Menu
Pricing
Start Free Assessment
Cinematic hero illustration: a luminous cyan neural brain built from circuit traces rises from an endpoint laptop chip, with a horizontal timeline of glowing data points marking the eras of DLP fading into amber light on the horizon.

Why Now: DLP Finally Got a Brain

Small language models, Rust safety, and AI-native build economics converged in 2026. Here is the technical case for why the regex era of DLP is over.

TL;DR

Data Loss Prevention has been stuck in the regex era for 20 years. Three technical inflections landed at the same time — small language models on the endpoint, memory-safe Rust replacing legacy C++, and AI-native build economics — and together they make a new category possible. We call it Agentic DLP. It reasons at the point of action instead of matching patterns after the fact. It runs at sub-3% CPU. It costs 10x less than the incumbents. And it works for the 80% of the mid-market that never got to buy DLP in the first place.

The question every investor asks

“Why now?” It’s the first slide any serious security founder has to earn. DLP as a category has been around since 2005. Symantec, Websense, RSA, Forcepoint, Microsoft Purview — the field is not empty. So what makes 2026 different from 2016?

The honest answer: three engineering realities changed inside a single 24-month window, and a fourth business reality changed with them. Any one of them would be interesting. All four together create the kind of dislocation that lets a small team beat vendors with 200-engineer roadmaps.

The regex era, in one paragraph

Every DLP product shipped between 2005 and 2022 is, underneath the marketing, a very expensive regex engine. It looks for credit-card numbers. It looks for social-security patterns. It fingerprints known documents (EDM/IDM). It writes those matches to a SIEM, or blocks a file transfer, or emails a security analyst who will look at it three days later. It has no idea whether the sender meant harm, whether the destination is legitimate, whether the account is the user’s corporate or personal one, or whether the “document” is actually a paste into a chat box that ships to a model hosted by a company nobody vetted.

That was fine when data left the org through a small number of channels: email attachments, USB sticks, sanctioned SaaS. It stopped being fine the day ChatGPT launched.

21 years
since Symantec DLP shipped. The detection engine has not fundamentally changed.

21 years of DLP, in five moments

YearWhat happened
2005Regex-era DLP is born. Symantec, Websense, RSA. Pattern matching, keyword lists, EDM fingerprinting. Great at credit-card numbers. Blind to intent.
2015Cloud shatters the perimeter. CASBs bolt DLP onto SaaS APIs. Still regex under the hood. Still no reasoning.
2022ChatGPT ships. A paste box on a webpage becomes the largest uncontrolled data-egress channel in enterprise history. No DLP vendor has a native answer.
2024SLMs land on the endpoint. Apple Intelligence, Copilot+ NPUs, Gemini Nano. On-device reasoning ships to a billion devices.
2026Agentic DLP. Reasoning at the point of action. Account-aware. Agent-to-agent. Written in Rust. At 10x lower cost.

Force #1 — Small language models on the endpoint

Until 2024, running a language model on the device meant one of two things: a toy model that could barely spell, or a data-center GPU strapped to your desk. Neither could power a real-time DLP decision.

That is not the world we live in anymore. Apple Intelligence ships a 3B-parameter model on every recent iPhone and Mac. Copilot+ PCs ship with NPUs delivering 40+ TOPS. Gemini Nano runs inside Chrome. The current generation of quantized SLMs — Phi-3.5, Llama 3.2, Gemma 2 — reason well enough to answer the only question a DLP engine actually needs to answer:

“Given this specific user, on this account, in this app, pasting this text — is that consistent with the org’s policy, or is it the kind of thing we should intervene on?”

Regex cannot answer that. An SLM can. And it can do it in under 50 milliseconds, on the device, with zero cloud round-trip. That is the difference between DLP that annoys users and DLP that protects them without them noticing.

Why on-device matters

Every cloud round-trip is a latency budget you spend, a data-residency question you have to answer, and a place your DLP tool becomes a bigger risk than the thing it is stopping. On-device inference removes all three.

Force #2 — Rust replaced legacy C++

The endpoint DLP agents shipping today are almost all legacy C++. That was the right call in 2005 and it is the wrong call now. CrowdStrike’s July 2024 outage — a single kernel-driver update taking down 8.5 million Windows machines — was not a fluke. It was the predictable failure mode of trusting a memory-unsafe language with kernel-adjacent responsibilities on a billion endpoints.

Rust changes the physics. The Linux kernel now accepts Rust. Windows has Rust in its kernel. AWS Firecracker, Cloudflare Pingora, and Discord’s message infrastructure moved off C++ and never looked back. Memory-safe-by-construction is now the default expectation for new safety-critical infrastructure.

An Agentic DLP agent written in Rust doesn’t just avoid a class of bugs — it gets to make different architectural choices. It can stay resident, sniff at kernel-relevant boundaries, mediate TLS traffic, and hot-reload policy, without the fear that a bad update takes down a Fortune 500 fleet. That was not a defensible product choice in 2015. It is now.

<3%
endpoint CPU budget. What Rust and NPUs make possible for always-on DLP.

Force #3 — AI-native build economics

This is the one that keeps incumbent CTOs up at night. What used to take a 200-engineer organization five years — an endpoint agent, a browser extension, a policy engine, a management console, a threat-intel bundle, an integrations layer — a focused team now ships in months.

Not because the problem got easier. Because the ratio of engineer-to-shipped-code changed by roughly an order of magnitude. AI-assisted development is not a productivity boost. It is a category boundary. Companies that were structurally impossible to build in 2020 are shippable in 2026.

