Runtime verification is the practice of monitoring software while it runs and comparing its behavior against an expected rule set, security policy, or specification. Instead of trusting code because it passed a review or a test, defenders watch what it actually does on a real machine.
This matters in cyber security because dangerous behavior often appears only at execution time: a process may launch unexpected commands, read sensitive files, open unusual network connections, or reach for credentials. In attacks, that can reveal secret theft, malware activity, supply-chain abuse, or an AI agent drifting beyond its assigned task. In defense, runtime verification is used with host telemetry, sandboxing, endpoint monitoring, and approval gates to catch risky actions quickly and create evidence for investigation. For autonomous tools and AI coding agents, it helps separate harmless output from harmful execution.