Cortex

Catch threats no rule has ever seen.

Cortex is the machine-learning classifier inside every Gen0Sec sensor. It scores traffic by behaviour — how a client negotiates a TLS handshake, how it paces requests, how it differs from a known browser. When Cortex flags something malicious, the firewall acts.

What Cortex is for

• Detection without signatures. Find malware, bots, and scrapers before anyone has written a rule for them.
• On-device inference. Nothing about your traffic ever leaves the host or sensor. No cloud round-trip, no data exfil risk.
• Automatic action. When Cortex's malicious-probability exceeds your threshold, it can fire a block directly through Amygdala — no human in the loop required.
• Continuously updated models. Cerebellum re-trains, ships the new model, and Cortex hot-loads it. Detection improves while the platform runs.

How it fits

Cortex is the new-threats detector in the platform. Thalamus catches signatures we already know. Cortex catches the rest.

Use cases

• Detect bots without JavaScript challenges — works for APIs, mobile apps, and headless clients.
• Block credential-stuffing attempts even when the attacker rotates IPs.
• Identify unknown attack tools by their network fingerprint, before any signature exists.
• Score every connection so you can rank investigation queues by ML confidence.

See also

• Synapse documentation — the agent that ships Cortex
• Dendrite — the fingerprint source Cortex classifies
• Amygdala — the enforcement layer Cortex triggers