SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Cybersecurity analyst soc offline file risk red alert monitor
#
Malware
#
Firewalls
#
Network Security

Glasswall unveils Foresight AI for offline file threat risk

Wed, 11th Mar 2026
Author image
By Kaleah Salmon, News Editor

Glasswall has launched Foresight, an artificial intelligence-based threat prediction product that assesses how likely a file is to be malicious by analysing file structure data generated during Content Disarm and Reconstruction (CDR).

The product is part of Glasswall Meteor, the company's automated file-cleaning application for local and cloud storage. It extends CDR output beyond sanitisation, turning it into threat intelligence signals that security teams can use for investigation and triage.

File prediction

Foresight produces a probabilistic classification of a file's likelihood of being malicious, including previously unseen or zero-day threats. The classification is based on large-scale analysis of file indicators across a broad sample set.

Glasswall analysed hundreds of thousands of potential indicators drawn from millions of samples. The resulting models generate a contextual risk score intended to highlight high-risk files in file-heavy workflows.

File-borne attacks remain a common initial access route for organisations that exchange documents with customers, suppliers and public bodies. Security teams often rely on a mix of tools such as signature-based scanners, reputation services and sandboxing, with vendors increasingly pushing machine learning methods. Many of these systems depend on internet connectivity, external feeds or execution-based detonation.

Foresight takes a different approach, deriving signals from deterministic file-structure analysis produced during Glasswall's CDR process rather than from behavioural sandboxing or internet-trained models that rely on detonation or external threat intelligence feeds.

Inside Meteor

Glasswall Meteor cleans files as they move into storage repositories. With Foresight added, Meteor can assess a file's maliciousness even after it has been safely processed through CDR. It can also generate a risk assessment for files that cannot be modified, according to Glasswall.

Security teams can use the risk score to prioritise investigations, enrich casework, and adjust policy settings governing file handling. Structured risk data can also be fed into SIEM and SOC workflows.

Foresight is positioned as a complement to existing CDR deployments rather than a replacement. CDR typically removes active content and rebuilds a safe version of the file; risk scoring adds context on whether incoming files appear hostile, supporting incident response and threat hunting.

Offline use

Because it is built on CDR telemetry rather than external connectivity, the approach can work in offline and air-gapped environments. These environments are common in national security, defence, critical infrastructure and regulated industrial settings, where file transfer still occurs through controlled channels and removable media.

False positives can drive workload in security operations centres when alert volumes exceed analyst capacity. Glasswall reports a false positive rate of 0.015% for PDFs, with similarly low rates across common enterprise formats including DOCX and XLSX.

Paul Farrington, Glasswall's Chief Product and Marketing Officer, framed the launch around the challenge of keeping up with new and unknown malware delivered through document formats.

"File-based threats remain one of the most effective and persistent attack vectors facing public and private sector organisations, yet traditional threat intelligence and detection tools struggle to keep pace with unknown and zero-day attacks," Farrington said.

He also pointed to operational constraints in approaches such as sandboxing and positioned risk insight alongside file sanitisation.

"With Glasswall Foresight, we are applying machine learning to the deep structural insight generated by our Content Disarm and Reconstruction technology to give security teams a clearer understanding of the hostile file activity entering their environments, including in offline or air-gapped conditions where conventional approaches fall short. Combining the assurance that we make a file safe with the knowledge of whether it has ever been compromised is compelling."
"Many organizations invest heavily in sandboxing infrastructure that is slow, noisy, and expensive. Glasswall's Zero Trust CDR combined with Foresight provides a clear path to reducing both that expenditure and the associated operational overhead," Farrington said.

Glasswall sells file protection products to government and commercial customers. The company says its CDR technology is mandated by the NSA as a file filter in Cross Domain Solutions, and that the same approach is used in business-to-government and business-to-business deployments where policy-driven file controls are required.

Foresight is available through Glasswall Meteor and is designed for environments where security teams need visibility into hostile file activity, alongside preventive controls for file intake and storage.

Related stories
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
CommBank deploys AI to spot emerging fraud patterns
The real-time data solution to the AI energy problem

Top stories

Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools