SOC Automation
AI-Powered Phishing Triage Assistant
A defensive assistant that turns reported email signals into analyst-ready triage summaries and approval steps.
Architecture snapshot
Next.js UI, server-side validation, deterministic triage engine, Supabase audit logging, and human approval checkpoints.
Problem
Mailbox reports often arrive as scattered headers, screenshots, and user comments, making prioritization slow for small teams.
Solution
Normalize synthetic email signals, classify risk, summarize impact, and recommend safe containment without opening links or producing phishing instructions.
Security controls
Synthetic data only, URL non-interaction policy, Evidence notes, Human approval gate
AI automation layer
Risk summary, Executive rewrite, Response checklist, Audit log entry
Business value
Reduces triage time while keeping analysts in control of containment decisions.
What I learned
The safest security automation is narrow, explainable, and designed around analyst review.