OPSWAT’s Benny Czarny on Retooling the Language of Cybersecurity
If you spend enough time in this industry, you start to recognize a pattern. A new “platform” appears, slaps some AI on the label, piles on yet another agent, and declares itself the silver bullet for all things cyber. CISOs smile politely, add it to the comparison spreadsheet, and quietly wonder how many more moving parts their teams can tolerate before something important drops.
OPSWAT is not that kind of story.
Talking with Benny Czarny, founder and CEO of OPSWAT, you don’t get a pitch deck. You get what feels like a field report from someone who has spent the last two decades living inside the plumbing of cybersecurity, trying to fix what is fundamentally broken: how our tools talk to each other, how they handle files, and how we protect the most fragile systems on the planet.
As he put it in our conversation, his journey started with a very simple but devastating observation:
“The big issue was failure on the industry to communicate, to create, like a cyber security language.”
That language became the foundation of OPSWAT. The rest is the story of how a behind-the-scenes OEM engine turned into a critical infrastructure protection platform, complete with multi‑AV scanning, file regeneration (CDR), a diode product line, a managed file transfer platform that doesn’t require you to bolt on 20 other tools, and a global training academy turning out hundreds of thousands of certified practitioners.
This is not just another security startup. This is the company that quietly decided the antivirus industry had the wrong problem definition, then went off and built a new one.
From Bookstore Headaches to Critical Infrastructure
By the time we spoke, Benny had just published a book about this journey. Getting it into the world, he discovered, is its own lesson in integration pain.
“We launched the book through Amazon and through Blurb. Actually, the first launch was through Blurb. It was much harder to release it through Amazon… Amazon process is not as smooth as, like, Blurb and others. I mean, you would think, right? Amazon started a business with books, bookstore.”
The book is now available on Amazon and Kindle, with an audiobook on the way, and Benny is blunt about where the real market is:
“Mid May, I expect to have an audio version, and I understand that actually, most of the books these days are actually audio books… 70% of the transactions, apparently, audio books.”
The book matters here because it mirrors the OPSWAT journey: a narrative of how a company that started as a “secret weapon” for security vendors became a central player in protecting critical infrastructure worldwide.
The First Big Idea: A Cybersecurity Language
In the early days, OPSWAT was not building shiny dashboards for CISOs. It was in the engine room, solving a problem that most executives never see but every security architect feels in their bones.
“Initially it was miscommunication between cybersecurity products, which is completely different than critical infrastructure protection. The issue that I noticed is that cybersecurity products fail to communicate… VPNs, STPs, IDPs fail to communicate with antiviruses, firewalls, VPNs, encryption products. And that represents a big portion of cybersecurity incidents.”
Benny looked at a market with more than 4,000 cybersecurity vendors, each trying to reinvent its own way of integrating with others.
“In each one of those cybersecurity companies, they are trying to reinvent the wheel by creating communication protocols with other cybersecurity products.”
The result was a fragmented, brittle ecosystem where products “integrated” about as well as diplomats on a bad day.
So OPSWAT built a cybersecurity language and did something unfashionable in a world obsessed with logos and front‑end control: it went OEM.
“The go to market for the first big idea was actually OEM. So we’ve been like the secret cybersecurity weapon. Think about that as… a cybersecurity language, a toolkit… to accelerate their development of cybersecurity products.”
Benny went to the majors — Palo Alto, Cisco, HP and dozens more — and offered them a way to standardize how their products interacted with others. Today, he notes:
“Up until now, we have, like, close to 100 key cybersecurity companies, actually more than 100, that license this technology, and these 100 cybersecurity companies are the top 100 cybersecurity companies in the industry.”
For most vendors, that would be the exit strategy. For Benny, it was just the first act.
When Testing the Language Exposed a Bigger Problem
Once the language was embedded in millions of endpoints, the OPSWAT team hit a very uncomfortable realization.
They built a large‑scale testing platform called Xperia.
“We formed the team, a quality assurance team, and we built a testing platform called Xperia… 1000s of virtual machines, each one of them has a different cybersecurity product installed… every time a virtual machine launched, we test the compatibility of the language against these specific cybersecurity products.”
Among those thousands of VMs were antivirus engines, running in several modes. The language they created had constructs like:
“One of the cybersecurity language [functions] was antivirus.scan_file… We also have antivirus.scan_folder… and also we have in the language, antivirus.real_time_protection.”
And this is where things went sideways for the industry.
The antivirus world loves to show pretty charts from AV‑Comparatives and similar test labs, with 99.99% efficacy scores. Those, Benny points out, are almost entirely about device protection.