The consequence is unglamorous but decisive: a build that costs 10x less can price 10x lower and still be a better business than the incumbent. That is what unlocks the mid-market for DLP.

Force #4 — The paste box became the perimeter

ChatGPT’s launch in November 2022 did something no CASB vendor had a slide for. It made every browser tab into a data-egress channel, and every knowledge worker into a person moving corporate data across that channel a hundred times a day. Not because they’re malicious. Because it is genuinely the most productive thing they can do with their time.

The regex era literally cannot see this. A paste into a chat box does not create a document, does not fire a file-watcher, does not traverse a CASB API. It goes straight from the OS clipboard into a POST body to a domain that a URL-based rule engine has no opinion about.

Agentic DLP was designed for exactly this channel. Account-aware — it can tell a corporate Google session from a personal one on the same browser. Agent-aware — it can tell whether an MCP tool call originated from a sanctioned agent or a rogue one. And it operates at the point of action, not after the fact.

Read the visual case

The Why Now page summarizes all four forces on one screen, with the timeline, the numbers, and the comparison table.

Open the Why Now case →

Regex-era DLP vs Agentic DLP, dimension by dimension

DimensionRegex-era DLPAgentic DLP
DetectionRegex, keyword lists, EDM/IDM fingerprintingOn-device SLM + policy graph, reasons about intent
AI-tool coverage“Category = web.” No ChatGPT, Claude, Gemini, or MCP awarenessEvery major AI tool, MCP server, and package registry, autonomously scored
Account awarenessURL-based rules. Personal vs corporate Google = indistinguishablePer-session account identity. Blocks paste into personal Gmail, allows the corp one
DeploymentEndpoint agent + network appliance + management server + weeks of PSBrowser extension in minutes. Optional Rust OS agent via MDM.
Kernel safetyLegacy C++. CrowdStrike-class blast radiusRust, memory-safe by construction, sub-3% CPU budget
Pricing$60–$120/seat/year with a mandatory multi-year contract10x cheaper. Self-serve. Free tier for individuals
Who it’s forF500 with a dedicated DLP team and a vendor AEEvery team, from 20-person startups to F500

The disruption: DLP for everyone

Here is the part that matters for the market, not just the technology. Roughly 80% of the mid-market has no DLP today. Not because they don’t want it. Because the incumbents priced them out and required a professional-services engagement they couldn’t staff. A 200-person biotech does not run Symantec DLP. A 40-person AI startup pasting client data into Claude every day does not run Purview.

Agentic DLP is the first product they can actually deploy. Browser extension in minutes. Optional OS agent when they’re ready. No mandatory contract. No PS engagement. Pricing that a mid-market CFO signs off on the same day.

That is a much larger addressable market than the one Symantec and Purview have been fighting over. And it is where category creation happens — not by taking share from an incumbent, but by making the product accessible to the 10x of the market the incumbent never served.

The four objections we hear most

“Why not wait for Microsoft Purview to add this?”

Because Purview is a feature inside a suite. Agentic DLP is the whole company. AI-native build economics mean a focused team ships in weeks what a suite-vendor’s DLP PM has to fight for a quarterly release slot to ship. Purview also has a structural conflict: it can’t recommend blocking Copilot. We can.

“On-device AI means my endpoints get slower, right?”

NPUs and GPUs do the lifting. Our OS Agent budget is under 3% CPU and 100MB RAM. On any 2023-or-later device, users cannot tell it is running. On older hardware, we fall back to a smaller model — the detection quality degrades gracefully rather than eating the CPU.

“Is Rust really battle-tested for kernel-adjacent work?”

Linux kernel, Windows kernel, Firecracker, Pingora, curl, Cloudflare’s edge, most new tooling at Discord and Meta. Rust is where safety-critical infrastructure has already moved. CrowdStrike-class blast radius is an artifact of C++, not a law of nature.

“How is this different from Nightfall, Cyberhaven, or a prompt scanner?”

Prompt scanners see strings. Agentic DLP reasons about the human, the account, the tool, and the downstream agent. Account-aware enforcement, agent-to-agent trust scoring, and supply-chain guard on package installs are all outside a prompt scanner’s frame.

What changes for the buyer

Zoom out for a second. If you are a CISO in 2026, you are being asked to do three things at once:

  • Let your people use AI, because the productivity gap is real and your CEO can see it.
  • Stop your people from pasting the wrong thing into the wrong AI, because the breach notification is not going to say “our regex was old.”
  • Do it without deploying an agent that could take down your fleet.

The regex-era stack cannot do all three. Not because the vendors are bad — because the primitives underneath the vendors are wrong for the job. That is what the Why Now argument is really saying. It is not that RRR is clever. It is that the ground moved.

10x
lower TCO than Symantec or Purview. What AI-native economics make possible for the buyer.

Closing

Categories get created when the underlying primitives change. Cloud created SaaS. Smartphones created ride-share. On-device SLMs, Rust safety, and AI-native build economics are creating Agentic DLP. The regex era did its job for 20 years. It is not the era we are shipping into.

If you want the visual version of this argument — timeline, forces, and stats on one page — read the Why Now case. If you want to see it in direct comparison with the incumbents, we did that too: RRR vs Symantec DLP and RRR vs Microsoft Purview.

Ready to see Agentic DLP in your own browser?

The browser extension deploys in under 5 minutes. The OS agent is optional. Pricing is transparent.

See pricing →
RRR Logo

RRR Team

Rapid Risk Review

The team behind RRR. Building Agentic DLP: DLP on autopilot for humans, non-humans, and AI agents, at AI speed.