logoalt Hacker News

bitladtoday at 5:33 PM2 repliesview on HN

I think you are going in the wrong direction. All EDR providers have this capability now. The actual example of the drop table command that you specified does not execute on the "user's endpoint" anymore.

The fact that you have install another EDR along with this is a no-go.


Replies

XiaHuatoday at 5:56 PM

Thanks for the feedback!

I agree that DROP TABLE executes remotely. The key point is that the decision to invoke the tool is made by coding agents like Claude Code. Traceforce captures those tool calls at the application layer before they're executed.

The gap we focus on is application-level visibility inside AI apps—understanding which MCPs, skills, and tools are connected and what they're doing. A big part of our work has been building an MCP registry so we can accurately identify and classify MCPs, something traditional EDR telemetry doesn't provide.

That said, if your existing EDR already gives you that level of visibility and enforcement, I’d be interested in learning about which EDR you’re using and how it handles MCP and tool-level activity.

gk1today at 5:51 PM

+1

You're facing competition from both the incumbents who can ship these capabilites to their massive userbase, and emerging startups like Runlayer who are running away with the AI-native segment.

What are you offering that people want yet neither of those classes of solutions offer?

show 1 reply