When you analyze compiled software for a living, you get used to edge cases.
Packed installers. Encrypted payloads. Custom formats that do everything they can to hide what is really going on.
Until now, those cases usually ended in one of two outcomes:
- “No results” from automated tools, or
- Painful, time-consuming manual reversing
NetRise AI Insights is designed to change that. Instead of a dead end, you get an AI-generated report you can actually use to make a decision.
And importantly, this is an opt-in feature. Nothing runs unless your organization chooses to enable it.
The problem: When deterministic analysis cannot see inside
The NetRise platform is built on binary composition analysis, creating a detailed software inventory and SBOM directly from compiled code, not source. That is what lets you see hidden dependencies, misconfigurations, secrets, keys, and other supply chain risks that never show up in manifests.
But there will always be binaries that are:
- Encrypted or heavily compressed
- Packed installers that only reveal their contents at runtime
- Custom or legacy formats with very high entropy
From the platform’s perspective, you still get important structural facts (file type, entropy profile, discovered components), but you cannot always produce the same deterministic, component-level view you get from “normal” firmware or images.
That used to mean:
- Little or no context for security teams
- Tickets with “unknown executable” that nobody wants to own
- Manual analysis reserved for only the highest risk assets
NetRise AI Insights was built specifically for this gap.
What NetRise AI Insights actually delivers
Instead of focusing on how the feature works under the hood, it is more useful to look at what you get out of it day to day. NetRise AI Insights takes the binary analysis output that the NetRise Platform already generates, feeds that into an LLM, and produces a human-readable report about the asset, including when the primary conclusion is “this content is encrypted or compressed.”
For this initial release, NetRise AI Insights runs on supported assets as they are uploaded or analyzed going forward, with broader on-demand coverage for existing assets planned for the roadmap.
Here is what you can expect from NetRise AI Insights:
1. Clear answers where you used to have “unknown file”
For binaries that previously produced little or no deterministic output, you now get a structured AI report that explains:
- What the executable appears to be doing
- Which frameworks and libraries it is built on
- Whether it performs network operations
- How it uses cryptography and certificates
- Which operating systems and architectures it is likely targeting
In the example below, you can see the summary view from an NetRise AI Insights report for tplink-ep25.bin, identified as an OpenPGP public key. The report brings file metadata, components found, entropy, architectures, and legacy component checks into a single place. In cases like this, the AI narrative focuses less on runtime behavior and more on the role the artifact plays in the software supply chain, such as a public key used for signature verification rather than executable code.
That is the difference between an “unknown .bin file” and a signing asset you can quickly classify and treat very differently in triage.
2. Fast triage of suspicious or third-party software
Security and procurement teams constantly receive:
- Vendor-supplied installers
- Field updates for appliances
- Tools from internal teams that ship as compiled binaries
With NetRise AI Insights, you can:
- Onboard that asset into NetRise as part of your normal upload and analysis workflow
- Open the NetRise AI Insights report from the NetRise platform UI
- Get a readable explanation of what the binary appears to be doing, which components it includes, and how it behaves on the network
Instead of holding up a deployment because nobody can interpret an .exe file, you can make an informed decision, or at least ask the vendor much more specific questions.
3. Better prioritization of manual reverse engineering
Not every opaque binary deserves a week of analyst time. NetRise AI Insights helps you separate:
- Binaries that look like standard installers or supporting components, where risk appears low
- Binaries that perform unexpected network activity, touch-sensitive OS APIs, or combine encryption with unusual control flow
Because the AI report is built on top of NetRise’s existing software inventory and risk context, it can lift out the details that matter most for triage, such as libraries in use, potential attack surface, and high entropy sections that are likely encrypted payloads.
That means your reverse engineers can focus on the binaries that actually look interesting.
4. Evidence you can share across teams
NetRise AI Insights produces a PDF report for each analyzed asset.
Teams use these reports to:
- Attach evidence to tickets and exceptions
- Provide context to incident responders who need to understand “what is this thing” quickly
- Share a consistent narrative with vendors when asking for clarification or patches
- Capture a point in time record of how an asset looked when it was introduced
Instead of passing around ad hoc notes and screenshots, the report becomes the single reference.
5. Less noise when there is nothing to see
Sometimes the most important answer is “there is nothing materially interesting here.”
NetRise AI Insights includes alerts for reports with negligible findings, so teams can move past benign assets quickly instead of treating every AI report as a red flag. This is especially helpful when you are bulk analyzing large volumes of third-party software where only a small fraction will warrant deeper follow-up.
How NetRise AI Insights fits into your existing workflow
NetRise AI Insights is designed as an extension of what customers already do on our platform, not a separate experience.
Today, customers can:
- Access AI-powered insight reports directly from the NetRise Platform UI for supported assets
- Rely on NetRise to orchestrate the analysis using the same binary data and enrichment you’ve come to know in the platform
- Download or share the generated PDF when they need an artifact outside the platform
There is no new pipeline to manage. You are simply adding another lens on top of the same system of intelligence that NetRise already builds from your software inventory and binary composition analysis. In an upcoming release, NetRise AI Insights findings will also be integrated into report data in the platform, so they can flow directly into your existing dashboards and workflows in addition to PDFs.
How to get started
Given how sensitive software supply chain data can be, NetRise AI Insights is intentionally not turned on for everyone.
Key points for customers:
- NetRise AI Insights is an opt-in feature. It is disabled by default for all tenants and is only activated when your organization chooses to enable it.
- Once enabled, in-product walkthroughs in the platform (via our Pendo guides) show exactly where to find NetRise AI Insights and how to run reports on eligible assets.
- The feature works on the outputs NetRise already derives from your binaries, rather than reaching into live endpoints or production environments.
- Follow in-product walkthroughs that introduce NetRise AI Insights inside the NetRise UI and show exactly where to find the reports for eligible assets.
If you are evaluating NetRise, NetRise AI Insights is an example of how we are using AI to enhance, not replace, rigorous binary analysis. The goal is simple: reduce the time between “new or unknown software arrives” and “we understand the risk well enough to act.”
Need quick help? Chat now with a Real NetRise Expert
Click here➡
No Slack account needed
