Detecting Email Attacks with Generative LLMs

We're excited to share that we've integrated with GPT-4, a state-of-the-art LLM developed by OpenAI, to enhance the detection of sophisticated email attacks.
October 25, 2023

Cybersecurity is a complex, never-ending battle of wits. As technology advances, so do the methods employed by attackers. In recent times, we've seen a rise in the use of AI for both defensive and offensive purposes. In short, the same technology that helps us stop attacks can also be used to launch them.

We've turned this challenge into an opportunity. We are excited to share that we've integrated with GPT-4, a state-of-the-art large language model (LLM) developed by OpenAI, to enhance our ability to detect sophisticated email attacks.

Security Analysts Tools: Leveraging an AI Copilot for Streamlined Analysis

Our security analysts now use GPT-4 through the secure Azure API as a tool in their arsenal. This has allowed our team to make more confident decisions faster through a ChatGPT-like window that can be used for various open-ended questions.

Depending on what an analyst asks, the GPT-based chat agent can:

  • Search for similar messages by writing dynamic elastic search queries

  • Look up suspicious attributes from our vast feature store

  • Summarize an email’s processing logs or compare it to another email

  • Interact with our internal databases and scanning tools

Generative LL Ms CSI Copilot

Message Labeling: Deep Understanding for Advanced Screening

In some instances, we can use GPT-4 at a near-human-trained level of accuracy to determine if a message is malicious.

Combining more advanced variants of a prompt like "you are a security analyst; label this email" with an internal vector store of labeled messages, we can reliably scan for messages that our primary system falsely detected or missed while providing simple explanations to help identify trends and patch the system. This helps scale our labeling resources and decrease our response latency for misclassifications.

Generative LL Ms Message Label

Model Bootstrapping: Using GPT to Boost Existing Models

While GPT-4 can detect novel security tasks with little to no training data, the costs of running such a large model quickly become infeasible for the billions of messages we process every day.

Instead, for our high-volume detectors, we have pipelines to generate synthetic data with GPT-4 that lighter-weight models are trained on. This allows us to rapidly prototype and launch task- or attack-specific models without the need for human labeling, while still being able to serve high-accuracy models at scale.

The Future of Email Security

We believe that the future of email security lies in the intelligent use of AI. We're continuously exploring new ways to harness the power of AI to improve our detection capabilities, and the integration of GPT-4 is just the beginning.

Our vast datasets across attack types allow us to train our own large language models, and we're excited to leverage this to provide the best possible protection for our customers.

We're looking forward to sharing more about how we're using AI to enhance our capabilities in the future. In the meantime, if you want to learn more about how Abnormal detects the most sophisticated attacks, request a demo today.

Interested in learning more about how Abnormal can help your organization protect more, spend less, and secure the future? Schedule a demo today.

Schedule a Demo
Detecting Email Attacks with Generative LLMs

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More