ESET invests $40 million in AI cybersecurity at ESET World 2026

• ESET announced a $40 million AI cybersecurity investment to secure AI systems.
• ESET outlined OpenClaw risks, launched ESET Private, and entered network security.

ESET has announced a $40 million investment in AI-powered cybersecurity. The investment will support its internal AI capabilities, protections for AI-driven systems, and new methods for processing security data.

The announcement was made at ESET World 2026 in Berlin, where company executives discussed autonomous AI systems, AI-related attack surfaces, and cybercrime operations. The company also announced new country offices, a corporate solutions lineup, and plans to enter the network security field.

AI security investment

Richard Marko, ESET’s chief executive officer, positioned the investment around the rise of autonomous AI systems. He compared the development to earlier changes in malware detection, including the use of heuristic methods, deep learning, and ESET’s DNA-based technologies.

“We are entering a completely new AI era in cybersecurity,” Marko said. “The response to this new era lies in the intelligent application of artificial intelligence in cyber defence.”

Large language models are already being used in phishing emails, deepfake videos, and influence campaigns, according to Marko. The same tools can also understand natural language and programming languages, which extends their use into coding-related activity.

One example discussed during the presentation was the use of AI-generated TikTok accounts with realistic photos and biographies during the election in Moldova.

ESET’s investment will focus on three areas. The first is the development of its own AI foundations trained on cybersecurity data, rather than relying only on models controlled by large technology companies. “We believe the future of cybersecurity cannot depend on models controlled by big tech,” Marko said.

The second area is protection for AI systems themselves. As AI becomes part of applications, workflows, and company systems, it also becomes part of the attack surface.

ESET is looking at a layered AI security stack that can protect agent-to-agent communication, browser-to-LLM communication, and systems that import tools and skills without direct human action.

The third area is security data processing. XDR systems generate large volumes of data, and ESET’s position is that replacing analysts with LLM agents will not solve the issue on its own. The company is working on new ways to categorise, enrich, and process that data.

OpenClaw risks

OpenClaw was a central example in the keynote. Marko described it as a project that combines LLMs, external tools, coding capabilities, and natural-language “skills” that tell an agent what to do.

The public repository for OpenClaw skills had around 60,000 skills in March 2025. More than 10,000 were considered suspicious, while more than 1,000 were classified as malicious.

Less than two months later, according to ESET, the number had grown to more than 800,000 skills. That included more than 25,000 suspicious skills and more than 3,000 malicious skills.

Marko described the ability to update skills, test alternatives, create new tools, and potentially replace the LLM used by an agent as a form of digital evolution. “What I am describing might sound a little like science fiction, but all the tools and mechanisms are already in place,” he said.

In one example shown during the presentation, ESET translated a Chinese-language skill that instructed an agent to read a self-awakening and evolution guide, then build its own evolution engine by creating a Python script.

The company also discussed customer views on AI agents. In ESET surveys, ease of use ranked highest among customer priorities, while conclusions by AI agents ranked lowest.

Three new offices

The company said it is opening three new offices: ESET France, ESET Netherlands, and ESET India. Marko said ESET now has 25 offices worldwide after adding Sweden and Denmark earlier this year.

ESET also said it protects, directly and indirectly through partnersmore than 1 billion peopleincluding half a million business customers.

Marko said ESET LiveGrid currently receives around 750,000 new suspicious samples every day, along with metadata and scanned URLs.

AI security development

Juraj Malcho, ESET’s chief technology officer, linked AI security work to data, infrastructure, and workloads. Data still needs to be stored, processed, and secured, even as AI changes the scale and speed of those workloads.

AI workloads place demands on data centres, compute systems, energy, and security controls. ESET is also working with other industry participants through the Agent AI Foundation on open protocols, interoperability, and standards.

Areas under development include shadow AI discovery and supply chain security. Other work covers behavioural monitoring of skills, conversational security, and ESET LiveCortex, a system above ESET LiveGrid that is still in its early stages.

According to ESET, LiveCortex is designed to make correlations using data from around the world and will be expanded through the new AI investment.

Private solutions

ESET also announced ESET Private, a lineup of corporate solutions aimed at organisations that require tailored deployments and long-term support.

Martin Talian, ESET’s chief corporate solutions officer, said the company created its corporate solutions division in 2022 to support customers with mission-critical environments. These include governments, defence organisations, critical infrastructure operators, fintech companies, banks, transport firms, and logistics organisations. “These companies play a vital role in maintaining economic stability, public safety, and continuity of essential services,” Talian said.

Such customers often prioritise continuity, reliability, and mission-specific deployments over standard software features.

In one example, ESET adapted technologies such as LiveGrid and LiveGuard for an air-gapped defence environment, where systems still needed updates and data transfers despite having no external connectivity.

In another, ESET worked with a telecom operator to analyse traffic for abuse and malicious content without requiring users to install an application.

The company is also working on an abstraction layer that allows workloads and solutions to run outside major public clouds, including private cloud and on-premises environments. That work supports private scanners, which allow customers to use ESET’s scanning engine in private environments or high-throughput settings without exposing their data to ESET.

Network security

ESET is also entering network security. Malcho said the underlying technology has been used internally for several years and is now being prepared for private customers. The initial product is a network probe with packet inspection, telemetry aggregation, detection rules, and threat intelligence enrichment.

The network probe is designed to aggregate data before it reaches SIEM systems, where licensing is often based on data volume. It uses deep packet inspection and ESET threat intelligence to provide more context on traffic such as HTTP, HTTPS, and SMB communication.

ESET plans to integrate the technology into its XDR platform over time, with intrusion detection and intrusion prevention functions to follow.

Cybercrime disruption

The session also covered cybercrime and cooperation with law enforcement.

Roman Kováč, ESET’s chief research officer, described cybercrime as a structured ecosystem involving initial access brokers, malware developers, infrastructure operators, botnets, marketplaces, money mules, affiliates, and data brokers. “Cybercrime is not random. It is a business model,” Kováč said.

ESET’s technologies have seen 345 billion URLs so far this year, according to Kováč. Visibility alone does not disrupt cybercrime, and removing actors from the ecosystem requires investigative action, legal authority, and cross-border coordination.

Marijn Schuurbiers, head of operations at Europol’s European Cybercrime Centre, described Europol as a people hub, data hub, and case hub. Europol brings together officers from EU member states and third-party countries, including the United Kingdom, Norway, the United States, Japan, and Colombia.

Its cyber work includes AP Cyborg, which focuses on computer-related crimes, and AP Terminal, which covers payment fraud and phishing. Other teams include AP Dark Web for online criminal platforms and AP Twins for child sexual abuse. Schuurbiers also described the Joint Cybercrime Action Taskforce, where cyber experts from different countries work in the same room.

Europol works with private-sector partners through its Cyber Intelligence Extension Program, with ESET among the cybersecurity companies contributing intelligence to investigations. Its Cyber Intelligence Gateway allows private companies to share information through channels including encrypted email and a MISP instance.

Schuurbiers said Europol’s strategy is to focus on key services in the cybercriminal ecosystem rather than handling one incident at a time. He cited Operation Endgame and operations against initial access brokers, including the DanaBot operation involving ESET.

He also referred to actions against criminal forums and phishing SMS infrastructure. Hybrid threats are blurring older categories of cyber activity, including state actors, cybercriminals, hacktivists, extremists, and technically motivated actors. “In the hybrid age, things start to blur,” Schuurbiers said.

Schuurbiers said hybrid threats require cooperation between law enforcement, intelligence agencies, private companies, and other partners.

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.