“The antivirus industry is mainly built around protecting a device… Whenever you see these cool results of antiviruses, AV‑Test, AV‑Comparatives, 99.99 or something, this is the efficacy of protecting the device.”
But when OPSWAT used its language to ask a simple question — “scan this file” — the numbers crashed.
“Whenever we asked the antivirus ‘scan a file,’ the results were not 99.99. The results were like 50%, 45%. And that was a big aha moment to us… Initially, we thought we have a problem with the language. And then the big aha moment [was] that, no, there is a problem with the industry, and there’s a fundamental problem with antiviruses that are not designed to scan files. They’re designed to protect devices.”
If you’re responsible for critical infrastructure, that sentence should land like a brick. Because files, not endpoints, are often how your most sensitive environments are compromised.
The Second Big Idea: From OEM to “Firewall of Data”
That discovery set OPSWAT on a new trajectory. The company pivoted from being an OEM language provider to an enterprise company focused on critical infrastructure, and specifically on what Benny calls the “firewall of data.”
“We started looking at cybersecurity attacks to critical infrastructure and big enterprises, and we found out that it’s mainly about file transfer. Think about that… email attachments… file downloads or file uploads… bunch of breaches with MFTs that are broken… they rely on an antivirus on static scanning and getting a very low efficacy.”
If you’ve ever sat in a war room during an MFT‑driven breach, this is not news. The industry’s response so far has mostly been to ship more patches and more apologies.
OPSWAT’s response was architectural. First, they built a multi‑scanner with more than 30 antivirus engines.
“We build the multi scanner with more than 30 different antivirus engines… and I’m having the statistical formulas around that… I expect you to have kind of nine nines of protection by adding a multi scanner.”
Of course, getting 30 AV engines to play nicely is not a matter of buying a bunch of consumer licenses and duct‑taping them together.
“It’s not the antivirus you buy. It’s to get the OEM packages, to get the trust, the agreements… deal with the updates… how do you deal with different antiviruses scanning at different speeds… what do you deal with false positives as you increase engines by creating, like, a whitelist engine… how do you deal with archives in a consistent manner?”
There is a certain kind of engineer who hears this and smiles. Everyone else hears “30 AV engines” and quietly reaches for their aspirin.
And to make it even more interesting, OPSWAT had to support air‑gapped environments.
“Sometimes [it] needs to work in critical infrastructure, in air gap condition. So you have a multi scanner in air gap. How do you update 30 antivirus in air gap? You know how? Actually, it’s fun. And it’s big data transfer and also a package generation that we need to do offline and to package it all together and securing the data transfer.”
This is the part where Benny describes all of this as “fun,” which tells you a lot about the type of problems OPSWAT is culturally wired to chase.
But even after reaching roughly 30 engines, the team found out there was a ceiling to what multi‑AV could do.
“We get to 30 antivirus engines. We figure out that although we get to 30 different antivirus engines, that wasn’t enough. And then we had… the big aha moment that adding more antivirus engines will not be able to get us to this 99.99 prevention.”
So they flipped the model.
Cybersecurity Prevention Through File Regeneration
Instead of asking, “Is this file malicious?” OPSWAT began assuming the answer was “yes” and working from there.
“We had to reverse the model and then create technology that… is cybersecurity prevention through file regeneration. So assume that all of the files are malicious and regenerate the file flow.”
This is what the industry now commonly calls Content Disarm and Reconstruction (CDR), and Benny is very clear that OPSWAT helped pioneer it.
Not everyone loved the idea at first.
“Many CISOs… were against that. ‘Oh, you can change my hash? No way.’ I put my other AI model… that is doomed for failure. I go over a lot of that… how to do that and change an organization.”
But in a world where document‑based malware, AI‑generated payloads, and zero‑days proliferate faster than signature databases can update, CDR ends up looking less like a nice‑to‑have and more like a prerequisite.
“Now with so many AI‑born threats, it’s so effective to prevent it, because you think about that, you have a Word document… that technology eliminates that. Everything is not trusted, regenerated in a clean format. You use new files… We are doing it for so many years. It’s working great. Effective now, and we are testing it with AI threats, zero days. Effective for some vulnerabilities, effective for AI threats, effective for a lot.”
Benny is careful not to oversell. CDR is not magic.
“It’s not effective for detection, that’s still very important. It’s not effective for executables… you still need a great sandbox. So I’m not saying it’s great for everything. Still, to block those and detection is still very important, though for prevention, it’s a key case technology.”
