What is DXI?

The World's First Deterministic eXecution Integrity (DXI) Platform


For more than two decades, cybersecurity has been built around a common objective: detecting attacks after they begin. As cyber threats evolved, the industry responded by developing increasingly sophisticated tools capable of identifying malicious behaviour, investigating incidents and coordinating response activities across complex environments.

 

Antivirus platforms, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Managed Detection and Response (MDR), Security Information and Event Management (SIEM) platforms and threat intelligence services all emerged from this model. Their purpose is to improve visibility, accelerate detection and reduce the time required to identify and contain compromise.

 

These technologies continue to play an important role in modern cybersecurity. However, they share a common characteristic: they operate after execution has begun.

 

Every successful cyberattack ultimately depends upon execution.

 

 Ransomware must execute before it can encrypt data.

 Malware must execute before it can establish persistence.

 Living Off The Land techniques must execute before legitimate tools can be abused.

 Fileless attacks, memory-resident attacks and zero-day exploits all rely on the ability to execute instructions within the target environment.

 

Without execution, the attack cannot achieve its objective.
 

Every cyber attack depends upon executing instructions. Prevent execution, and the attack cannot progress.

This observation led to a simple but important question:

What if unauthorised execution could be prevented before damage occurs?

The answer is Deterministic eXecution Integrity.


Abatis invented Deterministic eXecution Integrity (DXI), a new cybersecurity category designed to control execution before an attack becomes operational. Rather than attempting to determine whether software is malicious, DXI determines whether execution is authorised.

 

This distinction fundamentally changes the security model.

 

Traditional security technologies attempt to identify malicious behaviour once execution has already begun. Their effectiveness depends upon recognising threats quickly enough to generate alerts, trigger investigations and initiate a response before significant damage occurs.

 

DXI approaches the problem differently. Instead of asking whether a piece of software appears malicious, it asks whether the proposed execution path has been authorised. If authorised, execution proceeds normally. If unauthorised, execution is prevented.

 

The focus shifts from recognising threats to controlling execution.


DXI operates at the operating system layer, where it establishes and enforces a trusted operational baseline. Once this baseline has been defined, authorised software, processes and execution paths continue to operate as expected, whilst unauthorised execution attempts are prevented from becoming operational.

 

This approach is effective regardless of how an attack arrives. Whether the initial vector is phishing, a compromised software update, removable media, a supply chain compromise, a zero-day vulnerability or insider activity, the attacker must ultimately achieve unauthorised execution in order to progress.

 

By controlling execution itself, DXI helps prevent ransomware, malware, Living Off The Land abuse, fileless attacks, persistence mechanisms and other unauthorised execution paths from becoming operational.

 

Because DXI is based upon authorisation rather than recognition, it does not depend upon signatures, behavioural analysis, threat intelligence feeds or continuous cloud connectivity. Its effectiveness is not derived from identifying known threats, but from enforcing deterministic control over what is permitted to execute within the environment.

The objective is not to recognise every threat, but to control what is permitted to execute.


This distinction becomes increasingly important as Artificial Intelligence accelerates the creation of malware variants and attack techniques. Detection-based systems must continually adapt to recognise new threats.

 

DXI remains focused on a different question entirely: is the execution authorised?

 

The practical benefits extend beyond security alone. By reducing dependence on threat recognition, organisations can:

 

  • simplify operational complexity,
  • reduce alert fatigue,
  • lower logging and monitoring overheads,
  • improve resilience across both modern and legacy environments.

 

Security teams can spend less time investigating suspicious activity and more time focusing on governance, risk management and operational resilience.


For decades, cybersecurity has concentrated on visibility. DXI is focused on control.

As organisations seek greater resilience, reduced complexity and stronger authority over their digital environments, the question is no longer simply how quickly attacks can be detected.

 

The more fundamental question is:

 

Who controls what is permitted to execute?


Abatis invented Deterministic eXecution Integrity to answer that question.
 

Want to know more?

Check out our whitepaper on Detection vs. Determinism!

Something unclear?

Our FAQ page has you covered.