What detection technique in antivirus software collects data from multiple systems instead of analyzing files locally?

Cloud-based detection works by sending data from many endpoints to a centralized cloud where it is analyzed with global threat intelligence, machine learning, and correlated signals. The antivirus agents on individual machines collect metadata, file hashes, reputations, and sometimes samples, then share this information with the cloud. The cloud processes it across millions of systems, enabling rapid identification of new or unknown threats that a single device might not recognize on its own. Because the heavy analysis happens in the cloud and draws from broad telemetry, the local device doesn’t have to rely solely on its own data, and updates to detections can be pushed out quickly. This contrasts with approaches that primarily operate on the device: signature-based detection relies on known patterns stored locally or in the cloud for matching, heuristic analysis examines suspicious code locally for malicious characteristics, and behavioral monitoring watches runtime actions on the device. None of these inherently depend on aggregating data from multiple systems in the way cloud-based detection does.