DEV Community

Mark0
Mark0

Posted on

Train, triage, repeat: The AI agent changing how we fight phishing

With the rise of AI-powered phishing attacks, which reached over 3.8 million incidents in 2025, security teams are facing unprecedented scales of triage. Red Canary has addressed this challenge by implementing an AI triage agent that utilizes a complex graph workflow of orchestrated subagents. This system moves away from a single "catch-all" model toward specialized nodes for email parsing, enrichment, and feature extraction, achieving a 94% accuracy rate through precise agentic loops.

The architecture combines traditional boolean logic with advanced Natural Language Processing (NLP) to extract rich features, such as sentiment and intent, from suspicious emails. A deterministic rules engine ensures reliability by pairing TTP-level detection with atomic indicators, while a hybrid AI/ML classification model handles cases where specific rules aren't met. By maintaining a human-in-the-loop feedback cycle, analysts can focus on bespoke threats while the agent handles the bulk of high-volume triage, providing transparent explanations for every decision.


Read Full Article

Top comments (0)