Most security tools detect attacks after they happen. Exein’s Photon blocks them before they can execute — by operating inside the kernel itself.
Unveiled at RSAC 2026, Photon represents a new category of runtime security designed for the AI-native world: autonomous agents, physical AI systems, IoT environments, and edge infrastructure where disconnection isn’t an option and downtime means real-world consequences.
How Photon Works
Traditional cybersecurity operates in user space — the same layer as the applications being protected. This means security tools are essentially competing with malware for the same resources and privileges. If malware executes first, the security tool is playing catch-up.
Photon inverts this by operating at the kernel level — the core of the operating system. Instead of detecting and remediating threats after compromise, it prevents malicious execution paths from running in the first place.
The logic is simple: if malicious instructions cannot execute, the attack cannot take place.
Key architectural properties:
- Preemptive, not reactive — blocks execution paths before they run, not after
- Kernel-native — operates at the OS foundation, below user-space applications
- Real-time — near-zero latency enforcement
- Selective blocking — stops malicious processes without shutting down the entire system
That last point is critical for physical systems. A factory robot or medical device can’t afford a full system shutdown when a threat is detected. Photon blocks the specific malicious execution path while the rest of the system continues operating.
Why This Matters for AI Agents
The convergence of AI agents with physical infrastructure creates a new threat surface that traditional security wasn’t designed for:
Autonomous AI agents on edge devices — local LLMs powering intelligent edge systems operate with real-world actuator access. A compromised agent on an industrial controller can cause physical damage.
AI-driven exploitation at machine speed — threat intelligence shows average attacker breakout times fell to just 29 minutes in 2025, 65% faster than the previous year. AI-assisted automation is accelerating this further. Detection-based security can’t keep up when attacks complete before alerts fire.
Agent-to-agent attack propagation — in environments where multiple autonomous agents communicate and coordinate, compromising one agent can cascade to others. Kernel-level blocking prevents the initial execution from succeeding.
As Exein CEO Gianni Cuozzo framed it: “In a future where humanoid robots walk among us, local LLMs power intelligent edges, and autonomous drones reshape mobility, preemptive runtime security represents the new generation of protection.”
The Physical AI Security Gap
Most RSAC 2026 announcements focus on securing AI agents in enterprise software environments — cloud workloads, SaaS platforms, developer tools. Exein targets a different domain: where AI meets the physical world.
This includes:
- Industrial robotics — manufacturing, warehousing, logistics
- Critical infrastructure — energy, water, transportation
- Autonomous vehicles — drones, self-driving systems
- Medical devices — connected health equipment
- Smart buildings — HVAC, access control, environmental systems
In these environments, the Munich Security Report 2026 warned that cyber operations are now engineered to cause real-world disruption. The attack surface is expanding as more physical systems gain autonomous AI capabilities.
How It Compares
| Approach | Example | Layer | Timing |
|---|---|---|---|
| Kernel preemption | Exein Photon | Kernel | Before execution |
| Runtime monitoring | Sysdig, SentinelOne | User space | During execution |
| Behavioral detection | CrowdStrike, Arctic Wolf | User space | After execution starts |
| Policy enforcement | Snyk Agent Guard, Check Point | Application | Before/during execution |
Photon occupies a unique position: it’s the only RSAC 2026 announcement operating at the kernel level for AI agent security. The tradeoff is scope — it’s optimized for physical/edge/IoT environments rather than cloud-native enterprise workloads.
What OpenClaw Users Should Know
If you’re running OpenClaw agents on edge hardware — Raspberry Pi, Mac Mini, NAS devices, home servers — Photon’s approach is relevant. These devices often run agents with significant system access (file system, network, hardware control) in environments where traditional endpoint security is too heavy.
The kernel-level blocking approach means protection works without:
- Cloud connectivity (works air-gapped)
- Heavy resource consumption (critical for edge devices)
- Application-level changes (agents run unmodified)
For enterprise OpenClaw deployments in physical environments — security monitoring for buildings, industrial control interfaces, healthcare systems — Photon addresses the runtime security layer that most agent governance tools don’t touch.
Exein claims to already safeguard over 2 billion devices worldwide through its runtime security technology.
The Takeaway
While most RSAC vendors are racing to govern AI agents in software, Exein is securing them at the kernel level in physical infrastructure. Photon represents a bet that the most dangerous AI agent threats won’t be prompt injection in a chatbot — they’ll be compromised agents controlling physical systems where the consequence of failure is measured in broken things, not broken data.
The approach is architecturally different from everything else at RSAC 2026. Whether kernel-level preemption can scale across the diversity of edge devices and autonomous systems is the open question. But the thesis — block execution, don’t just detect it — is hard to argue with.