Home
Platform
REDS - RationalEdge DataSet Features
About
About RationalEdge Team Advisory Board
Blog
Book a Demo
Product Updates

Maliciousness Scoring, AI Sample Analysis, and a New Behaviour Panel

RationalEdge's Team
2 min read
#reds #malcontent #maliciousness-scoring #ai-analysis #behaviour #capa #malware-analysis
Maliciousness Scoring, AI Sample Analysis, and a New Behaviour Panel

Another release, another set of capabilities we have been wanting to ship for a while.

With this release we finally bring you the first of a series of maliciousness risks scores we are about to introduce, based on behaviour, features and structure. Moreover, as a natural follow up from the last update, users can now get AI-Assisted full sample analysis, see the details below.

Sample Maliciousness Risk Score

REDS now computes a maliciousness risk score for samples, derived from Malcontent, Chainguard’s open-source behavioural analysis tool. This is the first of a series of maliciousness scores we are introducing into the platform.

Practically, this means two things. First, analysts can now search for specific behaviour patterns across the corpus, including results from the 14,000+ YARA rules that ship with Malcontent — similar to what was already possible with CAPA. Second, the risk score gives you a structured signal on how suspicious a sample looks, based on its observed behaviours, before you have even opened it.

Malcontent analysis can also be triggered on-demand for samples that have not been scanned yet.

Malcontent Risk Score in REDS

New Behaviour Panel

All behavioural data (both Malcontent and CAPA results) now lives under a dedicated Behaviour panel in the sidebar. Behaviours are grouped by risk level, with expandable rule details for each finding. This is also where emulation support will land when it ships.

AI-Assisted Full Sample Analysis

Analysts can now request an AI-generated analysis of any sample, drawing on its features, structure, behavioural data, code anomalies, IOCs, strings, and more. The output covers key findings and analytical judgment — but it also surfaces gaps and limitations explicitly. We think that matters.

Because LLM outputs are non-deterministic, we did not want to present a single AI summary as settled truth. As for the LLM Code Analysis support we introduced in the last release, results can be upvoted or downvoted, and the aggregated signal from all analyst interactions is always visible alongside the summary. The goal is the same as everything else in REDS: show the evidence, not just the conclusion.

AI Assisted Full Sample Analysis in REDS

MoRE to come. Book a demo if you want to see it in action.

Ready to Transform Your Threat Analysis?

Get started with REDS - the intelligence platform built by threat analysts, for threat analysts.

Book a Demo Contact Us