Email attacks are have evolved rapidly with the help of AI, and security teams need to modernize to keep pace. Keeping up requires agentic security tools that can analyze, remediate, and harden automatically. But for security teams, handing that kind of responsibility to an AI agent isn't an easy ask. Trust has to be earned.
That's exactly the story Victor Sogaolu, Staff Security Engineer at Snyk, had to tell in our recent From Detection to Defense webinar. His experience with Sublime's AI agents – ASA and ADÉ – serves as a great example for how security teams can embrace agentic workflows without sacrificing the control, visibility, and trust they depend on.
The need to level-up email security
Snyk came to Sublime not because their security posture was broken, but because they're the kind of organization that doesn't wait for things to break. As Victor put it, "with Snyk being a fast-growing modern enterprise, we're always looking for cutting-edge, proactive ways to stay ahead of evolving threats."
The threat landscape has changed dramatically. AI-generated phishing emails don’t have the tell-tale signs that once made malicious messages easy to spot (e.g. awkward grammar, off-brand language, etc.). Attackers are spinning up new domains on the fly, spoofing legitimate senders, and sending campaigns at a scale and quality that older tools simply aren't built to handle.
The other problem? Traditional email security tools work like a black box: something gets flagged, and you have no idea why. When a false positive lands in your lap or a user reports something suspicious, your only option is to submit a support ticket and wait. With Sublime, full visibility into every detection meant the security team could respond to users faster, tune their coverage more precisely, and stop waiting on vendor support for answers they could find themselves.
A layered defense with agents at the core
What really sets Sublime apart for Snyk isn't just the transparency, it's the agentic workflow that turns detection into a continuous, self-improving defense system.
It starts with detection rules, the first gate scanning for known indicators of malicious activity. Behind that sits Attack Score, a dynamic, ML-powered safety net that goes beyond static rules to classify emails as malicious, suspicious, spam, or benign. But it's when things get ambiguous that Sublime's AI agents take center stage.
ASA (Autonomous Security Analyst) kicks in for anything inconclusive. It performs a deep-dive investigation using all the tools of the platform, pulling in signals from within the email and external sources to deliver a verdict. If ASA determines that an email is genuinely malicious and no existing detection caught it, that gap gets handed off to ADÉ (Autonomous Detection Engineer).
ADÉ is Sublime's detection-writing agent, and is a major real force multiplier. Rather than analysts spending an hour combing through an email and writing a detection from scratch, ADÉ analyzes the threat and produces detection coverage, at times surfacing angles the security team wouldn't have considered. Security reviews and approves the rule, it gets deployed, and the next time a similar attack arrives, it's caught at the first gate. The feedback loop closes, the coverage expands, and the system gets smarter.
"The way it works is pretty much like a team. I have ADÉ on the team, I have ASA on the team, and we're all working together to achieve this end goal of securing our emails."
– Victor Sogaolu, Staff Security Engineer, Snyk
Trust built over time
Adopting AI agents in a security workflow is a process. Snyk didn't walk in and hand the keys over to autonomous agents. They watched, reviewed, and verified.
The key to building trust was Sublime's transparency. When ASA flagged something or ADÉ wrote a rule, Snyk could see exactly what was happening and why. Over time, high-confidence actions required less review. Edge cases still got their attention, but the noise had been filtered out. Trust grew and spread beyond the security team.
Snyk's end users can report suspicious emails directly, and ASA automatically triages those reports and sends verdicts back to the reporter. Users who get feedback are more engaged, better educated, and more likely to flag the next suspicious email they see. The human-in-the-loop is both a safeguard and what makes the whole system work.
"You continue to build trust over time, so that even with the edge cases where reviews are needed, you're quick to check them out and they're easy to identify. In general, what you find is after a while, some things you don't even need to double-checked anymore. You just know that's covered."
– Victor Sogaolu, Staff Security Engineer, Snyk
Hunting for gaps, not filling them
The shift Victor describes is subtle but significant. His team used to be in a reactive posture, plugging gaps as attackers found them. Now, they're hunting for gaps before attackers can.
Spoofed sender campaigns that would have sailed through a whitelist-based system get caught. Attackers cycling through dozens of new domains to evade detection keep getting blocked. Victor watches the attempts pile up in the logs and just smiles.
For anyone evaluating their own email security posture, Victor's takeaway is simple: "That's where everyone should aspire to get to. You're ahead. You're not just keeping up."
"It's not just about the time that you save, it's actually about how much more you get out of it. You spend less time, but you achieve a lot more."
– Victor Sogaolu, Staff Security Engineer at Snyk
That confidence – the kind that lets a security engineer sleep soundly at night – is what Sublime's AI agents make possible. Not by replacing the human judgment at the center of good security, but by amplifying it.
Get a live demo to see ASA and ADÉ in action.
Get the latest
Sublime releases, detections, blogs, events, and more directly to your inbox.
.svg)
.avif)
