blog.cloudflare.com
|
ksl
|
|
Cloudflare built an LLM-driven pipeline into its email security stack that hunts phishing patterns before users ever report them. The core problem is survivorship bias – traditional filters only improve where attacks already got through, leaving invisible blind spots untouched. Their system processes millions of messages daily, clustering them by linguistic traits like manufactured urgency and social proof, then feeds that into a purpose-built sentiment model trained specifically on sales outreach phishing. The results are concrete: a 20% drop in reported misses between Q3 and Q4 2025, with Q1 2026 trending toward a two-thirds reduction. Microsoft, Google, and Proofpoint have all started layering LLM classifiers into their mail pipelines over the past year, but Cloudflare’s approach of targeting narrow phishing categories individually rather than building one broad classifier is a different bet.
