The AI Excellence Award was just the beginning.

Two decades of AI in cybersecurity

WithSecure’s AI journey didn’t start with large language models or generative AI. It started in 2006.

WithSecure’s first AI-powered capability in 2006 was Gemini — a Bayesian classifier that identified malware by analysing large datasets of malicious and clean files. Simple by today’s standards, but foundational: it established the principle that machines could learn to distinguish threats from noise at a scale no human analyst could match.

Building on Gemini, WithSecure developed the Sample Management Automation (SMA) system — a heuristic reasoning engine that automated malware identification using sandboxed environments. WithSecure kept these advancements under wraps for years, maintaining a competitive advantage before similar „next-gen“ approaches emerged across the industry.

The heuristic reasoning model pioneered in SMA became the foundation for what would eventually grow into WithSecure Elements XDR. First developed as a rapid detection service in 2016, it has since expanded into a unified solution protecting entire IT estates — using AI engines including the Baseliner swarm (which identifies clean baseline behavior across an organization), noise-cancelling models (reducing false alarms on host-unique environments), anomaly detection models, and PowerShell obfuscation detection.

Rethinking what AI can actually be: Project Blackfin

The AI Excellence Award in 2021 marks a high point in WithSecure’s applied AI research — and the clearest articulation of the company’s conviction that machine intelligence, developed on its own terms rather than modeled on human cognition, represents the real frontier of what AI can achieve in cybersecurity.

When AI systems capable of exhibiting true machine intelligence emerge, they are unlikely to behave in a human-like fashion. Trying to mould machine intelligence into something that resembles human thinking may be holding the field back from discovering what AI is genuinely capable of — including capabilities we can’t yet anticipate.

Project Blackfin is built on a different premise: that emergent machine intelligence should be understood and developed in its own unique form, not constrained by human cognitive frameworks.

The research at the heart of Project Blackfin draws on collective intelligence — specifically swarm intelligence and multi-agent reinforcement learning.

In nature, swarms work in ways that no individual member could alone. Schools of fish, insect colonies, flocking birds — these collections of organisms solve complex problems through interaction, learning, and information sharing. The behaviors that emerge from these interactions are often unexpected, and often far more sophisticated than the sum of their parts.

Collective intelligence techniques apply this same principle to AI systems: multiple agents interacting, communicating, and sharing knowledge in ways that produce emergent behaviors — capabilities that arise from the system as a whole, not from any single component.

Federated learning is one established example of how agents in such systems share knowledge. As communication and knowledge-sharing mechanisms become more sophisticated, collective intelligence systems become correspondingly more capable. And as the individual agents within these swarms become more intelligent, the emergent behaviors they produce will extend well beyond what we can currently envision.

That’s what Project Blackfin was building toward. The 2021 Artificial Intelligence Excellence Award recognized the originality and ambition of that work at WithSecure – formerly F-Secure Business. It validated the right direction — and motivation to keep innovating.

The first AI innovations developed through the research were already integrated into WithSecure Elements XDR — enhancing detection capabilities and delivering stronger protection against the kind of sophisticated, multi-stage attacks that conventional endpoint tools are increasingly challenged by.

This is what applied research looks like in practice: long-term thinking about where machine intelligence is heading, combined with near-term capabilities that protect customers today.

When GenAI entered the picture

WithSecure Luminen introduced GenAI in 2024 as a built-in „superpowers“ for all Elements customers at no additional cost.

The challenge facing most mid-sized organizations isn’t just detecting threats — it’s understanding them fast enough to act. Based on a large language model (LLM), it turns complex detections, Broad Context Detections™, and security events into plain-language explanations with clear recommended next steps — in the user’s own language. It also automatically generates weekly security event summary reports, highlighting the most significant events and suggested actions, with built-in drill-downs to verify source data.

Luminen doesn’t replace security expertise. It lowers the bar for accessing it — so that IT generalists and non-security specialists can navigate cybersecurity’s complexity with confidence, and experienced analysts can move faster on what matters most.

When AI started to proactively protect against zero day vulnerabilities

A new exploited vulnerability is published every two days. Monthly patching cycles leave organizations exposed for weeks at a time — a window that AI-accelerated attackers are increasingly able to exploit. WithSecure’s patent-pending Pre-Zero-Day Vulnerability Discovery capability, introduced in 2025 and launched in 2026 as Pre-Zero-Day Protection included as a new Proactive Security capability in WithSecure Elements that changes the equation to defend before the clock starts. Hannu Simonen, Senior Product Manager at WithSecure, explained:

By combining behavioral telemetry from XDR sensors with exposure analytics in Elements Exposure Management, the platform automatically surfaces exploitable vulnerabilities before they are publicly known or human-analyzed — giving MSPs and their customers the ability to close attack paths before attackers discover them.

The thread running through all of it

From Gemini to Luminen to Pre-Zero-Day Protection, the through-line is consistent: AI should reduce the burden on human teams, not add to it. Automate what can be automated. Surface what matters. Explain it clearly. Act before attackers do.

WithSecure’s approach is also deliberately responsible. While much of the industry has defaulted to large language models for every task, WithSecure advocates for a smarter mix — smaller, task-focused models working in combination, calibrated for accuracy, energy efficiency, and privacy. AI systems built to align with EU regulations, including the AI Code of Practice, where compliance isn’t a constraint but a design principle.

Project Blackfin articulated a vision for where machine intelligence could go. The products built since have started to close the distance — and with Luminen becoming more autonomous and expanding into Agentic AI, the gap is closing faster.

Learn more about how WithSecure applies AI across its security platform at withsecure.com