Security startup Cylance’s endpoint detection software uses artificial-intelligence (AI) to enable threat hunting, attack analysis, and incident response.

The Cylance AI Platform generates machine-learning models that predict if a file is safe or a threat. This, the company says, simplifies threat hunting and attack analysis. Additionally, this data is stored locally and encrypted, which means companies don’t have to continuously stream data to the cloud.

“We’re coming with a prevention-first approach to security,” said Steve Salinas, product marketing manager at Cylance. “The other vendors are all really detection-first.”

The start-up is founded by former McAfee veterans. CEO Stuart McClure is the former CTO of the antivirus software firm, and Cylance chief scientist Ryan Permeh held the same title at McAfee. Cylance works with hundreds of government agencies and companies. Some of its big-name clients include Panasonic, Toyota, Gap, and Netgear.

Since it’s 2012 launch, Cylance has scored $177 million from investors including Dell Technologies Capital. Its most recent Series D round in June 2016 raised $100 million.

The company got a big boost last year. That’s when a congressional report concluded that Cylance played a key role in discovering and stopping malware that caused the Office of Personnel Management (OPM) data breach. The massive attack stole the records of more than 20 million government employees.

Cylance’s new software automatically collects data on detected or blocked attacks. Security analysts can use this data to perform root cause analysis and determine where they need to close gaps in their security framework. “For example, they might need to strengthen email filters, or if they see employees are constantly clicking on files from unknown senders, maybe it’s about better training,” Salinas said.

It also provides instant access to data collected from endpoints with InstaQuery (IQ), the endpoint data interrogation and visualization layer. This allows users to conduct on-demand enterprise-wide threat hunts, searching for files or other indicators of compromise.

Built-in response capabilities allow security teams to take immediate response actions across the entire enterprise.