Most malicious mail is loud — bad links, junk senders, obvious spam — and our first passes clear all of it in under a millisecond. What's left is the dangerous part: a small slice of messages engineered to look completely legitimate. CIVRA takes that slice apart in two layers. First, a purpose-built machine-learning model reads the message — its tone, its intent, the exact words — the way a seasoned analyst would. Then, if a link or attachment is still in question, CIVRA detonates it inside a sealed sandbox and watches what it actually tries to do.
A traditional filter asks: is this sender known? does this look like bulk spam? does the link sit on a blocklist? Those questions catch noisy attacks. They are useless against the most expensive one — Business Email Compromise, where there's no malware and no bad link. Just a clean, well-written message from a plausible address asking your finance lead to change wire details, or your CEO to approve an "urgent, confidential" payment.
These attacks cost businesses $2.77 billion a year because they're written to pass every reputation check. The only way to catch them is to actually understand the message — its tone, its pressure, the relationship between who's asking and what they're asking for. That's a language problem, not a filtering problem. It's the one thing rules can't do — and exactly what the deep scan is built for.
Every inbound email flows through four stages. The cheap, instant checks come first and dispose of the vast majority of mail for effectively nothing. Only the genuinely ambiguous messages — the ones the rules can't confidently call safe or dangerous — are escalated to the AI. That's what keeps the slow, careful analysis reserved for the few messages that truly need it.
A read-only copy reaches CIVRA over a secure link to Microsoft 365 or Google Workspace.
Allow/block lists, SPF·DKIM·DMARC, domain age, link & header checks — a fast risk score.
The ambiguous slice is read by a purpose-built model that judges intent and meaning.
If a link or file still looks risky, it's opened in a sealed sandbox and watched.
The model isn't matching keywords. It was trained on hundreds of thousands of real and simulated attacks to recognise the shape of a scam — the way urgency, authority and a financial ask combine into something that doesn't add up. When a message lands, it weighs three kinds of signal at once.
Manufactured urgency, secrecy, an out-of-band request, a change to payment details — the social-engineering moves that pressure a person into acting before they think.
A "CEO" emailing from a freshly-registered look-alike domain about a confidential wire is a mismatch a human notices instantly — and so does the model.
Credential-harvesting prompts, invoice-fraud phrasing, fake legal pressure — the model marks the specific phrases that drove its decision, not just a final score.
In a single forward pass, the model produces three coordinated outputs. Because they're structured fields and not free-form text, your dashboard can act on them automatically — and there's nothing for an attacker to talk their way out of.
The message is sorted into one of six threat types — or marked safe. This drives how the alert is routed and what playbook your team sees.
A calibrated severity number, so high-risk mail escalates automatically and the rest stays quietly out of the way. No alert fatigue.
The exact spans of text that drove the verdict, each tagged with severity — so the reason is always visible, never a black box.
Here's a textbook Business Email Compromise attempt — no malware, no bad link, nothing for a spam filter to catch. Watch what the deep scan sees that a reputation check never could.
Hi Sarah,
Are you at your desk? I'm tied up in a board call and can't take phone calls for the next few hours.
We're closing an acquisition and I need you to process a wire transfer of $48,500 to our new vendor before end of day. Please keep this confidential until the announcement — it's market-sensitive.
This needs to go out today. I'll send the updated banking details in a moment. Let me know once it's done.
Sent from my iPhone
Plain-English explanation This message impersonates a senior executive to push an urgent, confidential wire transfer — the signature pattern of Business Email Compromise. The display name claims to be your CEO, but replies would route to an unrelated personal address. Verify any payment change through a known phone number before acting.
Naming the attack matters — a wire-fraud BEC needs a very different response than a credential-harvesting page. The model doesn't just say "bad"; it says which kind of bad.
Impersonating an executive or vendor to redirect a payment — the costliest category by far.
Luring a recipient to a fake login or page designed to capture data or credentials.
Fake invoices, altered banking details and "overdue" pressure aimed straight at accounts payable.
Password-reset and account-security lures engineered to harvest logins.
Forged sender identity — display-name tricks, look-alike domains, failed authentication.
Attachments and links that aim to deliver a malicious payload onto a device.
It would be easy to throw every email at a giant general-purpose chatbot and ask "is this phishing?" We deliberately don't. A compact model fine-tuned for exactly one job is faster, cheaper, more private — and far safer in an adversarial setting where the input is, by definition, written by an attacker.
Some threats don't live in the words — they live behind a link or inside a file. A message can read as clean and still carry a URL that quietly redirects to a credential trap, or a document that runs the moment it's opened. When the model can't settle a live link or attachment, CIVRA stops guessing and detonates it: it opens the artifact inside a sealed, throwaway environment — fully sealed off from your network — and simply watches what it does. Real threats give themselves away when they think no one's looking.
Suspicious links, multi-hop redirect chains and QR-code destinations (quishing), plus attachments — PDFs, Office documents with macros, and archives.
Where a link really lands, fake login forms that post off-domain, files that write to disk or spawn processes, and quiet callbacks to attacker-controlled servers.
A behavioral verdict, a screenshot of the real landing page, and the indicators of compromise — domains, IPs, file hashes — all attached to the alert.
A fresh environment is built for each detonation and destroyed the moment it's done. Nothing persists.
It runs in complete isolation from your systems — whatever the threat does, it can never reach a real device.
Every redirect, rendered page, form action, download, process and network call is recorded as evidence.
"This looks suspicious" becomes "this is a credential trap" — backed by what the threat actually did.
The input is, by definition, written by an attacker — so the whole pipeline is built to never trust it blindly.
Injection patterns, null bytes and control characters are stripped first — nothing hidden in an email can tamper with how it's analysed.
Every result is checked against a strict schema — a known label, an in-range score, phrase spans that map to real text. Malformed output is rejected, never surfaced.
High-risk verdicts land in a triage queue with the score, classification and reasons attached. Confirm, dismiss, or open an incident — every decision is logged.
CIVRA can never send, edit, move or delete your mail. It only ever observes.
AES-256 at rest, TLS in transit. Message bodies are encrypted the moment they're stored.
Sensitive personal data is detected and stripped before it's retained or logged anywhere.
Your organisation's data is walled off at the database level — never co-mingled with anyone else's.
Connect Microsoft 365 or Google Workspace in minutes — read-only — and watch the deep scan catch what your filter misses. No security team required.