Facility security AI on after-hours motion anomalies

A computer vision and access control SaaS platform serving multi-site industrial and logistics operations—distribution centers, manufacturing facilities, cold storage warehouses, and fulfillment centers—where physical security and inventory shrinkage create significant operational risks and insurance liability.

The company began as a basic access control system (badge readers and door locks) competing in a crowded market on price and features.

Their strategic breakthrough came from layering AI-powered video analytics onto existing camera infrastructure to detect behavioral anomalies that traditional badge-only systems miss entirely: after-hours motion in secured zones without corresponding badge swipes, unauthorized individuals piggybacking through doors behind authorized employees, prolonged loitering near high-value inventory, and pattern deviations from normal operational rhythms that suggest internal theft or process violations.

Rather than selling these advanced capabilities as part of initial deployments (which would increase entry price points and lose deals to cheaper competitors), they adopted a land-and-expand strategy using anomaly detection as an upsell trigger—when their base system detects suspicious activity patterns at existing customer sites, account managers present quantified security gap analyses showing exactly what current badge-only protection is missing, creating compelling urgency for AI upgrade purchases that command 2-3x base subscription fees.

The platform ingests anonymized video analytics telemetry from IP security cameras at customer sites, using edge computing devices to process motion detection, object classification (person, vehicle, forklift), directional tracking, and dwell time analysis without streaming raw video to cloud servers (preserving privacy and bandwidth).

Camera feeds are enriched with access control logs from badge readers, door sensors, and turnstile systems showing authorized entry/exit timestamps and employee/visitor identities.

Time-series analysis establishes baseline activity patterns for each facility—normal operating hours, typical after-hours maintenance windows, weekend security patrol schedules, and seasonal variations (holiday shipping surges for fulfillment centers, inventory cycle count periods).

Machine learning models build zone-specific profiles recognizing that loading docks naturally have 24/7 activity while administrative offices should be empty after 7pm and storage mezzanines are only accessed during specific shifts.

The system integrates building management data showing HVAC schedules, lighting automation, and alarm system arming status to contextualize whether detected motion represents legitimate facility operations (cleaning crews during scheduled service windows) versus unauthorized access.

The primary trigger fires when the AI detects three or more motion events in secured zones with no corresponding valid badge swipes within a rolling 14-day observation window, indicating a pattern of unauthorized access or badge discipline failures rather than isolated incidents.

The model specifically excludes explainable motion: cleaning crews with after-hours access credentials, maintenance contractors with temporary visitor badges, and security patrol rounds with radio-frequency tracking.

High-priority triggers escalate when anomalous motion occurs in high-value zones (inventory storage areas with shrinkage history, IT server rooms, pharmaceutical cold storage) or when motion patterns match theft behaviors identified in incident databases—individuals entering high-value areas briefly during shift changes when supervisory attention is low, systematic perimeter zone checking suggesting reconnaissance, or after-hours vehicle loading activity misaligned with shipping schedules.

The system also flags unusual variations from established operational rhythms: facilities that normally close by 9pm showing motion at 2am without authorized maintenance tickets, weekend activity spikes at sites that don't operate weekends, or dramatic changes in traffic patterns (50% increase in after-hours entries) that might indicate policy violations or emergency situations requiring management awareness.

AI-powered qualification uses anomaly clustering algorithms to distinguish genuine security risks from operational noise—differentiating between systematic suspicious patterns (same individual repeatedly entering zones they're not authorized for) versus benign protocol lapses (employee forgets to badge out after legitimate work, security guard shortcut through unauthorized zone).

Business impact scoring assesses the financial risk represented by detected anomalies using facility characteristics: inventory value density (electronics distribution centers with $10M+ inventory per 100K sqft score higher than bulk commodity warehouses), historical shrinkage rates (sites with 2%+ annual shrinkage indicating insider theft problems), insurance deductibles and risk premiums (facilities with self-insured retention above $250K care more about loss prevention), and customer contract requirements (logistics providers serving pharmaceutical or aerospace clients face strict security compliance obligations that create regulatory urgency beyond pure financial loss prevention).

The qualification model also evaluates technical feasibility—sites with adequate camera coverage (at least 80% of interior space viewable) and modern IP cameras can deploy AI analytics via software updates, whereas facilities with analog legacy systems or coverage gaps require hardware investments that reduce upsell attractiveness.

The scoring model weights site value and risk exposure at 50% (focusing on high-stakes facilities where security gaps create significant financial or compliance consequences), anomaly pattern severity at 30% (prioritizing systematic issues over isolated incidents), and technical deployment readiness at 20%.

The platform specifically targets multi-site operators with 5-25 facilities—large enough to have professional security management that appreciates data-driven insights but small enough that individual site anomalies get executive attention rather than being lost in enterprise-scale noise.