Learn how we built our agentic AI analyst that’s capable of performing almost all of the same tasks as a human email security analyst

Sublime recently unveiled ASA, our Autonomous Security Analyst. ASA is an end‑to‑end AI agent that can triage user‑reported emails, auto‑remediate threats, and even reply to reporters, all of which cuts MTTR without adding headcount. In the weeks since launch, early design partners have praised ASA for collapsing manual review queues “from days to minutes.” 

In our announcement post, we showed some of ASA’s capabilities for security teams. In this post, we’ll roll up our sleeves and head into the engine room to explore how ASA delivers transparent, citation‑backed verdicts.

ASA’s frontier LLM with security‑specific augmentation

ASA’s fully-agentic operations are driven by a powerful, security-specific language model. With its depth of email security knowledge, ASA can step through email analysis much like a human analyst would. 

Starting the analysis with nothing but a raw email, ASA can decide to call tools dynamically as needed. This includes tools for opening and analyzing files, identifying and following links to their end destination, looking up threat intelligence, and even creating subagents with dedicated tasks to execute.

Integrating custom knowledge and tools into the LLM in an agentic fashion gives us:

  • Open‑ended reasoning for edge-case and novel attacks that break rule‑based logic and require unstructured analysis
  • Enhanced LLM grounding that injects hard evidence from tools and a knowledge base that constrains hallucination

Why an LLM?

In short, attackers are using LLMs to speed up their attacks and the only way for security teams to keep up is to have their own LLM for handling initial triage. A defensive LLM helps take away the volume-based advantage attackers have.

An LLM with the proper email security-specific augmentation has the guardrails it needs to be able to effectively use knowledge and tools to perform email analysis at scale. Just like human analysts, an LLM can learn over time, becoming more effective with every attack it sees. Additionally, LLMs can be taught to escalate attacks to human analysts when verdict certainty is below a certain threshold.

ASA’s security‑intelligence agentic framework

ASA has the knowledge, tools, and capabilities required to be an email security analyst that triages user-reported messages.

Knowledge base and tools

ASA's proprietary knowledge base – a dynamic and continuously updated repository of the Sublime Detection team's deep expertise – is the engine powering its intelligent threat analysis. It is designed to ensure ASA stays current, containing a wealth of information on the latest email threats, attacker methodologies, and subtle indicators of malicious activity. This constantly refined knowledge empowers ASA to identify sophisticated attacks, make nuanced judgments, and deliver highly accurate verdicts.

This knowledge base is operating off the same playbook that Sublime uses to perform triage and analysis. ASA was quite literally taught by the Detection team to be an email security analyst that could work at Sublime.

Because of that institutional knowledge, ASA is able to use the same suite of tools available to Sublime customers to analyze email alerts. These include:

These tools enable ASA to conduct a thorough and multifaceted analysis of email threats, mirroring the capabilities of the human security analysts who use our product.

Subagents

ASA has the ability to spawn subagents to perform certain targeted tasks. It utilizes an agents-as-tools architecture, which allows it to employ worker subagents for parallel task execution. This means ASA can break down a complex analysis task into smaller, more manageable subtasks and assign each to a specialized subagent. These subagents work concurrently, significantly speeding up the analysis process. Once completed, ASA gathers and aggregates the results.

With LinkAnalysis, ASA can delegate a subagent to look for specific indicators of compromise (IOCs) or tactics, techniques, and procedures (TTPs) it suspects are present within the HTML of a link. For example, if ASA suspects a Meta impersonation attempt, it can create a subagent with custom instructions to look for logos, branding, or text strings associated with Meta in the HTML.

This creates an information exchange flow between ASA and its subagents. ASA, as the orchestrator, identifies potential threats and areas for investigation. ASA can then choose to investigate itself, or delegate to a subagent(s) with tailored instructions. These subagents do their specific jobs and report back to ASA. Just like a human, ASA can then take this information into account as it continues investigating and rendering a verdict.

Agentic approach

Using an agentic approach for ASA enables it to dynamically determine the focus of its investigation. Unlike constrained systems, ASA can analyze unstructured data, identify relevant elements (ex: the true phishing link among multiple links in a message) and prioritize its resources accordingly, avoiding unnecessary investigation. 

