Meet DTEX Risk Assistant: The AI Partner for Insider Risk Investigations

Security teams have more data than ever. Understanding risk is still the hard part.

At DTEX, we have always been hyper-focused on using behavioral science to help organizations better understand the human elements of insider risk. That focus is now expanding to meet a new reality.

Security teams are managing more alerts, more data, and more AI-driven activity than ever before. Yet understanding what actually happened, why it happened, and whether it represents real risk is still the hard part.

DTEX Risk Assistant helps analysts cut through that complexity. Using natural language, analysts can investigate insider risk and data loss incidents with greater speed, consistency, and confidence.

DTEX Risk Assistant, or Risk Assistant for short, is an AI-powered investigation assistant that complements the behavioral intelligence produced by the DTEX Platform and DTEX AI Risk Management. It helps analysts ask pointed questions about where sensitive data is going, what behaviors contributed to risk, and whether activity appears malicious, compromised, or non-malicious.

That “why” matters. It helps teams determine the right response faster.

Not just another AI assistant

Behavioral intelligence is the difference

What sets Risk Assistant apart is not artificial intelligence alone. It is the behavioral intelligence behind it.

DTEX’s approach to data collection and behavioral enrichment helps prevent sophisticated insider risks from falling through the cracks. Risk Assistant builds on that foundation by grounding answers in behavioral context, intent, and evidence unique to each environment.

Most AI assistants summarize alerts. Risk Assistant helps analysts understand risk, so teams can move from questions to clearer decisions faster.

Let good data speak for itself

DTEX is built on the principle of letting good data speak for itself. Risk Assistant uses DTEX behavioral intelligence, proprietary risk and analytics models, and proven investigation methodologies to turn complex activity into clear, context-rich insights.

Analysts no longer need to manually piece together activity across users, data, devices, and AI tools. Risk Assistant helps summarize behaviors, surface relevant indicators, and guide teams toward the next best investigative step.

Contextual answers backed by evidence

Context is what makes Risk Assistant useful for real investigations. Analysts can ask questions in plain English and receive contextualized answers, recommended next steps, and platform guidance in seconds.

Risk Assistant can also help analysts surface behavioral indicators, identify patterns and anomalies, explore curated dashboards, and access automated investigation playbooks. With the @skills mention, analysts can focus the conversation on specific workflows. With the @docs mention, Risk Assistant can pull from relevant DTEX documentation to provide a response.

Built for secure, AI-powered investigations

Built on Amazon Bedrock with strict security controls, Risk Assistant is designed to support faster, privacy-first investigations without compromising on customer data.

The assistant helps analysts investigate risk, summarize behavioral insights, and access guidance using natural language. The goal is simple: make complex investigations easier to navigate while preserving the rigor analysts need to make confident decisions.

Privacy-by-design

Risk Assistant is built with privacy-first principles. It does not train on customer data and does not have direct access to the internet.

Risk Assistant also supports privacy-preserving investigations through patented Pseudonymization™ techniques. These techniques help protect user identity and datasets while keeping security teams informed with the context they need.

Three ways Risk Assistant supports insider risk investigations

Example 1: Identifying high-risk users fast

Risk Assistant provides quick insight into high-risk behaviors that may indicate insider risk. An analyst can ask, “Who are the riskiest users?” Risk Assistant then helps surface users based on risk signals and activity patterns.

Analysts can also ask about a specific user’s risk score. Risk Assistant summarizes relevant behavior and helps assess whether activity appears malicious, non-malicious, or compromised.

With this context, analysts can quickly decide where to investigate next. What once required manual review can now begin with a focused, evidence-backed summary.

Video: Searching for risky users.
Risk Assistant helps analysts understand why a user’s risk changed and where to focus next.

Example 2: A deep dive into PowerShell script interactions

Risk Assistant can analyze interactions with tools such as PowerShell, which may be used for administrative work or suspicious activity. An analyst can ask, “Who are the users interacting with PowerShell scripts?”

Risk Assistant can identify relevant users, quantify interactions, and highlight activity patterns that may require review. Analysts can then ask follow-up questions, such as when the interactions occurred or whether activity deviated from normal behavior.

This helps teams move from a broad question to a focused investigation. It also keeps the surrounding context visible, which is critical when assessing whether activity represents real risk.

Video: Searching for PowerShell interactions.
Risk Assistant surfaces behavioral patterns and context that helps analysts prioritize what matters.

Example 3: Getting instant platform guidance and support

Risk Assistant can also help analysts work more efficiently by providing contextual platform guidance. Analysts can ask questions such as, “How do I change anomaly detection settings?”

Risk Assistant can provide summary guidance, recommended next steps, and links to relevant DTEX documentation. It can also help with related tasks, such as triaging alerts or finding training resources.

This reduces friction during investigations. It also helps teams follow more consistent workflows across analysts with different levels of platform experience.

Video: Finding help with DTEX documentation
Risk Assistant helps analysts find relevant guidance and next steps without leaving the investigation flow.

A new frontier for insider risk management

Insider risks are becoming increasingly costly. The average annual cost now surpasses $19.5 million, according to the 2026 Cost of Insider Risks Global Study. 

The same study found that it takes 67 days on average to contain an insider incident. It also found that 29% of incidents take more than 90 days to contain.

At the same time, generative AI is changing how employees access and share information. As human and AI-driven activity become increasingly intertwined, security teams need more than alerts and summaries. They need a faster way to understand what happened, why it happened, and whether it represents real risk.

DTEX Risk Assistant helps meet that need. It complements the DTEX Platform and DTEX AI Risk Management with natural language investigation support, behavioral context, and evidence-backed guidance.

Risk Assistant helps analysts move from raw activity to clearer understanding. As a result, teams can investigate insider risk and data loss incidents with greater speed and consistency.

Part of the DTEX Agentic Defender suite

Risk Assistant is one of the three DTEX Agentic Defenders, alongside Triage Guardian and Threat Hunter. Together, these agents help security teams investigate faster, prioritize what matters, and reduce manual effort across human and AI-driven risk workflows.

The future of insider risk investigations is not more noise. It is better context, clearer decisions, and faster paths from question to answer.

As the global leader for insider risk management, DTEX unifies data science with AI and behavioral psychology to proactively stop insider risks from materializing into data loss events. DTEX solutions operate at the intersection of data loss prevention, user activity monitoring, and user behavior analytics to surface potential risk indicators earlier.

DTEX Risk Assistant builds on 20 years of insider risk experience to guide investigations with unprecedented skill and speed.

Contact us for a demo of DTEX Risk Assistant.