This blend of brutal honesty and architectural rigor is a recurring theme. OPSWAT focuses on the unglamorous parts: file flows, transfer paths, policy enforcement in environments where downtime is unacceptable and “99% blocking” is a career‑ending number.
The Reality of Critical Infrastructure
When the conversation shifts to critical infrastructure protection, Benny doesn’t reach for buzzwords. He starts with complexity.
“You have many, many, many devices. You have legacy devices and new devices… robots… IoT devices… air gap and cloud.”
When asked whether 99% protection is acceptable in a nuclear or energy facility, he doesn’t hesitate.
“No. It sounds extremely unacceptable.”
And that is before you consider the human side of the equation.
“How many cybersecurity training [programs] are you familiar with? Hundreds, maybe… How many focus on critical infrastructure protection?… I don’t know of any that focus on critical infrastructure protection.”
So OPSWAT built technology for those environments and then built an academy to grow the people who can run it.
“This is what OPSWAT is all about. We’re the platform… We have the CDR technology, very deterministic to get you very close to 100%. We have country of origin technology, we have proactive DLP technology, we have AI prediction technology. We have a really fast sandbox technology. We have tons of technologies that are designated for critical infrastructure.”
Those technologies show up in tangible products: data diodes, secure managed file transfer (MFT), kiosks for removable media, and more, all wired together into a single ecosystem.
“We have like a data diode that uses these technologies. We have MFT that uses this technology. We have a kiosk for peripheral media protection that uses this technology. And all of these products are integrated together into a platform that enables you to move files securely within your critical infrastructure, for example, from the cloud to the most critical network and vice versa.”
On the training side, the OPSWAT Academy is quietly scaling up the next generation of critical infrastructure defenders.
“To address the training gaps, we formed the first and only critical infrastructure protection Academy. It’s called the OPSWAT Academy. We have 275,000 certified students… We’re getting several thousand new certified students a month, going extremely well.”
The payoff is not just certificates, but jobs.
“We’re getting feedback that students getting our academy are actually getting jobs. And that’s really warming my heart… We are helping the job market… helping candidates and students to receive jobs.”
For an industry that likes to complain about “skills shortages” while doing very little to build actual practitioners, this is refreshingly pragmatic.
Hardware, Made in Tampa
OPSWAT is not just a software story. Critical infrastructure prefers hardware it can see, trace, and audit. Benny leans into that.
“We have 1100 employees. We do, by the way, manufacturing with hardware. So, for example, our diode… everything is manufactured right now out of Tampa, Florida.”
If you’re tired of discovering surprise components from “forbidden countries” deep in your supply chain, this point is not trivial.
“We manufacture all of that ourselves, all of the hardware pieces for critical infrastructure. We do it ourselves, so you don’t need to deal with equipment from forbidden countries. Everything is done secure by our team.”
The Tampa facility itself has become a bit of a showpiece, complete with murals and media tours.
“If you just Google OPSWAT Made in America, you’ll see the media tour. You’ll see also my dog there… Very colorful factory facility. We put a mural artist to help us with that.”
There is something almost old‑school about a cybersecurity vendor that actually builds its own hardware in‑house, in the U.S., and is proud enough of it to give tours.
RSAC, AI, MFT, and the Sandbox Problem
At the RSAC Conference, OPSWAT used the stage not to reinvent buzzwords, but to iterate on its core strengths.
“At RSAC, we announced several key things… We released our AI engine. So I mentioned that antivirus system is really designed to protect the device, not to predict whether the files are malicious or not. We designed an AI engine that just does that… we’re simply doing much better than the industry.”
The company also continues to double down on its secure MFT platform.
“By the way, we just announced we’re a leader of MFT. We have a secure MFT powered by all of our technology. So you don’t need to… buy the MFT, and then you need to buy 20 other cybersecurity products to integrate with them and to secure them. So we build our MFT with our security technologies… Everything is embedded.”
If you’ve ever diagrammed an MFT deployment that required a small constellation of DLP, AV, sandbox, SIEM, and custom glue just to not burn the house down, this should sound appealing.
On the sandbox front, OPSWAT’s approach is to trade heavy virtual machines for faster emulation and then layer in threat intelligence and large language models.
“We have emulation based sandbox, not like traditional sandbox. Traditional sandbox is all about, you know, you run it in a virtual machine… We actually emulate that through the CPU command, so it’s much, much faster… We released that integrated to a full threat intel, so you don’t need to buy the threat intel separately and the sandbox separately.”
Then they use LLMs to compress the work of the SOC analyst.
