Sublime Security Platform
AI-powered email security with transparent Detection-as-Code and autonomous threat engineering.
Vendor Information
Sublime Security Platform Overview
Sublime Security is an adaptive, AI-powered email security platform that combines transparent Detection-as-Code with autonomous threat engineering to stop Business Email Compromise (BEC), phishing, malware, and account takeover attacks. The platform features Message Query Language (MQL), the first universal domain-specific language for email security, enabling security teams to write, test, and deploy custom detections in minutes rather than months, similar to how osquery works for endpoints or YARA for binaries.
Sublime's multi-agent AI system includes the Autonomous Security Analyst (ASA) for automated triage of user-reported emails and the Autonomous Detection Engineer (ADÉ) that analyzes attack patterns and generates new detection rules. The platform combines AI-driven detection using Natural Language Understanding (NLU), Computer Vision, OCR, and QR code analysis with behavioral analysis and threat hunting capabilities. Unlike black-box solutions, every detection is human-readable and auditable, with approximately 200 community-contributed detections published on GitHub.
Founded in Washington, DC in 2019, Sublime serves Spotify, Reddit, Brex, Elastic, and Ramp, growing entirely through word-of-mouth without cold outreach or paid advertising. The company raised $60 million Series B in December 2024 led by IVP, bringing total funding to $93.8 million. Sublime offers a self-hosted Core platform free at any scale, with the first 100 inboxes free in its SaaS environment.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Classifies newsletters, marketing email, and bulk communications as a separate category from threats, reducing analyst noise without suppressing legitimate business email.
Assesses the email communication risk posture of external supplier domains, flagging suppliers with poor email authentication, recent domain registration, or anomalous communication patterns.
Detects signs of internal mailbox compromise (anomalous login geography, mail forwarding rule creation, unusual send volume), and can trigger automated session revocation.
Automates the intake, deduplication, and triage of user-submitted suspicious emails, cross-references against in-flight campaigns and triggers retroactive remediation across all recipients.
Integrates via Microsoft 365 or Google Workspace APIs without requiring MX record changes, enabling parallel deployment alongside an existing SEG and post-delivery remediation.
Detects compromised or spoofed third-party supplier accounts by analyzing communication pattern deviations, domain aging, and content signals, targeting invoice fraud and payment redirection attacks.
Builds per-user and per-vendor communication baselines from historical email patterns to detect anomalous content, timing, or sender behavior without relying on signatures or blocklists.
Analyzes email body text semantically to detect social engineering, pretexting, and urgency manipulation in messages that contain no malicious attachments or URLs.
Integrations
Compatible tools and platforms
Solution Details
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile