I think all AV That have a capability of
heuristic detection or behavioral detection
Apply some sort of machine learning
I think ML technology has to be used in conjunction with other technologies because there is an actual problem.
A considerable part of the malware that is currently around, is represented by families with a large number of variants of the same malware.
Considering the high amount of sample, the model can actually “learn”; it acquires the ability to detect future threats (within certain limits, of course). In this case, therefore, the machine learning works well.
But it often happens that the family is made up of just some samples; sometimes, it can even count a single sample. This can be done, simply, in the case in which the malcoder is not worried about the AV detections: we suppose, for example, that his malware has been detected according to the specific malicious behavior and that the author of the code, does not want to counteract the action of the security solution, then decided to attack only the users that are using antivirus that does not have good malware detection based on the malicious behavior: in this case, it is very difficult to instruct a security model; the process of generalization is then impossible (and it represents the essence of machine learning). One or two samples of the malware, then, are not sufficient to be able to implement machine learning. In this case, it is much more efficient to proceed to the detection of the threat by using well tested methods: hash/signatures based and additional methodologies.
Another example of particular relevance is then made by the targeted attacks. The author of this attack is not going to spread new variants of the malware, but his goal is to fly under the radar.
So, my conclusion: it is absolutely reasonable using a variety of tools, to deal with the various situations that may arise. A multi-layered protection is certainly much more effective than a mono-layered protection; we can not certainly refuse to resort to the use of a truly effective solution only because it is something that, perhaps, “not following the fashion” of the moment.