Glasswall Foresight brings AI-powered threat prediction to Glasswall Halo. It combines machine learning models with Glasswall's Content Disarm and Reconstruction (CDR) analysis to assess files and predict the likelihood that they are malicious—including unknown and zero-day threats that traditional, signature-based detection can miss. Where Halo's CDR technology rebuilds files to a known-good standard, Foresight adds a predictive layer of intelligence: it inspects a file's structure and returns a probabilistic threat label that you can both *see* on your files and *act* on through policy. This functionality is included from v2.19.0. See [v2.19.0 release notes](/halo/v2190). ## Why use Foresight in Halo? ### Predictive threat detection Foresight uses machine learning to identify malicious files that traditional detection methods may not yet recognize, helping you stay ahead of zero-day and previously unseen threats. ### See the risk on every file The Foresight label is included on all API responses and rendered in the Halo file analysis report, so the prediction travels with the file wherever it is processed. ### Act on the risk through policy Files predicted to be malicious can be blocked automatically using Halo policy, combining Foresight's predictions with Glasswall's existing CDR protection. ## How it works When a file is processed by Halo, Foresight analyzes its structure using machine learning models alongside Glasswall's CDR engine. It produces a probabilistic threat label that reflects the likelihood the file is weaponized. This label is applied together with your existing CDR policy to determine how each file is handled—letting you make informed decisions, or automate the response, when potentially risky files are encountered. ## Risk labels Foresight returns one of three threat labels for each supported file: * **Malicious**—High-probability prediction that the file is weaponized. These files can be blocked automatically through policy. * **Suspicious**—Some indicators of harm were found, but there is insufficient evidence to classify the file as malicious. Caution is advised when handling these files. * **NoThreatsDetected**—No indicators of harm were found. ## Supported file types Foresight currently supports threat prediction for the following file types: * PDF * DOCX * XLSX ## Where Foresight runs Foresight runs as an additional container within the Glasswall CDR engine pod—the `cdrplatform-engine` component of your Halo deployment. When a file is processed, the engine calls Foresight to assess the original file. Foresight is **disabled by default** and is safe to leave deployed in a disabled state. ## Learn more * [Deploying Foresight in Halo](/halo/deploying-foresight-managed-kubernetes) * [Configuring Foresight in Halo](/halo/configuring-foresight-in-halo) * [About Foresight](/foresight/about-glasswall-foresight)