We’re excited to announce the launch of our new Phishing Detection API!

This latest addition to our AI-powered security platform detects phishing attacks across text, document, email, and URLs inputs.

Why phishing detection matters in modern workflows

Despite spending decades at the forefront of our concerns, phishing remains one of the most persistent and successful attack vectors in enterprise security.

Unlike years past, attackers are no longer limited to poorly written emails with obvious red flags. Today’s phishing campaigns leverage AI to generate highly convincing content at scale, and they often embed malicious links inside documents and attachments more effectively than before. On top of this, they now target our inboxes and our internal workflows, exploiting weakly secured file upload portals and collaboration tools.

As GenAI tools become more accessible, the scale and sophistication of phishing campaigns continue to increase towards a higher average standard. As a result, organizations need real-time detection at network entry points before phishing content can reach users or downstream systems.

What the Phishing Detection API does

Cloudmersive AI Phishing Detection identifies phishing (and other unsafe content) across multiple input types. These include text strings (e.g., sales lead inputs), documents (e.g., file uploads in PDF, DOCX, JPG, PNG, etc. format), emails (EML, MSG, and HTML bodies) and URLs (e.g., those with redirects leading to unsafe websites).

The underlying AI model analyzes semantic intent and deceptive language patterns in all the above input categories. It fully examines URLs to determine whether they lead to unsafe sites.

The result of AI Phishing Detection analysis is a clean result response (true or false) and a confidence score which indicates how confidence the model is in its assessment. Customers can also elect to include an analysis rationale with their response which explains and justifies the clean result and confidence score results in natural language.

Phishing Detection API methods

The Phishing Detection API library primarily exposes four phishing detection methods. These correspond to the input types mentioned above.

1. /phishing/detect/text-string/advanced: This method accepts text input and provides optional flags for allowing unsolicited sales, promotional content, web urls, phone numbers, and email addresses. It also allows additional input context regarding where the text came from (such as input names, phone numbers, or email addresses).
2. /phishing/detect/file/advanced: This method accepts file inputs, and it determines whether documents contained unsolicited sales, promotional content, web urls, phone numbers, or email addresses in the API response. When unsafe URLs are detected in a document, they’re added to an unsafe URLs array for easy parsing.
3. /phishing/detect/email/advanced: This method accepts email inputs, and it offers optional flags for allowing low reputation senders or sanctioned senders. Email HTML bodies can be passed directly into an html body string parameter. Note that this method is built into Email Protect, and we recommend that product to customers over custom integrations with email servers.
4. /phishing/detect/url/advanced: This method exclusively accepts URL inputs, and it returns a phishing risk level score to quantify a URL’s phishing risk. It also identifies whether a URL is an SSRF threat.

All the above methods also allow custom policy ID inputs. These correspond to custom policies created by Cloudmersive customers.

Integration with the broader Cloudmersive platform

The Phishing Detection API works seamlessly in conjunction with other Cloudmersive APIs, including the Virus Scan API, Fraud Detection API, and Document AI API.

For example, you could implement Phishing Detection directly after the Virus Scan API checks a document for malware, and directly before the Document AI API classifies or extracts data from that document.

The Phishing Detection API is also built into Email Protect, which offers 360-degree AI powered protection for enterprise email inboxes.

Flexible deployment models

As always, Cloudmersive customers have the option to deploy the Phishing Detection API following several unique deployment models:

• Managed Instance deployments leverage dedicated, managed infrastructure with SLAs, customizable deployment, and security.
• Private Cloud deployments can take place on the customer’s premises or in a cloud platform of their choice.
• Public Cloud deployments leverage Cloudmersive’s multi-tenant public cloud offering.
• PaaS deployments take advantage of Azure App Service or Azure Kubernetes Service offerings.
• Government Cloud deployments take place in a specified government cloud region, suiting the data governance requirements of government entities.

Learn More

We’re excited to bring AI Phishing Detection to your enterprise!

If you’re interested in learning more about Cloudmersive AI Phishing Detection, please visit the [Phishing Detection API](Phishing Detection API - Cloudmersive APIs) home page and reach out to a member of our sales team to set up a demo.