
Customer Story
Customer
Automox
Industry
IT operations and endpoint management
Use cases
Autonomous human risk mitigation, security tooling coverage, and vulnerability remediation
Security tooling coverage — up from 60% in seven days.
CAASM-grade asset and identity mapping live in clicks, not months.
A SOAR workflow that took weeks to build and never ran cleanly — replaced with an Automox Worklet driven by Amplifier.
On patch and configuration drift, without breaking user productivity.
The customer
Automox builds the IT automation platform thousands of teams use to patch, configure, and harden endpoints at scale. So when Automox’s own security and IT team talks about endpoint risk, they’re not theorizing — they’re running it daily on their own fleet.
Jason Kikta, Automox’s CISO and CTO, came up through U.S. Cyber Command and has spent his career thinking about how attackers actually win. Ryan Braunstein, Senior Manager of IT and Security, owns the part most security teams quietly dread: the last mile — the conversation between detecting issues and getting them fixed on someone’s laptop without blowing up their workday.
Both wanted the same thing: tighter coverage, shorter MTTR, and a way to involve employees in security instead of working around them.
The challenge
Automox had the patching engine. What they didn’t have was a clean way to answer three questions across every tool in the stack:
Which users and devices are actually at risk right now?
Why?
How do we fix it without making people hate us?
The data lived everywhere. CrowdStrike EDR, Code42 DLP, identity, MDM, vulnerability scans, phishing test results, and patch state. Each tool told part of the story. None of them stitched a user’s full risk picture together.
The riskiest users weren’t always who you’d guess. A BDR failing a phishing test isn’t great. An engineer with admin access who hasn’t patched in six months and runs commands that should require approval is a different conversation entirely. Without a way to combine those signals, the worst combinations stayed invisible — and they were sitting at 60% DLP coverage. That’s a number you don’t want on a board slide.
Then there’s the AI threat curve. AI-powered attacks compress the window between vulnerability disclosure and exploitation, including for the medium-severity bugs that used to require enough manual work to deprioritize. SLAs that used to run in weeks now need to run in days or hours. You can’t get there if every patch cycle creates a productivity fight with end users.
The solution
Amplifier sits across Automox’s security and IT stack as the system of record for human risk. It pulls signals from every connected tool, maps them to individual users and devices through a unified data graph, and turns the result into action that either runs automatically or runs through a conversation with the user.
Amplifier identified every device missing the DLP agent registration, pulled the user’s email from the human risk graph, built a contextual Automox Worklet, deployed it to the device, and brought the employee into the loop by engaging them in Slack. No SOAR plumbing. No tickets. No spreadsheet of stragglers.
Ampy · AI Security Engineer
Hey Jordan, quick one: Chrome on your MacBook is two versions behind, and the newest vulnerability is already being exploited. The fix takes about 90 seconds.
Fix it now
Schedule for later
✓ Patched via Automox Worklet · 3:31 PM
Amplifier flags an actively exploited vulnerability, schedules around the user’s demo, and patches via an Automox Worklet. No ticket or manual chasing required.
Vulnerability response runs the same play. When Amplifier detects a vulnerability, it engages the affected user in Slack, answers questions, and gives them a one-click button to fix it now or schedule it. The click triggers an Automox Worklet — the result: vulnerability SLAs that compress from weeks to days without forcing patches at inconvenient moments.
The same human risk graph that powers the automation powers the dashboards leadership sees. Risk rolled up by department. Privileged users at a glance. The kind of view that turns a security review into a competitive moment between department heads who’d rather not show up at the bottom of the board slide.
Companion Webcast
Watch the teams walk through how endpoint management and human engagement come together — turning detections into verified remediation without IT as the bottleneck.
In their words
Ryan Braunstein — Senior Manager of IT and Security, Automox
Jason Kikta — CISO and CTO, Automox
Thomas Donnelly — CTO and co-founder, Amplifier Security
Why it works
Automation alone breaks productivity because it lacks context. Pure human-driven security breaks at scale. Amplifier sits in the middle: AI for the conversation and context, automation for the execution, and a single graph that makes both make sense. For a team like Automox, that combination turned the last mile from a recurring fire drill into a measurable, repeatable process.
Security tooling coverage: 60% to 98% in a week — work SOAR couldn’t ship, run end to end in seven days.
Setup measured in clicks, not quarters. Accurate user-device mapping out of the box, no dedicated normalization team.
Faster decisions, more time for users. Same risk tolerance, less productivity friction, better adherence.
Two-way communication that works. A human firewall, not a human risk problem — employees as sensors and partners.