12Port unveils AI session intelligence for PAM security

12Port has added AI-driven session intelligence to its agentless privileged access management platform, expanding beyond access approval to monitor what happens during privileged sessions.

The company plans to demonstrate the feature at RSAC in the Early Stage Expo at Booth ESE-11, where early-stage security vendors present products to enterprise buyers and partners.

Privileged access management (PAM) controls high-risk accounts that can make system-level changes across IT estates. Security teams use PAM to reduce the risk that stolen credentials or misuse of administrator accounts leads to broader compromise. The market has also shifted toward just-in-time access and stronger auditing as organisations face tighter compliance demands and more targeted attacks.

12Port frames the new feature as a response to a common weakness in PAM programmes: many organisations still rely on approvals and after-the-fact investigation rather than controls that operate during a live session.

"Privileged access remains the primary attack path, yet most defenses rely on static approvals and delayed review," said Peter Senescu, co-founder of 12Port. "12Port goes further by applying AI-powered insights to every privileged session to detect policy violations, risky behavior, and anomalies in real time. We can automatically trigger MFA re-challenges or terminate sessions, allowing organizations to stop threats as they happen, not after."

How It Works

The platform monitors activity during privileged sessions and records actions such as commands and keystrokes, along with contextual information. It then enriches the data with dynamic asset tagging, adding labels to systems and resources involved in a session. The goal is a more detailed audit trail than traditional access logs.

The system evaluates sessions for policy violations, risky behaviour, and anomalies while access is in progress. If activity crosses set thresholds, the platform can trigger an additional multi-factor authentication challenge or automatically terminate the session.

These responses align with a broader security shift toward continuous controls, which treat identity and behaviour as signals that change over time rather than a one-time decision at login. In privileged environments, that shift matters because administrators and service accounts can quickly alter configurations, create new users, and access sensitive data once inside.

Two-Layer Intelligence

12Port describes a two-tier approach for analysis and investigation. The first tier uses locally embedded machine learning models to analyse activity during a session, enabling rapid detection and automated containment.

The second tier integrates with cloud-based AI services for deeper forensic analysis and natural-language outputs. 12Port cites OpenAI as an example of a provider it can connect to and says it applies security governance to session data when these integrations are used.

This architecture has become more common as security vendors balance latency, data residency, and cost. Local processing can reduce delays when responses must happen quickly. Cloud models can offer broader language and pattern recognition for investigation and reporting, though organisations often scrutinise how sensitive telemetry is shared and retained.

"Data gathered from PAM systems is one of the richest but most underutilized security signals," said Mark Klinchin, co-founder of 12Port. "We built our platform to apply intelligence directly to live sessions, correlating behavior and policy in real time. By combining on-premises processing for immediate response with the analytical power of world-class AI models, we transform PAM from static approval into continuous, intelligent enforcement."

Platform Scope

12Port describes its PAM product as agentless, meaning it does not require software agents on target endpoints for session monitoring and control. It says the platform removes standing access, secures credentials, and applies just-in-time session control. The company also says it supports both human and application identities, reflecting the growing number of non-human accounts used by automation tools and workloads.

The vendor says it combines privileged access, vaulting, just-in-time controls, and AI-driven analysis in a single product. Larger PAM providers often deliver these capabilities through suites built by acquisition or modular add-ons. Start-ups have increasingly tried to differentiate through faster deployment and more automation around in-session risk decisions.

At RSAC, 12Port plans to demonstrate session intelligence, focusing on how the system detects anomalous behaviour during a privileged session and can initiate extra authentication checks or shut down a session when required.