This adaptability is crucial for handling threats of arbitrary complexity, such as nested emails with linked documents leading to credential phishing sites. Such complex scenarios are difficult to address with fixed rules, but ASA can navigate them step by step, using its toolset just as a human analyst would, allowing it to reach a confident verdict even in the face of intricate and unstructured threats.

This agentic methodology allows ASA to delve into the depths of a threat, effectively following any chain of lures. It can start with raw data, pinpoint crucial points of interest, and strategically employ its tools and subagents to fully understand and respond to the threat. This flexibility is a key to ASA's effectiveness, ensuring it can handle sophisticated, real-world security challenges that traditional systems struggle with.

Bringing it all together

Using its knowledge base, tools, and agentic methodology, ASA is able to not only render a final verdict, but it can explain the reasoning it used to reach that verdict. Both can be found by clicking the View Report & Reasoning link within the message in Sublime.

Early feedback + effectiveness study

Early customer reports are extremely positive, describing ASA as one of the most valuable features to increase their security teams' efficiency and free up analyst time. Per an early adopter:

"In reviewing over 100 messages that our analysts initially reviewed without ASA's verdict, we found that ASA more accurately labeled the messages with the correct classification (e.g. malicious)."

To quantify ASA’s real‑world impact beyond early feedback, we’re launching a multi‑month effectiveness study that tracks detection accuracy, mean‑time‑to‑respond, and analyst workload across a representative customer cohort. We’ll share the findings later in the year, giving the community a transparent view of where ASA excels and where we’ll push for even greater gains.

Privacy- and security-first architecture

ASA is strictly opt‑in and is not active by default.  Once enabled, you choose where the system lives, either in Sublime Cloud (our managed SaaS) or as a self‑hosted deployment inside your own AWS account. Regardless of the model, one thing remains the same: neither the Sublime platform nor ASA’s language model retain the raw email content ingested by ASA for any reason, and data is not shared with any third-party model providers like OpenAI or Anthropic. Additionally, unless you click Share with Sublime in the platform, we do not use it to train our models.

Once ASA’s language model returns its inference, the transient payload is purged. The net result is transparent, AI‑driven analysis without long‑term exposure of your sensitive email data.

Future plans for ASA

Looking ahead, we’re focused on expanding ASA’s perceptual depth and contextual awareness. First up is deep‑dive link exploration to supplement existing LinkAnalysis functionality. ASA’s engine will execute full JavaScript in a headless browser, follow every redirect, and then apply vision‑enabled LLM analysis so it can “see” landing pages the same way a human analyst does, catching brand‑spoof logos, pop‑up forms, and other tell‑tale phishing cues that static scanners miss. 

After that, we would like to explore growing ASA’s knowledge base continuously through streaming threat‑intelligence feeds, automatically ingesting fresh indicators of compromise and TTPs as they are published and folding them into its reasoning pipeline.

Sublime firmly believes your organization's security should be tailored to your organization. Hence, we would like to aim to get organization‑specific “house rules” that let security teams encode their own policies — think instant quarantine of sign‑ups from disposable AI‑mail domains or auto‑escalation for VIP impersonation — to ensure ASA’s autonomous decisions align perfectly with your unique risk posture.

ASA is transparent , agentic AI for email security

ASA demonstrates that an agentic LLM, when coupled with an open toolset and explicit citations, can beat “black box” email security both on accuracy and on analyst trust. By keeping data in customer environments and surfacing reasoning in plain English, ASA embodies Sublime’s “open security” philosophy. 

ASA is just the start of an agentic journey at Sublime. While ASA leverages agentic architecture, it’s also just the first piece in a much larger agentic ecosystem in which other agentic AIs operate, collecting and sharing information between themselves. Just like managers, engineers, analysts, and security practitioners already do.

We’re excited to push the frontier of human‑AI collaboration and welcome community feedback on new use cases or integrations. Start using ASA now or check out sample messages with ASA outputs in the Sublime EML Analyzer.

About the Author

About the Authors

Author headshot

Aryan Luthra

ML Researcher

Aryan is a Machine Learning Researcher at Sublime, where he focuses on the intersection of AI, ML, and cybersecurity. He holds degrees in Computer Science and Physics from UC Berkeley and has previously developed ML-focused threat actor tracking algorithms at Microsoft.

Get the latest

Sublime releases, detections, blogs, events, and more directly to your inbox.

You're now subscribed. Expect a monthly email from us in your inbox.
Oops! Something went wrong while submitting the form.