Prelude Security Runtime Memory Protection (RMP) is an endpoint security product focused on detecting malicious code execution in memory. It is currently available in research preview as a user-mode Windows agent. RMP addresses the category of in-memory attacks, where adversaries operate without dropping files to disk and use obfuscation techniques to evade traditional endpoint defenses. The product targets code execution as a detection point, operating on the premise that regardless of an attacker's tactics or tooling, code execution is a required step in nearly all attacks. Key technical characteristics of RMP include: - Hardware-focused telemetry for detection signal collection - Asynchronous processing at the edge, enabling analysis without centralized bottlenecks - Queryless search for investigating endpoint activity The product is positioned as complementary to existing endpoint defenses rather than a replacement, targeting a detection gap that conventional antivirus and EDR tools leave open — specifically, out-of-context code execution and in-memory threats such as fileless malware and zero-day exploits that load code directly into memory. Prelude publishes supporting research, including a whitepaper on detecting out-of-context code execution, as part of its broader research preview program. The platform also includes a separate security control monitoring component ("Monitor") alongside the endpoint defense ("Defend") module.