This patent covers a foundational technical innovation from Stuart McClure's work at Cylance: a system for controlling application execution on endpoint devices using ensemble machine learning models to discern whether a given executable is benign or malicious — before it runs.
The core technical insight is the application of multiple machine learning models working in concert (an "ensemble") rather than relying on any single model. Each model in the ensemble evaluates the target file from a different analytical perspective, drawing on different feature sets and trained on different aspects of file behavior. The ensemble's combined output produces a classification decision with significantly higher accuracy and lower false-positive rates than any individual model could achieve.
This was the technological core of what made Cylance revolutionary when it launched. Legacy antivirus systems relied on signatures — essentially, a list of known malicious files. Cylance's approach could identify malicious files it had never seen before, based on the mathematical properties of the file itself, without requiring any network connection, signature update, or behavioral sandbox. The patent protects the specific ensemble architecture that made this possible at commercially viable speed and accuracy.
Stuart McClure holds numerous patents from his time at Cylance, reflecting the genuine scientific innovation that underpinned the company's commercial success. This is one of the most technically significant, representing the mathematical heart of what the company built and what justified its $1.5 billion acquisition by BlackBerry in 2019.