Sublime Security has launched Autonomous Detection Engineer (ADÉ), an AI agent built to match the speed of today’s email attacks. ADÉ writes, tests, and validates new protections as threats emerge, eliminating the lag of vendor updates that often leaves teams exposed.
Closing the Adaptation Gap
Email attacks are evolving faster than traditional defenses can adapt. Generative AI allows adversaries to create targeted campaigns that shift tactics quickly. Most email security platforms rely on periodic updates that leave organizations exposed during that lag. ADÉ is built to eliminate that delay. It ingests attack telemetry, identifies new patterns, and produces environment-specific detections that are explainable, transparent, and ready for analyst review within hours.
Ian Thiel, co-founder of Sublime Security, explained to MSSP Alert how ADÉ differs from traditional email security approaches.
"Other security vendors utilize a ‘black box’ architecture for threat detection and a one-size-fits-all approach with uniform logic for all customers. These traditional solutions rely on vendor-initiated coverage reports which lack speed and customization, leading to crucial gaps which can leave teams exposed. Recognizing that no organization has the exact same coverage needs, ADÉ, working together with ASA, Sublime’s Autonomous Security Analyst, breaks this mold by using a distributed, multi-agent model that analyzes new attack patterns to write, test, and validate new tailored coverage.”
He added that the advantage is not just speed but clarity. "With the addition of ADÉ, Sublime can autonomously generate protection against new attacks within hours, not weeks. Its speed is complemented by its explainability for analysts of all experience levels,” Thiel said.
ADÉ operates as part of Sublime’s broader AI-driven platform. Its counterpart, the Autonomous Security Analyst (ASA), triages suspicious or user-reported messages and maps attacks to known Tactics, Techniques, and Procedures. Using that analysis, ADÉ generates new behavioral detections through Sublime’s proprietary Message Query Language. Before deployment, each proposal is backtested against historical data to confirm accuracy and reduce false positives. Analysts remain in control, with final authority to approve or adjust protections.
Built for MSSP Scale
For managed security service providers (MSSPs), speed and explainability are just as critical as accuracy. Thiel outlined how ADÉ supports these requirements across multi-tenant environments: "Speed to protection is a key differentiator. Traditional security, whether waiting for vendor updates or manually authoring coverage, creates detection gaps of days or longer. ADÉ compresses that to hours. It turns missed or user-reported attacks into tenant-aware detection coverage in one to four hours, with backtests and hunts before approval.”
Equally important is the ability to prove value to clients.
"Proving value is impossible when vendor updates are a ‘black box,’” Thiel noted. “ADÉ is transparent and auditable by providing reasoning, historical backtests, and audit logs - plus human-in-the-loop by default with optional policy-gated auto-activation. By general availability, it will provide full summaries of detection logic and rationale.”
ADÉ also helps MSSPs scale services across dozens or hundreds of clients. As Thiel puts it: "It acts as a force multiplier for analysts by offloading repetitive drafting and validation so experts can focus on hunts and client strategy. It standardizes workflows across tenants, allows faster rollouts without waiting on vendor queues, and provides evidence to strengthen your role as an expert advisor. Most importantly, it reduces vendor dependency - you control the timelines for new protections.”
Continuous Learning With Human Oversight
Unlike static rules or one-size-fits-all updates, ADÉ builds protections tailored to the specific customer environment. Each detection is documented with a clear explanation, creating both transparency and a training resource for human analysts. The system runs as a closed loop - learning from new attacker behavior, refining coverage, and ensuring past threats would have been stopped under the new protections.
Thiel emphasized that this shift moves the industry away from reactive defenses: “In short, ADÉ delivers hours-level protection with audit-ready explainability, letting MSSPs scale service quality, prove client value, and build a more defensible business than competitors who rely on slow, black-box solutions.”
The introduction of ADÉ follows Sublime’s earlier release of ASA and comes on the heels of its $60 million Series B funding round. ADÉ is now available to Sublime Enterprise customers across Google Workspace and Microsoft 365.
