How ESET is using AI PCs to boost endpoint security

While AI PCs show legitimate promise, the rock-solid use cases haven't been as prominent. However, security vendor ESET is showing more concrete applications of this technology.

I recently wrote about how security might be the first real "killer app" candidate for AI PCs, or at the very least the next-lowest hanging branch on the tree, and I wanted to follow up with a closer look at one of the first products I've learned about that use AI PCs in this way.

I had the chance to learn about ESET Endpoint Security and the vendor's efforts to use local AI hardware at its March 2025 conference, ESET World, which took place in Las Vegas.

For those unfamiliar, ESET has been in business since the 1990s, and its ESET Protect platform includes endpoint, server, and ransomware protection along with XDR, threat intelligence, vulnerability management, and more. They also offer MDR services.

Like most security companies, AI isn't exactly new to them. While the world has become excited about generative AI, security vendors have long been familiar with model development, training and deployment -- just in a different context. But first, it's worth taking a step back.

The role of local AI in PC security

Endpoint security products have typically collected data locally, performing preliminary checks and sending suspicious or unknown items to the cloud for deeper analysis. This approach has worked well, but at the cost of higher resource usage on the endpoint, latency introduced by cloud-based analysis, and potential security concerns over shipping data out to the cloud.

Collectively, the industry has found ways to enhance this process through both hardware and software. For example, Intel's Threat Detection Technology (TDT) is built into Intel Core CPUs and uses hardware-level telemetry to identify threats such as ransomware and crypto mining with minimal performance impact. Endpoint security products such as ESET Endpoint Security, CrowdStrike Falcon, Microsoft Defender and others use this telemetry.

ESET's relationship with Intel and TDT goes back several years, and their integration focuses on ransomware rather than crypto miners -- the vendor has other ways to detect those. Originally, there was no acceleration in the product, but they worked to offload some of the endpoint security operations to GPUs.

Eventually, Intel released its hybrid architecture, which divides the processor into specialized components optimized for different workloads. The CPU is comprised of performance cores (P-cores) to handle demanding tasks and efficiency cores (E-cores) to manage lighter processes, while the GPU and neural processing unit (NPU) target specific intensive workloads that require parallel processing or are otherwise unsuitable for general-purpose processors. Windows and Intel technologies handle workload assignment intelligently at the OS level, but software such as ESET Endpoint Security can also actively optimize task placement, further enhancing efficiency and endpoint performance.

Windows and Intel technologies handle workload assignment intelligently at the OS level, but software such as ESET Endpoint Security can also actively optimize task placement, further enhancing efficiency and endpoint performance.

With this development, ESET was able to optimize the various operations that ESET Endpoint Security performs. For example, noncritical background tasks such as scans can take place on the E-core, improving overall performance. Other workloads can run concurrently, either on the P-cores, GPU, or NPU.

The advantages don't stop with organized task scheduling, though. Before the NPU was available, all the AI models that ESET used internally were converted to machine code for distribution. CPUs aren't built for the intensive parallel operations AI models require, so running these models directly on CPUs would consume too many resources and negatively impact endpoint performance. With the availability of NPUs, ESET can now run some of its models directly on the endpoint. This results in two key benefits:

  • Simplified process to send updates to customers. Converting models to machine code takes time and slows down deployment and detection. Running models directly allows updates to reach end users faster.
  • Reduced resource consumption on the endpoint. ESET claims a 5% speed increase in scan duration and a 3.5% reduction in CPU load, which translates to improved performance and more efficient power consumption overall.

These benefits don't just apply to customers that have deployed AI PCs. Those that haven't been upgraded also benefit because ESET knows what to look for based on the telemetry they collect and what they observe in conjunction with Intel TDT to refine their models for all endpoints.

Conclusion

Though I love all the flashy use cases shown in the early days of AI PCs, I'm very happy to see practical use cases that directly benefit end users and IT teams alike. These kinds of developments clearly align with IT's fundamental goals: improving security, creating a better end-user experience and easing the load on support teams.

The current excitement around AI PCs is justified, but momentum won't last without genuinely useful scenarios like this keeping it afloat. Eventually, we'll have to consider the flip side -- how bad actors could exploit endpoint NPUs and how we'll defend against that. But for now, it's encouraging to see real-world evidence backing the case for AI PCs.

This is part 2 of a series on AI PC use cases. Find part 1 here.

Gabe Knuth is the senior end-user computing analyst for Enterprise Strategy Group, now part of Omdia.

Enterprise Strategy Group is part of Omdia. Its analysts have business relationships with technology vendors.

Dig Deeper on Desktop management