Switzerland Swiss Made
Get API Key →
About

Built by an ML engineer who works on production malware detection

Not a startup. Not a team. One engineer, one well-defined problem.

Robin Frehner

My name is Robin Frehner. I’m a Machine Learning Engineer working on cybersecurity — specifically on detection systems for malware, malicious scripts, and anomalous command behaviour in production environments.

In that work, the same frustration kept coming up: rule-based tools fire on what they’ve already seen. Novel attacks — the ones that actually matter — slip through because no signature exists yet. I wanted to know if a sequence-aware classifier, trained on real attack chains, could detect these patterns without any rules. It can. At 90% TPR and 0.1% FPR.

The explainability angle came from operational reality. A black-box "malicious: true" is useless to an on-call engineer at 2am. They need to know which commands drove the verdict — so they can isolate the right pod, pull the right logs, and attach evidence to the incident ticket. That’s what the /explain endpoint does.

Why Protet exists

The Codecov attack ran undetected for two months. The XZ Utils backdoor sat hidden for two years. The tj-actions compromise affected 23,000 repositories before anyone noticed. In every case, the malicious payload was a tiny fraction of an otherwise legitimate script — invisible to ClamAV, YARA, Semgrep, and ShellCheck because none of them had a signature for it.

Rule-based tools require prior knowledge of the exact attack. The attacker only has to vary one line. I built Protet to eliminate that structural disadvantage: a classifier trained on the shape of malicious behaviour — not its exact bytes — so that novel variants are detected at the same rate as known ones.

The benchmark is public and reproducible. The numbers are from a held-out test set the model never saw during training. Read it.

Engineering philosophy

Practical constraints first. Protet is designed to slot into an existing security stack — Tetragon or Falco capture exec events; Protet adds the classification layer on top. No forklift, no agent replacement, no new infrastructure beyond an HTTPS endpoint.

Reproducible results over marketing claims. The benchmark script is real. The test set was held out before any training. The comparison detectors — ClamAV, YARA, Semgrep, ShellCheck, TF-IDF baselines, Claude Sonnet 4.6 — were all evaluated on the same data with their best-case configurations.

Build first, measure, ship what works. Everything on this site reflects that approach: no demos that only work on slides, no detection rates computed on toy datasets.