ASA expanded: Eliminate review queue bottlenecks with AI agent coverage of flagged messages

In the new year, operational efficiency is top of mind for all security teams. Our initial release of Autonomous Security Analyst (ASA) – our AI triage agent – provided automatic coverage for user reported emails. Depending on the size of an organization, ASA saves days of work for security teams tasked with manually reviewing messages that their end users are suspicious of.

Today, we are excited to announce we’ve extended ASA’s coverage. Specifically, ASA now analyzes messages that Sublime has flagged as suspicious or unknown, as these two verdicts would have previously required further analysis by the security team.

This expanded coverage means that Sublime can accurately and confidently automatically triage over 99% of the emails received by an organization. This means security analysts can shift their time from manual triage to oversight of edge cases and shrink the window where end users can interact with potentially malicious mail.

"Extending ASA to flagged messages allows us to better handle nuanced, suspicious messages that typically require more manual intervention, giving time back to our analysts."

– Ryan Glynn, Staff Security Engineer, Detection & Response at Compass

The power of agentic security

We recently published a blog on the power of our AI agents. The tl;dr of that post is that our agents are so effective because they have access to all the same tools and intelligence that our human detection engineers use. Our agents are a native component of the Sublime platform, so they have the full strength of the platform behind them, along with seamless orchestration.

Prior to ASA’s expansion, when a message received a suspicious or unknown verdict, a human would need to perform further analysis. To perform their analyses, they would use the ML-powered enrichments and tools of the platform, like Natural Language Understanding, file explosion, link analysis, and more. Now, ASA uses all of those tools on flagged messages autonomously.

How it works

When an email comes in, the first level of Sublime analysis gives it a high-confidence verdict of benign, malicious, spam, or graymail. When Sublime has less confidence in a verdict, it labels them suspicious or unknown.

Previously, these messages warranted a deeper investigation and a human analyst would step in to make a final decision.

Now, ASA can run a full analysis of this filtered down list of messages automatically, and provide a high-confidence verdict with automatic triage – quarantine, move to trash, move to spam, etc. – without any human interaction. As it already did with user reports, ASA provides a verdict, high-level overview, executive summary, and a full explanation of the decision for review.

ASA on flagged message has already been widely deployed as a pre-release across many customers and prospects environments with consistently positive feedback. Currently, we’re seeing a 99.7% reduction in human analyst interaction in email triage.

Drive operational efficiency with ASA

ASA on flagged messages has ushered in a new level of automation at Sublime. With ASA’s expanded coverage, teams have less reason than ever to interact with email security in their day to day. It’s truly a “set it and forget it” solution without sacrificing efficacy.

For existing customers, start using ASA on suspicious and unknown messages by enabling the  Send suspicious messages to ASA automation.

If you’re not a customer and want to see ASA in action, get a live demo today.