What AI capability would you want us to add in Comodo?

Please tell us what kind of AI capability you would want to see.
Help with configurations?
Help with management?
Help with general IT?
?

thanks

Hi Melih,
Behavioral analysis
Cloud integration
Thanks

Edit Zorkas:

My personal wish for CIS 2026 is this:

Behavioral Analysis and Cyberattack Anticipation

Machine learning-based behavioral analysis allows us to model the normal habits of users, machines, and business processes. Any deviation from these models can signal suspicious activity, whether it’s unauthorized access, malicious behavior, or malware in the reconnaissance phase.

This predictive approach strengthens security posture by anticipating attacks rather than reacting to them. It also enables the detection of sophisticated, low-signal attacks, such as those carried out by Advanced Persistent Threat (APT) groups.

By combining AI with behavioral analysis, users have a powerful tool to monitor their systems intelligently, dynamically, and contextually.

Thank you

Only add features you/the user can also disable.

Just because it says AI on the label doesn’t mean it will be any good, a benefit or always correct.

I Belive Xcitium/Comodo alredy has Static/Behavioral Analysis Engine i belive its VirusScope

image715×261 12.2 KB

@Carlo1
AI-based threat detection using behavioral analytics to identify suspicious anomalies and attack patterns.
CIS, as of now, does not explicitly feature behavioral analytics; it’s simply a module added to the program.

For as long as it’s detection/protection related. Just stuffing “Ai” into things just to say you have “Ai” in things is the dumbest thing everyone is doing at the moment.

If you can include machine learning to speed up file analysis to further improve cloud detection and file rating and improve behavior detection then I’m all for it.

how about AI capabilities other than simply detection etc? (We already use it for detection in the cloud).

Machine Learning vs. AI

seo-hero-machine-learning-vs-ai_kls4c0640×500 44.2 KB

Like a hammer in a toolbox, machine learning (ML) is a specific tool within the broader framework of artificial intelligence (AI). ML is a technique that focuses on developing algorithms and models to learn and adapt to tasks and data. Artificial intelligence encompasses a wide range of techniques and aims to create intelligent machines capable of human-like intelligence.

As your organization’s data grows in both complexity and size, artificial intelligence and machine learning become crucial for enabling you to perform complex tasks such as decision-making, data analysis, and streamlining operations.

Use of Ai decision making for Containment system to avoid containing clean and trusted apps. But I don’t think there is any reliable way to do it using any kind of Ai to be honest. I don’t think I’d be able to trust its decision making.

Given the now highly advanced skills of cybercriminals, I have concerns that AI, regardless of the type, will remain unaffected or resistant to manipulation by such individuals. Another possibility arises: the creation of seemingly trustworthy backdoors. AI is fine, but only if the user explicitly allows it. I don’t have unquestioned trust in AI, especially when it comes to security. I find it particularly dangerous if it is integrated into security programs or consulted on security matters. In that case, I’d prefer to call upon an AI separately and ask it questions.

Personally would be great if it is limited to on-device only for the standard AV, Firewall and HIPS. Similarly definitely allow it to run locally alongside containment.

Referring to how Firefox and Microsoft got push-back on integration of AI provide adequate toggle to allow the end user control on

1. Which component it is enabled
2. Which datasets it can use
3. Which datasets it can send back to Comodo/Xcitium (aka Virusscope and File Rating)
4. Kindly ensure appropriate conditional logic is present so that systems without an NPU use a lower end LLM or none of the AI (Similar to the HIPS Settings > Enable adaptive mode under low system resources)

@prodex Melih stopped by in the mod board a week ago and I asked him the following question which I think voices your concerns:

This is Melih’s answer:

I’d say Comodo is aware of and on it.

Javascript malware detector via machine learning would be good I don’t see any other machine learning so I generated in github. HydraDragonAntivirus/hydradragon/machine_learning/train_javascript.py at development-version · HydraDragonAntivirus/HydraDragonAntivirus · GitHub
I used python due to good support but I was planning to avoid python much as possible but in machine learning python is good.

Draft brain dump

Been looking at some write ups on AI/ML in Security.

