Show the math.
That's the whole product.

Every endpoint detection vendor on Earth runs the same kind of model under the hood — Isolation Forest, gradient-boosted trees, an autoencoder for the boutique vendors. They all read Windows event logs. They all score behaviour against a baseline. They all flag deviations.

What they don't all do — what almost none of them do — is show you the math. When CrowdStrike fires a risk of 87, the dashboard does not tell you which features mattered, what their thresholds were, or what the user's baseline looked like. The explanation is an enterprise upsell. It's gated behind a CSM call.

For an SMB IT manager — the person reading this right now — the gated explanation is the problem. You bought the EDR to answer one question: is this a real attack, and what do I do about it? The score by itself can't answer either half.

ABTDS treats explainability as a load-bearing feature, not a marketing checkbox. Every alert is decomposed into 9 weighted factors. Each factor shows its inputs, its threshold, and the user's per-feature baseline. Each factor sums to a cap. The caps sum to exactly 100. No mystery numbers. No hidden weights.

Then, on top of the math, we run a Gemini analysis that translates the breakdown into plain English — attack type, likely actor, summary, three things to do, three things the user should do. The math proves the model. The summary lets you act in 30 seconds.

We're not better at detection than CrowdStrike. We're not faster than SentinelOne. We're honest about how the detection happened. That turns out to be enough — because for an IT manager without a SOC, honesty is the feature.