Cloud-security's central UX fight is the agent. Security teams want coverage of every workload; platform and DevOps teams resist installing software on each one because agents add overhead, break deployments, and never reach everything. Agentless scanning is the architecture that tried to end that fight — coverage without the agent.
Orca Security's US11943251B2, “Systems and methods for malware detection” (issued March 26, 2024; CPC H04L 63/1433 — vulnerability assessment, G06F 21/568 — detecting malicious modification of data, and G06F 9/45558 — virtualization), describes detecting malware across cloud workloads. Read it at US11943251B2.
Mechanically, agentless detection reads the cloud provider's own snapshots and data layer — the disk images and metadata the cloud already holds — to scan workloads for malware out-of-band, without touching the running instance. The virtualization CPC tag points at this: analyze the workload's storage and state rather than running code inside it.
Why this is a business story: agentless was the wedge that let a new generation of cloud-security companies — Orca and Wiz most prominently — displace incumbents fast, because they could show full-estate coverage in hours instead of a multi-quarter agent rollout. That speed-to-value translated into historic growth: Wiz's trajectory drew a reported multibillion-dollar acquisition interest from Google. The agentless-versus-runtime debate is the defining strategic argument in cloud security, and this Orca grant stakes the agentless position.
The grounded read: agentless cloud malware detection delivers coverage by reading the cloud's own data layer instead of installing on each workload. Orca's 2024 grant names that approach — the wedge behind the fastest-growing segment of cloud security.