“We use LLM to take the IOCs together with the necessary threat intel. So it really decreased the time of the malware analyst and SOC analyst by around 80% to figure out whether it’s a false positive or false negative and to write the right report.”
In other words, AI where it actually removes toil instead of just adding another “assist” button.
Explaining Cybersecurity to the Board: Bring Popcorn
There is one more piece of the OPSWAT story that will make every CISO smile: they made a movie.
“The reason we produced [it]… it’s so hard to explain cybersecurity topics, and not only starting to technical folks like you. I’m talking about, like, CEO, board members and so on. So we took very complex topics, and we really simplify them.”
The film, “Breaking the Firewall: Into the Breach,” pulls in some familiar science‑TV talent.
“We took pretty much the best team in the world. We thought about the MythBusters team, and Kari Byron… She’s both technical and public, and she can articulate complex things in a simple way. And I think she did a fantastic job.”
Screenings are happening around the world, with plans to bring it to streaming platforms.
“We’re doing screening all around the world, and then by August, we plan to have it on Amazon Prime and YouTube and some other platforms.”
So if your next board offsite needs something a little more relevant than yet another generic cyber awareness video, you may soon have options that don’t insult anyone’s intelligence.
What CISOs Should Do Next
If you’re a CISO or senior security leader reading this, you might be thinking:
“Okay, interesting story. But what do I actually do with this?”
Here is a pragmatic sequence to consider:
- Map your file flows, not just your endpoints. Where do files enter, move, and cross trust boundaries in your environment, especially around OT, ICS, and critical infrastructure systems? Email attachments, SFTP, MFT, kiosks, vendor media, cloud file shares, and support workflows all count.
- Audit your current dependence on single‑engine antivirus for those flows. Anywhere your file inspection strategy is “we run it through AV and hope for the best,” you should assume you’re getting numbers closer to Benny’s 45–50% for file‑based attacks, not 99.99%.
- Evaluate multi‑scanning and CDR as baseline controls. For high‑impact environments, particularly where “99% is unacceptable,” a multi‑AV approach plus file regeneration is not a luxury. It is the minimum you should be considering.
- Look at platforms, not point solutions, for critical infrastructure. OPSWAT’s ecosystem of diodes, secure MFT, kiosks, sandboxing, and CDR is intentionally integrated for OT, ICS, and other complex networks. Whether you choose OPSWAT or a competitor, the question to ask is: “Does this platform treat files, flows, and critical infrastructure as first‑class citizens, or as an afterthought bolted onto an IT‑centric product?”
- Close the human gap with focused training. Tools won’t help if your teams are learning generic IT security instead of critical infrastructure protection. Programs like the OPSWAT Academy, with its hundreds of thousands of students, exist specifically to fill that gap. Make critical infrastructure training a budget line item, not a wish list item.
OPSWAT is not trying to be everything to everyone. It is trying to be very, very good at one brutally hard problem set: making sure that the flows of data into, out of, and within critical infrastructure are as close to failure‑proof as possible.
For many CISOs, especially those responsible for energy, manufacturing, utilities, transportation, healthcare, and other high‑impact sectors, that focus is not just welcome. It is overdue.
Call to Action
If your organization operates or depends on critical infrastructure, now is the time to move beyond single‑engine AV and checkbox MFT deployments that only look secure on PowerPoint.
Consider taking these concrete steps:
- Pilot a high‑risk file flow (for example, vendor media entering an OT network, or cross‑domain transfers between cloud and production) using a multi‑scanner plus CDR approach, and measure the delta in detected and prevented threats.
- Engage with vendors who can show real‑world data about file‑based protection efficacy, not just endpoint protection scores.
- Enroll part of your team in specialized critical infrastructure training, whether via OPSWAT Academy or similar programs, and make operational knowledge of OT/ICS security a core skill, not a niche specialization.
The threats targeting critical infrastructure are only getting more sophisticated, but a lot of the industry is still betting that one AV engine and a couple of signatures will save the day. OPSWAT’s story is a reminder that we can do much better, if we’re willing to rethink some of our most comfortable assumptions.
For CISOs, the next step is straightforward: scrutinize your file flows, your transfer paths, and your OT security posture with the same rigor you apply to your endpoints. Then bring in platforms and partners who were built for that job from day one.
Author’s Note
The author sat down with Benny Czarny, Founder and CEO of OPSWAT and Author of “Cybersecurity Upside Down” during the 2026 RSAC Conference in San Francisco, March 23rd–25th, 2026, to discuss the company’s origins, technology innovations, and vision for protecting critical infrastructure.
For more information, please visit www.opswat.com.
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