Mostly marketing, but good to read for a start

• seqrite whitepaper-ai-ml-in-cybersecurity-seqrite-quick-heal.pdf
• https://www.fortinet.com/resources/cyberglossary/artificial-intelligence-in-cybersecurity
• NVIDIA AI Solutions for Cybersecurity
• What Are the Risks and Benefits of Artificial Intelligence (AI) in Cybersecurity? - Palo Alto Networks (Good comparison table)

Good stuff

• aliasrobotics/CAI
• ZySec-AI/SecurityLLM from ZySec-AI/project-zysec
• [2603.24857] AI Security in the Foundation Model Era: A Comprehensive Survey from a Unified Perspective - Nice brief

All depends on how Comodo wants to implement for example will they be limiting to models or are they also planning MCP (Also look at OpenClaw Agents)

Using the models could help as below:

• HIPS & Sandbox could become an automated workflow (currently its manual) Activities are identified in either Sandbox / HIPS and AI generates a simple / detailed (power users) summary from the activities. From the Summary Page ask permission to persist into HIPS.
• Local device behavioral analytics and push to cloud to reduce cloud infra load
• AV - Reduce the number of signature based rules in windows registry

P.s. Nice project

Great to see Comodo development considering AI!

(1) first reaction, ai as optional and subordinate to user (as another user touched on above re FF’s ai initiative)
(2) ai providing a report of what’s working and not and suggestions how could be better (pluses & minuses provided)
(for eg. maybe can provide feedback why my Win10 Pro OS will not complete system log-on with HIPs active (works with everything else on) but HIPs works fine during session when enabled after logon)
So kinda like a maintenance helper for some of us who like comodo level security but may not be full-time experts at all the ins & outs.

No future protection will be able to ignore AI.
Comodo is a benchmark in firewalls, so the next version should, I think, include this important advancement.

Odd that I haven’t seen Comodo being mentioned for applying to be tested by the Claude Mythos.

I’ve seen how useless AI is in many fields. Programmed to lie, make up garbage, they even reduced the mathematical precision into a plausible range. A well educated AI requires a dedicated server setup, you can’t just run it locally. And you’d need to lobby a power plant for your cause.
Looking at the recent AI news, the same thing repeats over and over: AI servers aren’t making money. You’d have to immediately and properly paywall your AI feature if you don’t want to guarantee your bankruptcy.

The IT savvy can find information on how to configure CIS for optimal paranoia without the help of any AI. But how do you train an AI to forward the vast IT knowledge to a casual user who has zero patience for it and just wants a out of the box security product that doesn’t mess up the OS while still keeping it really secure? Do you actually need an AI for that or just put together 20-300 well learned and objectively observative brains and think how to optimize the CIS ootb experience for the average users?
And if you can’t look a CIS related problem up on for e.g. search.brave or google, then how can an AI help? The issue is unique or rare and there are no answers.

Back on Windows 95/98, there was this cool feature: interactive Help. No internet required. You look up a problem and click on boxes until your problem was solved.

I don’t see the need or benefit of application-level AI. If you need help with configuration or any IT, there’s chat bots for that purpose. Companies are very excited about AI at the moment, and they’re looking for every possible place they can cram it in their applications. It’s just more bloat.

Features of AI-Powered Firewalls

AI is a versatile tool that can enhance firewall capabilities in a variety of ways. Here are some of the key features of AI-powered firewalls:

¤ Threat Prevention: AI enhances the ability of a next-generation firewall to identify subtle, sophisticated, and large-scale cyberattacks. As a result, AI-powered firewalls offer improved threat prevention across layers 1 through 7, reducing the risk of cyberattacks on the enterprise.

¤ Network Resilience and Energy Efficiency: In addition to managing cyber threats, AI can also help manage the firewalls themselves. Automatic load balancing, intelligent clustering, and similar capabilities are also key features to look for to improve security resilience and efficiency.

¤ Unified Security Management: AI-enhanced firewalls are most effective when deployed as part of a unified security infrastructure. In addition to simplifying security management, security integration also enables better collaboration between security solutions, allowing for faster and more effective responses to cyberattacks.

¤ AI-powered firewalls, on the other hand, use AI/ML and adaptive learning, enabling them to detect and block attacks they have never seen before.

One must be careful before hitching a ride on AI Firewalls. A common component being pushed is Toxic Content Filtering with the issue here being on who (or what) decides on what is appropriate or inappropriate.

As such firewall will monitor transmissions both In and Out, one would essentially make the AI Firewall your Daddy. Personally in this area I am happier being a Luddite.