Documentation Index
Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
The Playbook
What this is. A deliberate inventory of the best ideas in AI security — surveyed across 22 competitors, ranked by leverage, and rewritten as concrete specs Quint can ship. Every page here answers three questions: who did it first, why it matters, and what Quint’s version looks like.What this isn’t. A roadmap commitment. The priorities stack shifts with design-partner conversations and the divergence-detector sprint. Treat each page as an option with a known cost and a known payoff, not a scheduled deliverable.
Why a playbook
The AI security market produced six acquisitions totaling ~$1.8B between March and September 2025. Between March and May 2026, three incumbents — CrowdStrike, Microsoft, Palo Alto — announced endpoint-level AI agent security in six weeks. The category is being defined in real time, by someone, whether Quint participates or not. The risk isn’t missing an idea. The risk is scattering attention across ten ideas and shipping none. This playbook exists so Quint can pick deliberately.The three filters
Every page in the playbook was stress-tested against three rules:- Does it deepen the intent-vs-truth moat, or chase someone else’s game? Adding a WAF = chasing F5. Adding an AIBOM = deepening our visibility story.
- Does it build the behavioral corpus faster? Anything that gets more agent sessions into Quint’s data path is worth doing. Anything else is a distraction.
- Can a one-person engineering team actually ship it? Bounty programs are cheap. Federated learning isn’t.
The ten
Shadow AI Discovery
Inspired by: CrowdStrike AIDR + Microsoft Agent 365.
Every CISO’s first question is “what’s running?” — answer it as a standalone SKU before selling detection.
Agent Bill of Materials
Inspired by: HiddenLayer + CycloneDX ML-BOM.
Per-session AIBOM export (JSON + PDF + Ed25519 signed). Satisfies EU AI Act Annex IV, NIST AI RMF, ISO 42001.
Security Graph + Attack Paths
Inspired by: Wiz Security Graph.
14 node types × 16 edge types. The divergence overlay is the moat — no other vendor has both streams to render.
Category Naming
Recommended: Commit to “Agentic AI Security” (per Gartner’s April 2026 Hype Cycle). Use “AI Agent EDR” as the sales soundbite only.
SKU Packaging
Inspired by: SentinelOne/Prompt Security + Snyk.
Three SKUs: Quint Code (12/endpoint), Quint Agentic (2k platform).
Closed-Loop Signatures
Inspired by: F5 AI Remediate + CrowdStrike IoC distribution.
Divergence detection → FlowMatrix distillation → fleet push in <30s. Most of the architecture already exists.
Quint Labs (Research)
Inspired by: Noma Security + Wiz Research + Unit 42.
First research brand targeting CVE disclosures in Cursor/Claude Code, MCP servers, and incumbent blind spots.
Quint Lab (CTF)
Inspired by: Lakera’s Gandalf.
“Escape the Watchdog” — invert Gandalf. Player tries to exfiltrate a canary past Quint’s divergence detector. 10 levels. Lead capture at level 4.
IDE Extension
Inspired by: Snyk + GitGuardian.
Thin VS Code / Cursor extension talking to the local daemon. Status bar + inline risk diagnostics + approval modal.
Air-Gapped Deployment
Inspired by: TrojAI + Lakera self-hosted.
Three tiers: BYOC (Terraform), on-prem (Helm), true air-gap (Zarf bundle). Defense primes first.
The priority stack
Each idea has an impact/effort profile. Ranked (highest leverage first):| # | Idea | Effort | Impact | Blocks What |
|---|---|---|---|---|
| 1 | Shadow AI Discovery | ~16 eng-days | Every first sales conversation | Nothing — ship it while divergence detector is in flight |
| 2 | Category naming commitment | 0 eng-days | Every pitch, every landing page | Blocks brand/SEO work |
| 3 | Quint Labs — first research piece | 2-3 days writing | Investor credibility + organic top-of-funnel | Hamza availability |
| 4 | SKU repackaging | 0 eng-days | Every design partner conversation | Landing page rewrite |
| 5 | Agent Bill of Materials | ~2 weeks | EU AI Act / SOC 2 sales | Compliance-driven deals |
| 6 | Security Graph (MVP) | ~2.5 weeks | The demo moment after divergence card | Design partner validation |
| 7 | IDE extension (VS Code) | ~5 weeks | Developer love + daily engagement | After design partner signed |
| 8 | Closed-loop signatures | ~5-7 weeks | The fleet-learning narrative | After Stage 1 exits shadow |
| 9 | Quint Lab CTF | ~5 weeks | Viral top-of-funnel, research credibility | Hamza bandwidth, post-first-DP |
| 10 | Air-gapped (Phase 0) | ~2 weeks | Optionality for defense primes | Only if government deal is in flight |
What NOT to steal
This list matters as much as the one above. Explicitly rejected:- Inline LLM gateway / prompt rewriting — SentinelOne owns this via Prompt Security. Not winnable from our position.
- AI-SPM / cloud posture scanning — Wiz already won this. Don’t touch.
- Model weight scanning — Protect AI, HiddenLayer, TrojAI own the model artifact layer. Different threat model.
- Pure governance SaaS — Credo AI’s compliance dashboards without technical scanning are a dead-end for a security product.
- SASE / network proxy — WitnessAI, Cato, Zscaler own the network tier. Quint’s wedge is on-endpoint.
- Windows-first expansion — Microsoft Agent 365 bundles “endpoint AI governance” into E5. Competing on Microsoft’s home field is a losing game. Linux/K8s before Windows.
- GNN in production — No trained weights exist. The 500K labeled sessions required don’t exist. Ship when the data does, not before.
How to read this playbook
Each page follows the same structure:- What the market is doing — who built it, how it looks, what made it work.
- Why Quint’s version is different — the intent-vs-truth thesis applied to this idea.
- Concrete spec — schema, architecture, file list, where it lives in the stack.
- Effort + sequencing — eng-days, blocking dependencies, first-week sprint where applicable.
- Open questions — things that need a design partner or product decision before shipping.