ADÉ (Autonomous Detection Engineer) is our AI agent that automatically generates org-specific coverage. Since its public beta in September, teams have been using ADÉ to turn novel email attacks into new detections in hours, not weeks or months.
Today, we're making ADÉ generally available for all Sublime Enterprise customers – with full autonomy, broader coverage, and complete transparency into how every detection is generated. And unlike vendor model updates that have to work across every customer, ADÉ only has to work for one: you.
"What's compelling about ADÉ is the shift from static defenses to a system that actively improves our specific coverage. The promise of an agent continuously tailoring and backtesting new protections for our environment is a force multiplier. It means our defenses don't just work, they evolve, and we get the benefit without having to do the work."
– Roger Allen, Senior Director, Global Head of Detection and Response at Sprinklr
Fully autonomous, with full visibility and control
With this GA release, ADÉ can now run end-to-end without analyst intervention – from picking up a newly reported threat to generating and accepting a high-confidence detection. With Sublime, security teams are always in control: optionally have a human-in-the-loop and customize ADÉ's efficacy acceptance thresholds. Here's how it works:
- ADÉ is triggered manually by a security analyst, or automatically by ASA (new)
- ADÉ generates new detection coverage and backtests its ideas
- ADÉ iterates based on the backtest result, trying to maximize efficacy
- If ADÉ's coverage recommendation clears the configured efficacy threshold, it's auto-activated (new)
Whether you want full autonomy or human sign-off on every detection, ADÉ adapts to how your team works.
Full coverage for spam and graymail
During beta, ADÉ created new coverage for malicious messages. In GA, ADÉ now generates coverage across malicious, spam, and graymail – so new threats don't slip through the noise. If auto-start is enabled, messages are automatically passed to ADÉ. Teams can also send messages to ADÉ manually.
Transparent, actionable summaries and audit logs
ADÉ now surfaces its full chain of thought – an explanation of everything it considered during the detection-building process, from initial analysis through Hunt iteration. Combined with audit logs that show exactly what information ADÉ reviewed, teams can trace every step of the recommendation. This transparency helps analysts learn how ADÉ approached the problem and build trust in the output.
Detection labels
ADÉ labels new coverage by Attack Type, Tactics and Techniques, and Detection Methods. This makes it easy to understand what ADÉ caught, how it caught it, and where it fits in your broader coverage map.
Built for SOC workflows
ADÉ fits into the workflow you already have rather than creating a new one. Jobs are stored alongside your existing detection and investigation data, so there's no new tool to manage. Analysts can cancel and restart jobs, and leave comments during review to capture context for the team.
Get started
The more ADÉ runs, the tighter your coverage gets. Every new threat becomes the input for the next detection.
ADÉ is now generally available for all Sublime Enterprise customers. Book a demo to see how ADÉ turns novel threats into detections – autonomously.
Get the latest
Sublime releases, detections, blogs, events, and more directly to your inbox.
.svg)
.avif)
