WhiteMail
ブログに戻る
·White Baek · Founder#founding-story#agentic-ai#shieldai

Building WhiteHat — why four agents, not one model

An obvious early question for any AI email security product: why not just feed the whole email into one large model and ask, "is this malicious?"

We started exactly there. It is the shortest path to a demo. It is also the wrong shape for the problem, and the reasons taught us how WhiteHat should actually work.

What one big prompt gets wrong

A single monolithic judgment has three failure modes that matter in production:

  1. It blurs very different kinds of evidence. Whether SPF passed is a verifiable fact. Whether a message feels coercive is a judgment. Whether a display name matches a domain is a lookup. Forcing all of that through one undifferentiated prompt makes the strong signals and the soft signals indistinguishable — and the model averages them into mush.
  2. It cannot explain itself cleanly. When the answer is one number from one prompt, the "why" is a post-hoc story. You cannot point to the step that mattered, because there were no steps.
  3. It is hard to improve. When something is missed, there is no component to fix — only a prompt to nudge, which quietly regresses something else.

The shape that worked: specialists plus an orchestrator

A real analyst does not hold the whole problem in one thought. They move through distinct kinds of work. So we built WhiteHat as four specialists, each owning one kind of evidence:

  • SA-01 · Identity — who normally sends from this domain, and do the display name, Reply-To, and Return-Path agree?
  • SA-02 · Infrastructure — SPF / DKIM / DMARC, domain age and novelty, look-alike domains, abused TLDs.
  • SA-03 · Links & Visual — display-vs-real URL mismatches, shorteners, redirect chains, raw-IP URLs, QR-code lures.
  • SA-04 · Intent — what is this message actually asking for? Urgent transfer, credential capture, account changes, pressure tactics.

Each agent is sharp at one thing and produces a score plus concrete signals. Then WhiteHat orchestrates — it reconciles the findings, weighs them against each other, and produces one verdict (allow, flag, or block) with a risk score and a bilingual narrative.

The payoff is not just accuracy. It is that every verdict decomposes into steps a human can read and trust. The "why" is not a story we tell afterward — it is the structure of the decision itself.

What this means going forward

Splitting the work this way means we can sharpen one agent without destabilizing the others, and add new specialists over time as attacks evolve. The orchestrator stays the same; the bench of experts grows.

That is the bet behind WhiteHat: investigation is not one judgment. It is several kinds of judgment, reconciled — and that is exactly what makes it explainable.


Every verdict in WhiteMail shows each agent's score and signals. Try it in the Analyze console.