Sublime Security is the adaptive, AI-powered cloud email security platform that combines best-in-class effectiveness with unprecedented visibility and control.sublime.securityJoined June 2018
Attackers are now hiding prompt injection payloads inside phishing emails to manipulate AI security scanners.
We found one in the wild. Here's how it works – and how we stopped it: sublime.security/blog/adversari…
87% of suspicious emails resolved without an analyst touching them. One analyst covering the work of four.
That's what happens when email becomes a first-class signal in MDR – not an afterthought.
Full story on how @BHinfoSecurity closes the gap: sublime.security/customers/blac…
Attackers are hiding callback phishing inside real emails from Amazon, Grammarly, and Costco.
A real email, a hidden phone number, and a target who calls it.
Full breakdown: sublime.security/blog/surge-in-…
We found a phishing attack where the obfuscation was far more interesting than the social engineering.
The payload was hidden in an SVG using "business term steganography" – financial jargon as a cipher. To a scanner, metadata. To the attacker, one piece of a multi-layer obfuscation chain.
Breakdown: sublime.security/blog/kratos-ph…#cybersecurity#emailsecurity#phishing
The security industry has raced to claim "autonomous AI." The evaluation frameworks haven't kept up.
Join us on June 24 to cut through the noise – and build a real framework for evaluating agentic AI in security.
🔗 sublime.security/events/trust-t…#cybersecurity#agenticAI#infosec
Attackers run agentic AI workflows that phish at scale, 24/7. One-size-fits-all email security wasn't built for this.
See how Sublime gets ahead of novel AI attacks → June 23, 1:00 p.m. ET / 10:00 a.m. PT
event.on24.com/wcc/r/5353748/…#cybersecurity#emailsecurity
Honored to be included in @Redpoint’s 2026 InfraRed 100 alongside so many innovative infrastructure and AI companies building the future of software.
See full list here: redpoint.com/infrared/repor…
Most conversations about “autonomous AI” focus on capability.
The harder question is trust.
We put together a new framework for evaluating security AI autonomy, including the 5 levels of autonomy and what it actually takes for security teams to hand over control safely.
🔗 sublime.security/resources/trus…
Excited to share that Valimail is now an official Sublime Security alliance partner! 📷
Valimail locks down outbound authentication to block spoofing and impersonation at the source. Combined with Sublime's tailored inbound detection that's purpose-built to catch BEC, targeted phishing, and vendor compromise with full transparency and control — it's a stronger defense across the full email attack surface.
Check out Valimail's announcement to learn more: valimail.com/blog/introduci…
🚨 Threat actors are now using JavaScript virtual machines to hide phishing payloads inside HTML attachments.
Sublime Threat Intelligence and Research (STIR) observed FlowerStorm operators adopting KrakVM just weeks after its release.
The campaign included:
• VM-based obfuscation
• Credential harvesting
• Real-time MFA interception
A key takeaway: advanced obfuscation is becoming easier to operationalize.
Our latest research breaks down the attack chain and what defenders should watch for next.
sublime.security/blog/flowersto…#Cybersecurity#Phishing
“Autonomous” is everywhere in security AI right now.
But most products are still in the assisted or guided stage, not true autonomy.
One thing we’ve learned:
Autonomy is not a feature. It’s earned trust.
We built a framework for evaluating trustworthy AI:
- The 5 levels of AI autonomy
- How to evaluate vendors beyond demos
- Why evidence matters more than claims
sublime.security/blog/introduci…#Cybersecurity#SecurityAI
🏆 Excited to share we are finalists in the 2026 Security Awards by The Cloud Awards!
We're honored to be recognized for our work in email security alongside some incredible companies.
👉 cloud-awards.com#CloudAwards#SecurityAwards#Cybersecurity
Excited to announce: Sublime has been named a Rising in Cyber 2026 honoree! 🏆
Selected by 150 active CISOs, this list recognizes the 30 most promising cybersecurity startups shaping enterprise security, and we're proud to be recognized for our work in email security.
🔗 notablecap.com/risingincyber#RisingInCyber#AISecurity#Cybersecurity
🚨 Quarantine Digests are now generally available for all Sublime Enterprise customers.
Security teams shouldn’t have to choose between:
❌ one-click user releases
❌ endless “where’s my email?” tickets
With Quarantine Digests:
✅ Users see what was quarantined
✅ Users can request releases directly
✅ SOC teams approve every restore
✅ Every action is fully audited
The result: Fewer help desk tickets. Faster workflows. No loss of control.
Read more: sublime.security/blog/quarantin…
Most prompt injection examples online are attention-grabbing, but not what we’re seeing in email security.
<1% are direct “ignore previous instructions.”
Instead: indirect prompt injection influencing AI-driven classification.
Attackers:
• embed benign-looking HTML
• dilute malicious signals
• push toward a benign verdict
Not overrides. Influence within design.
Breakdown + real examples: sublime.security/blog/prompt-in…#CyberSecurity#AISecurity#EmailSecurity#PromptInjection
BEC was driving At-Bay’s financial fraud losses.
Legacy tools weren’t catching increasingly sophisticated attacks.
After switching to Sublime:
• ~100% reduction in BEC fraud losses
• Detection of attacks others missed
• Deployment in <48 hours
How they did it: sublime.security/customers/at-b…
AI content is everywhere.
Most “AI tells”? Noisy.
But used right, they still work.
May 13: Alex Orleans + Luke Wescott on making AI signals useful.
• Real-world examples
• Signal stacking
• Less analyst work
Register: sublime.security/events/ai-sign…
Sublime is now 100% channel-led.
Our partner program launches today.
Deliver agentic email security that adapts in hours, with transparent decisions and control when you need it.
🔗 Learn more: sublime.security/blog/sublime-i…
43K Followers 2K Following#infosec engineer | all things gaming | void hunter | will shitpost | i like to lift weights & play piano | los angeleno currently in twin cities | fight on✌️
0 Followers 42 FollowingAI that catches phishing, wire fraud & data leaks in your Gmail before your team sees them. Enterprise compliance for $29/mo. No IT required. Built with @Mistra
4K Followers 1K FollowingSenior Security Research Engineer @elastic | Opinions are my own | Rust | Ex-Red Team | Security & Systems Dev | https://t.co/QIih2B7vya https://t.co/VC3xsm0Wvq
7K Followers 882 FollowingThreat researcher, malware analysis, RE, incident response, with some old school forensics and CTFing. Apologetic ginger. These are my personal opinions
517 Followers 240 FollowingIn pursuit of finding peace from mind.
Head of Design @sublime_sec — Previously cofounded @KinHabits and led design at @AltoPharmacy & @CoatueMGMT
3K Followers 744 FollowingThe intelligent workflow platform that helps teams securely scale AI and automation
Try our always-free Community Edition. https://t.co/1od0fSLxkA
7K Followers 580 FollowingFounder and CEO of Security Onion Solutions. I post mostly about Security Onion, SO-CRATES, and OhMyDebn. Believer, husband, father.
11K Followers 138 FollowingStrengthening trust and safety across the Internet, by being the authority on IP and domain reputation.
Mastodon: @[email protected]
826 Followers 3 FollowingEmailRep analyzes and predicts the relative risk of an email address. Use EmailRep to identify phishing attacks or fraudulent accounts. Run by @sublime_sec