Periphery is a leading developer of advanced AI-powered cybersecurity threat management solutions for embedded military and defence systems.
Periphery CEO Toby Wilmington.
This Q&A with CEO Toby Wilmington explores how Periphery’s AI-driven cybersecurity platform provides real-time threat detection directly on embedded devices. Periphery highlights defence and government use cases, compliance with the EU Cyber Resilience Act, and managing third-party risks in complex supply chains.
1. How does your threat management solution work, and what sets it apart from conventional cybersecurity solutions on the market?
Periphery’s AI-driven platform generates agnostic Outpost agents that operate directly on the device itself, whether it’s an industrial computer, a System-on-Module (SOM), or an edge device running Linux or RTOS. What sets us apart is our unique ability to provide real-time, on-device threat detection with an incredibly low compute footprint, and without requiring any external hardware.
Unlike conventional cybersecurity solutions that often rely on signature databases or extensive cloud connectivity, our AI model learns the ‘normal’ behaviour of the device at a deep level. This allows us to detect anomalies that signify firmware tampering, signal interference, or sophisticated runtime threats as they occur, even in highly constrained or air-gapped environments. This proactive, behavioural approach means we can identify zero-day threats and novel attack vectors that signature-based systems would miss.
2. What types of defence and government use cases are you currently addressing, and how scalable is your platform across different mission-critical environments?
Periphery is addressing the critical need for enhanced security in uncrewed systems, industrial control systems, and other mission-critical edge devices used across defence and government sectors. This includes applications in maritime domain awareness with Uncrewed Surface Vessels, remote monitoring, and tactical edge computing.
Our platform’s scalability is a key differentiator for these diverse, mission-critical environments. Because our AI agent is designed to be extremely lightweight and efficient, it can be deployed across a wide range of hardware and operating systems, like Linux or RTOS. This allows seamless integration into existing and future platforms, from small, power-constrained sensors to large, complex autonomous vehicles, ensuring consistent, real-time protection across an entire fleet or distributed network, even when connectivity is intermittent or non-existent.
3. How does Periphery help companies complying with the new EU Cyber Resilience Act, and what impact do you foresee this legislation having on your operations in Europe and globally?
Periphery is strategically positioned to be a crucial partner for manufacturers aiming to comply with the EU Cyber Resilience Act (CRA). We help companies by providing an end-to-end solution that addresses the core tenets of the legislation throughout the product lifecycle.
Firstly, Insights, our pre-deployment assessment service, helps manufacturers before their products are placed on the market. We conduct expert assessments to benchmark their current product security against CRA’s strict demands, identifying any gaps in their design, development, and documentation processes. This directly supports requirements around secure-by-design, rigorous risk assessment, and transparent documentation, including SBOMs.
Then, Outpost, our post-deployment threat detection technology, provides continuous, AI-driven protection once devices are deployed. Our threat detection agents generate crucial operational data, empowering manufacturers to identify actively exploited vulnerabilities and sophisticated attacks as they happen, facilitating immediate insights for crucial next steps. This real-time capability is absolutely vital for meeting the CRA’s strict requirements for rapid incident reporting, which becomes mandatory from September 2026. Outpost further aids in fulfilling obligations for continuous risk assessment, and maintaining product integrity and resilience throughout its operational lifecycle.
The CRA creates a market need for advanced cybersecurity solutions in Europe, which Periphery is perfectly placed to address. Globally, we foresee the CRA setting a new benchmark for product cybersecurity, pushing manufacturers worldwide to adopt similar rigorous standards. This strengthens our position as a vital, go-to partner for companies navigating these evolving security landscapes, both within Europe and beyond.
4. How does Periphery view the CRA’s long-term impact on the European defence ecosystem?
While products developed or modified exclusively for national security or defence are generally exempt from the direct mandates of the CRA, its long-term impact on the European defence ecosystem will be profound. The CRA is driving a cultural shift towards proactive, lifecycle-based cybersecurity in the commercial sector. Its emphasis on secure-by-design, continuous vulnerability management, and incident response will become de-facto best practices that defence contractors will seek to adopt, even if not legally obliged.
We expect to see elevated supply chain security, as defence manufacturers increasingly rely on Commercial-Off-The-Shelf (COTS) components and software, which will be subject to CRA compliance. This will lead to greater transparency, like SBOMs, and better security from the broader supply chain that feeds into defence.
We also expect to see enhanced resilience of digital products across industries, including defence. The legislation will push for more robust and inherently secure components and development processes, ultimately enhancing the overall cybersecurity posture of the entire ecosystem.
5. Given the increasing complexity of defence supply chains and the CRA’s emphasis on Software Bill of Materials (SBOMs), how does Periphery help manufacturers gain a clearer understanding of third-party risks within their embedded devices?
The complexity of modern defence systems, often integrating numerous COTS components and third-party software, makes understanding supply chain risk absolutely critical. While an SBOM provides a static list of components, Periphery’s core offering is real-time threat detection, which complements a manufacturer’s SBOM strategy. Our agent provides dynamic, real-time verification that those components, and the overall system, are operating as intended post-deployment.
By continuously monitoring the device’s actual behaviour, we can detect anomalies that might indicate a compromised component, even if it was initially declared ‘clean’ in an SBOM, a malicious update, or unintended behaviour introduced by an integration. This adds a crucial last line of defence for supply chain integrity, offering manufacturers ongoing assurance against emerging or hidden third-party risks that an SBOM alone cannot detect.
Thank you for your time, it’s always great to talk to Periphery and we look forward to providing more coverage on your cybersecurity threat management solutions.
