs the human behaviors and digital events that constitute insider threat investigations. By backing this community-owned resource, Above Security is placing a significant bet that open standards, not proprietary black boxes, are the key to navigating the future of enterprise security.

Standardizing the Hunt for Human Risk

The challenge of the insider threat—whether malicious, accidental, or negligent—has long plagued organizations. Unlike external attacks, which often follow predictable patterns, insider incidents are deeply rooted in human behavior, context, and intent, making them notoriously difficult to detect and investigate. Historically, security, legal, and HR teams have lacked a shared vocabulary, leading to disjointed and often reactive responses.

The Insider Threat Matrix was created to solve this problem. Launched at Black Hat in 2024 by experienced practitioners James Weston and Joshua Beaman, the framework provides a structured taxonomy of insider threat tactics, techniques, and procedures. It functions much like the renowned MITRE ATT&CK framework does for external adversaries, but is purpose-built for the unique nuances of internal threats, where an attacker already has legitimate access.

Since its launch, the ITM has seen significant adoption. It is used not only for detection engineering and investigative design but also for security audits and policy development. Its impact is measurable: early adopters of ITM-based programs have reported a 65% effectiveness in pre-empting data breaches by identifying indicators in the preparation phase. Furthermore, these organizations have reduced the average containment time for insider incidents to 81 days, a marked improvement over teams operating without a structured framework.

"The Insider Threat Matrix is an extremely valuable resource for the community— built by practitioners, grounded in real investigations, and freely available to anyone doing the work," said Aviv Nahum, Co-Founder and CEO of Above Security. "We reference the Matrix within our product. So when an opportunity arose to support them, it was an enthusiastic 'yes.'"

A Strategic Alliance for the Agentic Era

The timing of this partnership is critical. The enterprise is entering what Above Security calls the "agentic era," where AI agents are increasingly granted access to corporate systems to act autonomously on behalf of employees. This dramatically expands the definition of an "insider" and creates threat vectors that traditional Data Loss Prevention (DLP) and User and Entity Behavior Analytics (UEBA) tools were not designed to handle. If an AI agent is compromised or acts on flawed logic, it can exfiltrate data or cause damage at a scale and speed far exceeding that of a human employee.

This new reality makes a shared, adaptable framework like the ITM essential infrastructure. Above Security's sponsorship, the first of a limited six annual slots, is a direct investment in sustaining this infrastructure. The funds will support ITM maintenance, community programming, and expansion of the framework to keep pace with evolving threats.

"Above Security is driving meaningful innovation in a space that desperately needs it," said James Weston, Co-Founder of Forscie and the ITM. "Their platform provides world-class insider risk analysis capabilities to enterprises that previously did not have the capacity to address it. Forscie and the ITM exist to empower every organization. We are thrilled to begin this new chapter with Above alongside us."

This move can be seen as more than just corporate philanthropy; it is a strategic alignment. By championing a vendor-neutral standard, Above Security positions itself as a thought leader committed to uplifting the entire industry's defensive capabilities, fostering trust that extends beyond its own product features.

Beyond Alerts: The Rise of AI-Native Investigation

For years, security teams have been inundated with low-context alerts from a patchwork of security tools. This has led to analyst burnout and a reactive posture, where investigations often begin only after a breach has occurred. The industry is now pivoting toward a more proactive, behavior-centric model, with recent studies showing that 62% of organizations now favor user behavior-based tools for insider threat detection.

Above Security claims its platform represents the next evolution in this trend. Describing its service as a fleet of "autonomous AI investigators," the company says its technology moves beyond flagging isolated anomalies. Instead, it continuously investigates user behavior to build narratives, understand intent, and surface risk before it materializes into an incident.

The integration of the Insider Threat Matrix is central to this process. "Our Arbiter engine correlates behavioral signals the way a human investigator would — across identity, endpoint, SaaS, and AI environments — and the Matrix provides the shared structure that lets the industry compare notes," explained Amir Boldo, Co-Founder and CPTO of Above Security. By using the ITM as a foundational blueprint, the platform's AI can map observed actions to a known sequence of threatening behaviors, providing a clear, defensible rationale for why a particular activity is considered risky.

This AI-native approach, built from the ground up with a structured investigative framework in mind, stands in contrast to legacy systems that may have added a layer of machine learning but remain fundamentally rule-based. The goal is to deliver not just alerts, but complete, investigation-ready timelines that explain who did what, why it matters, and what to do next, empowering security, HR, and legal teams to act decisively and proactively.