This new solution is built to intercept files at key entry points such as file transfers, removable media, email attachments, cloud storage, and web traffic to identify potential threats before they reach users, devices, or internal systems.
Opswat, MetaDefender Aether, a global provider of cybersecurity solutions for critical infrastructure protection, is an AI-powered decision engine designed to accelerate the detection of zero-day threats at the network perimeter. This new solution is built to intercept files at key entry points such as file transfers, removable media, email attachments, cloud storage, and web traffic to identify potential threats before they reach users, devices, or internal systems.
Unlike traditional sandboxing and antivirus tools designed primarily for endpoint protection, MetaDefender Aether focuses on perimeter security. The platform processes all incoming files through four progressively deeper AI-powered layers that assess threat reputation, perform dynamic analysis, assign threat scores, and perform threat hunting. By consolidating these processes into a single pipeline, the system provides a unified confidence-scored verdict for each file while achieving a reported zero-day detection efficiency of 99.9%, significantly improving resource efficiency compared to virtual machine-based sandboxes.
This release addresses the growing challenges for security teams as cyber threats become more sophisticated and increasingly powered by artificial intelligence and machine learning. Organizations need to quickly determine whether files entering their networks are safe or malicious, but traditional antivirus and sandboxing tools often struggle with the scale and complexity of modern enterprise environments. Deploying these legacy tools at the perimeter can lead to processing bottlenecks, inconclusive analysis results, and alert fatigue for security teams.
MetaDefender Aether is designed to improve operational performance within security operations centers (SOCs) by making faster threat decisions and enabling higher levels of automation. Pre-correlated threat verdicts with detailed threat family attributes are generated in near real-time, allowing organizations to reduce the gap between detection and response. The platform also integrates structured output directly into SIEM and SOAR workflows, enabling automated responses without the need for manual investigation steps.
The solution also aims to reduce analyst fatigue by consolidating the output of multiple security tools into a single unified verdict, allowing teams to avoid false positives and fragmented threat analysis. MetaDefender Aether also combines instruction-level emulation and layered AI analysis to deliver up to 100x more resource efficiency compared to traditional sandbox approaches.
“Traditional sandboxes weren’t built for large-scale, AI-driven threats. Security teams don’t need more telemetry. They need definitive answers. MetaDefender Aether does what sandboxes weren’t designed to do: AI-native that transforms isolated analysis into a single, reliable verdict that SOC teams and automation platforms can instantly act on, right before a file reaches the network. Replace it with a pipeline.
– Jan Miller, OPSWAT Global CTO
MetaDefender Aether’s detection pipeline begins with a threat reputation layer that checks files against OPSWAT’s global threat intelligence database. Known malicious files are immediately blocked, trusted files are quickly tracked, and the system can schedule more detailed analysis of suspicious files. The second layer uses an instruction-level CPU and operating system emulation instead of a virtual machine to perform dynamic analysis, allowing the system to trigger complete execution paths across over 120 file types and discover malware evasion behavior.
Files that require further evaluation are passed through a machine learning engine that analyzes behavioral patterns, anomalies, and indicators of compromise and is assigned a structured risk score. The final step is to apply AI-powered threat hunting to map behavioral fingerprints against a database of over 100 million analyzed malware samples to identify relationships with known threat families, campaigns, or attack toolkits.
Once all four stages are complete, the system generates a fully contextualized trust score verdict for each file. This unified output is structured to be immediately usable by SOC analysts as well as security platforms such as SIEM and SOAR tools, ensuring that files do not enter the network without clear security decisions.
MetaDefender Aether can be deployed across cloud, hybrid, and air-gapped environments and supports various regulatory frameworks including NERC CIP, NIS2, SWIFT CSP, CMMC, IEC 62443, GDPR, and HIPAA. The solution also integrates with the broader MetaDefender ecosystem, including core, cloud, email security, managed file transfer, ICAP, storage, kiosk, and cross-domain security platforms.
