OPSWAT Introduces AI-Native Decision Engine for Rapid, High-Confidence Zero-Day Detection

• MetaDefender Aether unifies threat reputation, adaptive sandboxing, ML-driven threat scoring, and similarity-based threat hunting
• Layered detection delivers 99.9% zero-day efficacy¹
• Enterprise-scale analysis at 100x resource efficiency than VM-based sandboxing
• Empowers SOC teams with a single, automation-ready verdict per file

TAMPA, Fla., March 10, 2026 /PRNewswire/ -- OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, today introduced MetaDefender Aether, an AI-powered decision engine for fast zero-day detection, purpose-built for the perimeter.

Unlike traditional sandbox or antivirus solutions designed for endpoint protection, MetaDefender Aether intercepts files at every entry point, e.g. file transfers, removable media, email attachments, cloud storage, and web traffic, to detect unknown threats before they reach users, devices, or internal systems. Every file is processed through four progressively deeper AI-powered layers of threat reputation, dynamic analysis, threat scoring and threat hunting. By chaining them into a single pipeline, MetaDefender Aether delivers 99.9% zero-day detection efficacy¹, 100x greater resource efficiency than VM-based sandboxing, and a unified, confidence-scored verdict per file.

Why It Matters

Perimeter security is not just a detection problem; it is a decision problem. Security teams must rapidly determine whether a file is safe, malicious, or suspicious, and then act with confidence. Traditional antivirus and sandbox tools were never architected for this scale or complexity. Endpoint-class tools deployed at the perimeter create queue backlogs, inconclusive results, and alert fatigue. Modern adversaries now leverage AI and ML to generate evasive, obfuscated threats that bypass static and signature-based analysis.

MetaDefender Aether was designed specifically to solve this perimeter-scale challenge and improve operational performance inside modern SOCs:

• Faster decision velocity: Pre-correlated verdicts with full threat-family attribution arrive in near-real time, shrinking the gap between detection and response.
• Higher-confidence automation: Structured outputs integrate directly into SIEM and SOAR workflows, enabling accurate automated response without manual pivots.
• Reduced analyst fatigue: Unified verdicts eliminate fragmented tool outputs and false-positive overload.
• 100x greater resource efficiency: Instruction-level emulation and intelligent pipeline layering reduce infrastructure demands compared to VM-based sandbox approaches.
• Continuous AI-powered intelligence loop: Every analyzed file strengthens the global intelligence graph, ensuring detection improves over time.

By resolving nearly half of threats in the initial reputation layer and progressively escalating only what requires deeper analysis, MetaDefender Aether reduces unnecessary processing and prevents perimeter-scale inspection from becoming a bottleneck for business-critical file flows.

"Traditional sandboxing was never built for AI-driven threats at scale," said Jan Miller, Global CTO of OPSWAT. "Security teams don't need more telemetry. They need decisive answers. MetaDefender Aether delivers on what sandboxing was not designed to do: replacing isolated analysis with an AI-native pipeline that delivers a single, high-confidence verdict that SOC teams and automation platforms can act on immediately before any file reaches the network."

How It Works:

Layer 1 — Threat Reputation (48.7% efficacy)
Files are evaluated against OPSWAT's continuously updated global threat intelligence databases. Known malicious files are blocked immediately, and trusted files are fast-tracked, preserving pipeline capacity for deeper analysis only when required.

Layer 2 — Dynamic Analysis (83.4% cumulative efficacy)
Files that require deeper inspection enter MetaDefender Aether's adaptive sandbox, which uses instruction-level CPU and operating system emulation vs. virtual machines to trigger the full execution path across more than 120 file types. This exposes evasive behavior that VM-aware malware often conceals. Newly discovered indicators of compromise (IOCs) are then fed back to Layer 1 while the file is sent for downstream AI analysis.

Layer 3 — ML-Driven Threat Scoring (99.3% cumulative efficacy)
Multiple machine-learning engines analyze behavioral signals, anomaly patterns, and IOCs to assign structured, confidence-weighted risk scores. This transforms raw telemetry into high-clarity decisions, dramatically reducing false positives and analyst noise.

Layer 4 — AI-Powered Threat Hunting (99.9% cumulative efficacy)
Similarity search maps behavioral fingerprints against a database of more than 100 million analyzed malware samples, automatically attributing files to known threat families, campaigns, and attack toolkits. Unknown files are converted into actionable intelligence, enriching both global and local detection models.

MetaDefender Aether replaces fragmented sandbox, reputation, and threat intelligence lookups with a single unified decision pipeline. After completing all four stages, it delivers a single, unified verdict per file, which is fully contextualized, confidence-scored, and structured for immediate consumption by SOC analysts, SIEM platforms, and SOAR playbooks. No file enters the network partially scanned or without a decision.

Enterprise Scale and Compliance

MetaDefender Aether operates across cloud, hybrid, and air-gapped environments and supports regulatory frameworks including NERC CIP, NIS2, SWIFT CSP, CMMC, IEC 62443, GDPR, and HIPAA. The solution integrates natively across the MetaDefender ecosystem, including Core, Cloud, Email Security, MFT, ICAP, Storage, Kiosk, and Cross-Domain.

Additional Information

• Learn more about MetaDefender Aether.
• Discover insights about the current threat environment in the SANS 2025 Detection and Response Survey.

About OPSWAT

For more than 20 years, OPSWAT has protected the world's most critical infrastructure across IT, OT, ICS, cloud, and cross-domain environments. Trusted by governments, industrial operators, and Fortune 500 enterprises worldwide, OPSWAT delivers a prevention-first cybersecurity platform purpose-built for environments where availability, safety, and compliance are non-negotiable. 

Guided by a "Trust no file. Trust no device.™" philosophy, OPSWAT prevents known, unknown, and AI-generated threats, zero-day attacks, and supply chain risks before they disrupt operations. Through OPSWAT Academy, the company also invests in global cybersecurity education and certification programs to strengthen IT and OT security expertise worldwide. Learn more at www.opswat.com.

Media Contact: 
Kat Lewis 
VP Marketing & Communications 
[email protected]
8046478663

¹ Based on recent test data against internal benchmarks.

SOURCE OPSWAT