SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Secure datacenter cloud ai shield zero day threat detection
#
Storage
#
Firewalls
#
Data Protection

OPSWAT unveils MetaDefender Aether for AI-era threats

Wed, 11th Mar 2026
Author image
By Sean Mitchell, Publisher

OPSWAT has launched MetaDefender Aether, a decision engine it positions as a way for security teams to reach faster verdicts on files that may contain previously unseen malware.

The product targets so-called zero-day threats that can evade traditional detection methods. Aether returns a single verdict per file, along with a confidence score and context that security operations centre teams can use for response and automation.

MetaDefender Aether is designed for perimeter use, where organisations ingest files through multiple channels, including email attachments, file transfers, removable media, cloud storage and web traffic. It inspects files before they reach users, devices or internal systems.

Perimeter focus

Many established tools were built for endpoint protection rather than perimeter inspection at scale. OPSWAT argues that deploying endpoint-class antivirus and sandbox technologies at gateways can create operational friction, leading to queue backlogs, inconclusive outcomes and alert fatigue.

Attackers are also changing their approach, using AI and machine learning to generate obfuscated or evasive threats that bypass static and signature-based analysis. The shift has increased pressure on perimeter controls, which must process high volumes of files without slowing business workflows.

MetaDefender Aether combines multiple layers of analysis into a single pipeline, bringing together threat reputation, dynamic analysis, machine learning-based threat scoring and similarity-based threat hunting. OPSWAT says internal benchmarking shows "99.9% zero-day detection efficacy".

Layered analysis

Aether begins with a threat reputation check against OPSWAT's threat intelligence databases. This stage can block known malicious files immediately and fast-track trusted ones. In OPSWAT's testing, it accounted for 48.7% efficacy.

Files that require more scrutiny are escalated to dynamic analysis, which OPSWAT describes as an adaptive sandbox using instruction-level CPU and operating system emulation rather than virtual machines. OPSWAT says this approach triggers execution paths across more than 120 file types and exposes behaviour malware can hide when it detects a VM. Cumulative efficacy was listed as 83.4% after this layer.

Layer three applies machine learning engines to generate structured risk scores based on behavioural signals, anomaly patterns and indicators of compromise. OPSWAT reported 99.3% cumulative efficacy at this stage.

The final layer performs similarity search against a repository of more than 100 million analysed malware samples. It aims to associate suspicious files with known threat families, campaigns and toolkits. OPSWAT reported 99.9% cumulative efficacy once this stage completes.

According to OPSWAT, the staged model reduces compute consumption by sending only a subset of files to deeper analysis; almost half of threats can be resolved in the initial reputation layer.

Efficiency claims

Sandboxing remains a staple of malware analysis, particularly for detecting new threats, but it can consume significant resources. OPSWAT says Aether delivers 100x greater resource efficiency than VM-based sandboxing by combining instruction-level emulation with a layered pipeline.

The design also focuses on operational decision-making rather than telemetry collection. Many security teams must correlate outputs from separate tools such as sandboxes, reputation services and threat intelligence platforms. OPSWAT positions Aether as a replacement for these fragmented steps, providing a single pipeline and a unified output.

Jan Miller, OPSWAT's Global CTO, said the market needs clearer outcomes from perimeter inspection systems.

"Traditional sandboxing was never built for AI-driven threats at scale. Security teams don't need more telemetry. They need decisive answers. MetaDefender Aether delivers on what sandboxing was not designed to do: replacing isolated analysis with an AI-native pipeline that delivers a single, high-confidence verdict that SOC teams and automation platforms can act on immediately before any file reaches the network."

Deployment and integration

MetaDefender Aether can operate in cloud, hybrid and air-gapped environments, according to OPSWAT. It also supports a range of regulatory and security frameworks, including NERC CIP, NIS2, SWIFT CSP, CMMC, IEC 62443, GDPR and HIPAA.

Integration is central to the product's positioning. OPSWAT says outputs are structured for SIEM and SOAR workflows, and that Aether integrates across the broader MetaDefender portfolio, including Core, Cloud, Email Security, MFT, ICAP, Storage, Kiosk and Cross-Domain.

OPSWAT says Aether feeds results from dynamic analysis back into its threat reputation layer. It also says every analysed file contributes to a global intelligence graph, which it expects will strengthen detection over time as more files pass through the system.

Related stories
Vodafone & Google Cloud launch AI & security tools
Locai Labs deploys AI coding assistant at First Light Fusion
Infosecurity Europe adds AI summit amid cyber defence shift
Cyber Essentials update raises bar on visibility gaps
ISACA launches AI risk certification amid governance gap

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Black Box Automation vs. Engineer Control: The partnership redefining Kubernetes FinOps
Automotive microcontroller market set to hit USD $15.1bn
BlackBox Hosting partners Everpure for sovereign cloud