How Snyk Leveraged Modernized Email Security for Unmatched Transparency and Adaptive Control
40K
malicious emails auto-remediated per quarter
80%
faster user report investigation
Discover Sublime
When we find a new threat, we don't have to raise a ticket and wait for a black box vendor to make the change. With Sublime, a new detection can be deployed and tested in minutes.
Snyk is an AI security company that empowers organizations to build fast and stay secure by unleashing developer productivity and reducing business risk. Serving thousands of developers worldwide, Snyk’s culture of innovation makes security central to its identity and mission to protect users from evolving threats.
Snyk's security team understood that while AI is essential for modern defense, the static nature of “black box” models limited the required agility to keep pace with evolving AI-powered attacks. To defend against sophisticated, AI-powered attacks, they needed transparency into detection logic and the agility to rapidly adapt protections. Within weeks of deploying Sublime, the team gained both while reclaiming hundreds of analyst hours.
As a security-first company, Snyk's team recognized that their existing email defense lacked the granular visibility and rapid adaptability necessary to keep pace with evolving threats. While their previous tool provided baseline protection, the detection logic was opaque, creating delay in investigations and tuning.
“Email security before Sublime was a black box,” said Victor Sogaolu, Staff Security Engineer at Snyk. “You deploy a tool and it protects you, but what is it doing? What’s the criteria? As a security professional, I couldn’t see what was happening in the background.”
For a team that prioritizes transparency and control, the existing solution's limited visibility created an operational bottleneck. Investigating potential threats or tuning for false positives involved vendor-dependent ticketing and delays, which slowed down the feedback and improvement cycle.
At the same time, the threat landscape was evolving. “The things people looked for in a phishing email a few years ago don’t apply anymore,” Victor noted. “Attackers are using AI to craft convincing messages and bypass security tools. You can get an email from a trusted domain, and it could still be phishing.” This shift toward sophisticated, tailored attacks is measurable: 90% of malicious emails are now customized specifically to each targeted organization, a 12% increase year-over-year according to Sublime's threat intelligence.
The team was spending a lot of time investigating emails, with each taking up to five minutes and false positives adding to the noise. To maintain their high standards, Snyk's security leaders proactively sought a solution that delivered the transparency, control, and adaptability required for a modern, security-first organization.
When evaluating new solutions, Snyk had clear criteria: reduce false positives, modernize deployment, improve speed, and gain visibility into detection logic. The team needed to see not just what was blocked, but also why and how they could adapt protections as threats evolved.
What set Sublime apart was its distributed architecture, which delivers intelligent automation without sacrificing the transparency and control Snyk required. Sublime's transparent detection logic, accessible via Message Query Language (MQL), gave the team full visibility into every automated decision. This meant Snyk could modify rules and adapt quickly without vendor bottlenecks.
"We don't have to raise a ticket and wait for a black box vendor to make the change," Victor explained. When a new threat is identified, the team can immediately understand the gap, adjust coverage, and verify the fix will work.
But Sublime's real strength came in pairing this transparency with intelligent automation. Sublime’s Autonomous Security Analyst (ASA) automates triage and investigation, while the Autonomous Detection Engineer (ADÉ) proposes new coverage when a new threat is identified. This team of specialized AI agents uses purpose-built tools to handle the heavy lifting, preserving the visibility and control that Snyk values. Rather than writing every detection rule from scratch, ADÉ analyzes missed threats and generates coverage tailored to Snyk's environment.
The ability to test proposed rules before deployment was crucial, representing a fundamental shift in efficiency while maintaining the transparency Snyk required.
The transformation in Snyk's email security operations wasn't just about blocking more threats. It was about fundamentally changing how the security team spent their time and building confidence in automated protections.
In a single quarter, Sublime processed millions of emails across more than 1000 mailboxes, auto-remediating 40,000 emails without analyst intervention. The impact on investigation time was equally dramatic. What previously took one to five minutes per user report now takes less than a minute, often just a glance.
This efficiency came from building trust in both the detection rules and the platform. False positives improved overall as Snyk uses Sublime's layered approach: when a detection rule flags something, ASA provides a second level of verification. "Things that would have been immediate false positives don't worry me too much because I have the safety net of ASA to double-check detections." This catches potential mistakes before they impact users.
The time saved is now reinvested in high-value initiatives, like threat hunting and proactive defense—work that was previously sidelined by reactive email triage. User reporting transformed as well. Instead of emails disappearing into a black hole, users now receive immediate analysis and clear verdicts explaining whether a message is malicious, benign, or even a phishing simulation.
As AI continues to reshape the threat landscape, Snyk's email security posture adapts in real time.
But when asked about his top reason for recommending Sublime, Victor didn't lead with features or technology. "Everything is based on relationships at the end of the day. We might be using tools, but ultimately, it's people that are behind these tools, and that's what feeds into everything."
With Sublime, Snyk found more than an email security platform. They found a solution that matches their pace of innovation and a partner that shares their commitment to security excellence.
The top reason I recommend Sublime would be the people. They're responsive, they listen, and they're genuinely invested in our success. That's what builds trust over time.
ADÉ handles the bulk of the manual work for me. It completes most of the process, leaving me with just a fraction of the task to review.
I don't even have to open user reports. I know I can just glance and carry on. If I need to dig into an alert, it takes less than a minute now.
See how Sublime delivers autonomous protection by default, with control on demand.
.svg)
