Introduction

Our core technology, NACE™, is an Intent-based Threat Prevention™ AI platform engineered to detect evasive/ AI attacks malicious attachments and URLs from first principles—eliminating dependence on traditional detection methods such as payload analysis for malware, landing page inspection for phishing, or user behavior analytics for BEC. This first-principles approach makes NACE™ inherently resilient to evasion techniques designed to hide features from exploitation stage..

The AI technologies and techniques in NACE™ perform semantic and thematic analysis to determine the purpose or deeper meaning, i.e. intent, of an email by analyzing text from the body, attachments, and subject of an email. This is achieved using fine-tuned classifiers, similarity analysis, hierarchical topic modeling, phrase-based topic modeling, and a Cross Encoder-based semantic re-ranker to derive the email’s intent. Deep contextual reasoning between the derived intent, along with the auxiliary information from Call to Action URLs,  deep file parsing results of attachments and SMTP headers in cognitive engine are then used to determine if the attachment or URLs are malicious or benign or the conversation of an email is a BEC scam. 

Use Cases

There are many use cases in detection and remediation that can be solved by establishing contextual relationships across emails. Below are some of the examples

1. Campaign Detection: In coordinated email campaigns, malicious messages—such as phishing attempts, business email compromise (BEC) communications, or those containing weaponized attachments—are typically disseminated to multiple recipients within a short temporal window. The integration of contextual reasoning of intent derived from body, subject with features derived from SMTP headers, attachments, and call-to-action URLs, when analyzed through a time-series framework, provides a robust signal for identifying such orchestrated malicious activity.
   
2. Remediation in case of Account Compromise: When an account is compromised, threat actors may leverage it to send phishing, BEC, or scam emails across inbound, outbound, and lateral (east–west) traffic. Effective containment requires disabling the compromised account, enumerating all mail recipients (including distribution lists and forwarded copies), and taking remedial actions based on the intent of each malicious email. For example, if the email’s intent is to request credentials, the system verifies whether recipients performed sensitive actions such as password entry or MFA attempts. An exposure map is then generated to prioritize affected users and systems for remediation. This process relies on understanding the intent behind the malicious verdict of each email and applying contextual reasoning to determine the appropriate remediation. For instance, if a BEC email intended to request a money transfer is sent from the compromised account, remediation would focus only on cleaning the compromised accounts.  

NACE 3.0™  Intent-based Threat Prevention™ AI Platform 

NACE 3.0™ has been designed to understand the intent of an email and use the contextual relationship across the emails for detection and remediation. The system extracts intent from emails from subject and body of an email, display name, features from SMTP headers, features from CTA URLs, attachments and also performs time series analysis. These multi-dimensional features are processed by a cognitive reasoning engine that performs contextual reasoning and inference across related emails to derive a probabilistic verdict of malicious or benign.

The results of NACE 3.0™ are highly promising. By leveraging contextual reasoning across interrelated email communications, NACE 3.0™ demonstrates the capability to accurately detect highly evasive phishing, business email compromise (BEC), and malicious attachment-based emails that are typically evading conventional detection systems. 

Phishing Campaign Detected by NACE 3.0™

Conclusion

The results achieved with NACE 3.0™ demonstrate that understanding intent, extracting features from CTA URLs, SMTP headers, and attachments, and analyzing contextual relationships across email communications provide a fundamentally more resilient framework for detecting evasive threats. By reasoning over semantic, structural, and temporal dimensions, rather than relying on features from the exploitation stage or landing URL–based indicators, NACE 3.0™ establishes a first-principles approach to threat prevention—one that remains effective even as attackers continuously evolve their evasive techniques to conceal the exploitation stage or landing URL.

NACE 3.0 also lays the foundation for an agentic model for email defense, where the custom-trained SLM will extract and leverage intent along with features from emails to perform deep contextual reasoning, derive verdicts, and take remedial action based on the class of threat.

This intent-driven paradigm not only enhances detection accuracy for phishing, BEC, and malicious attachments but also enables automated, context-aware remediation across an organization’s communication graph. The outcome is a more adaptive, explainable, and future-proof email security system capable of defending against both human-crafted and AI-generated threats.