OPSWAT Launches AI-Powered MetaDefender Aether for Faster Zero-Day Threat Detection
The new solution is built to intercept files at key entry points such as file transfers, removable media, email attachments, cloud storage, and web traffic, identifying potential threats before they reach users, devices, or internal systems.
OPSWAT, a global provider of cybersecurity solutions for critical infrastructure protection, has launched MetaDefender Aether, an AI-powered decision engine designed to accelerate zero-day threat detection at the network perimeter. The new solution is built to intercept files at key entry points such as file transfers, removable media, email attachments, cloud storage, and web traffic, identifying potential threats before they reach users, devices, or internal systems.
Unlike traditional sandbox or antivirus tools that are primarily designed for endpoint protection, MetaDefender Aether focuses on perimeter security. The platform processes every incoming file through four progressively deeper AI-powered layers that evaluate threat reputation, conduct dynamic analysis, assign threat scores, and perform threat hunting. By integrating these processes into a single pipeline, the system delivers a unified, confidence-scored verdict for each file while achieving a reported 99.9% zero-day detection efficacy and significantly improved resource efficiency compared with virtual machine-based sandboxing.
The launch addresses a growing challenge for security teams as cyber threats become more sophisticated and increasingly powered by artificial intelligence and machine learning. Organizations must quickly determine whether files entering their networks are safe or malicious, but traditional antivirus and sandbox tools often struggle with the scale and complexity of modern enterprise environments. When deployed at the perimeter, these legacy tools can create processing bottlenecks, inconclusive analysis results, and alert fatigue for security teams.
MetaDefender Aether is designed to improve operational performance within security operations centres (SOCs) by delivering faster threat decisions and enabling higher levels of automation. Pre-correlated threat verdicts with detailed threat-family attribution are generated in near real time, helping organizations reduce the gap between detection and response. The platform also integrates structured outputs directly into SIEM and SOAR workflows, enabling automated responses without requiring manual investigation steps.
The solution also aims to reduce analyst fatigue by consolidating multiple security tool outputs into a single, unified verdict, helping teams avoid false positives and fragmented threat analysis. By combining instruction-level emulation with layered AI analysis, MetaDefender Aether also delivers up to 100 times greater resource efficiency compared with traditional sandbox approaches.
“Traditional sandboxing was never built for AI-driven threats at scale. Security teams don’t need more telemetry. They need decisive answers. MetaDefender Aether delivers on what sandboxing was not designed to do: replacing isolated analysis with an AI-native pipeline that delivers a single, high-confidence verdict that SOC teams and automation platforms can act on immediately before any file reaches the network.”
– Jan Miller, Global CTO, OPSWAT
MetaDefender Aether’s detection pipeline begins with a threat reputation layer that checks files against OPSWAT’s global threat intelligence databases. Known malicious files are blocked immediately while trusted files are fast-tracked, allowing the system to reserve deeper analysis for suspicious files. The second layer performs dynamic analysis using instruction-level CPU and operating system emulation instead of virtual machines, enabling the system to trigger full execution paths across more than 120 file types and uncover evasive malware behavior.
Files that require deeper evaluation then pass through machine-learning engines that analyze behavioral patterns, anomalies, and indicators of compromise to assign structured risk scores. The final stage applies AI-powered threat hunting, mapping behavioral fingerprints against a database of more than 100 million analyzed malware samples to identify connections to known threat families, campaigns, or attack toolkits.
Once all four stages are completed, the system produces a fully contextualized, confidence-scored verdict for each file. This unified output is structured for immediate use by SOC analysts as well as security platforms such as SIEM and SOAR tools, ensuring that no file enters the network without a clear security decision.
MetaDefender Aether can be deployed across cloud, hybrid, and air-gapped environments and supports a range of regulatory frameworks, including NERC CIP, NIS2, SWIFT CSP, CMMC, IEC 62443, GDPR, and HIPAA. The solution also integrates with the broader MetaDefender ecosystem, including Core, Cloud, Email Security, Managed File Transfer, ICAP, Storage, Kiosk, and Cross-Domain security platforms.
