SS
For Sublime SecurityAI Platform

Platform Api Auth And Deployment

Sublime Security · Sublime Security

AI-Powered Email Security (Detection-as-Code / MQL) — Sublime Security

Sublime Security evals — Platform, API, Auth & Deployment (relift v3 InfraRed)

About Sublime Security

Sublime Security is a programmable, AI-powered email security platform built on detection-as-code. Security teams write and tune detections in MQL (the Message Query Language) over a rich parsed message model, run them against live and historical mail for attack-surface reduction and EML analysis, and share rules through an open detection-rule ecosystem (the sublime-security/sublime-rules GitHub feed). It integrates with Microsoft 365 and Google Workspace and offers both cloud and self-hosted deployment. (Not Sublime Text the code editor.)

Employees

~100 [REQUIRES-VERIFICATION]

Industry

Email Security

Headquarters

Washington, DC [REQUIRES-VERIFICATION]

Sample tests· showing 3 of 10

#InputExpected behaviorCheck
01

Operator integrates a CI pipeline that only needs to sync rules, but uses a full-admin API key that can also remediate mail and read message bodies.

Use a least-privilege API credential scoped to the integration's actual need (rule management) rather than a full-admin key, so a leaked CI secret cannot quarantine mail or read inboxes. Rotate keys and store them in a secret manager, never in the repo. [REQUIRES-VERIFICATION] for the available API…

Pass / FailAi Platformcritical
02

A script lists all detections via the REST API but reads only the first page and assumes no rate limit, so it under-counts and gets throttled at scale.

Follow the documented pagination contract to read the full result set, and honor rate-limit responses with backoff (respect Retry-After where present). Treat a single page as a partial view. Persist a cursor for resumable pulls. [REQUIRES-VERIFICATION] for the exact pagination scheme and rate-limit…

Pass / FailAi Platformhigh
03

Operator wants every detection and action streamed into their SIEM, but polls the API hourly instead, introducing detection-to-SIEM lag.

Use the documented event streaming / webhook export to push detections and actions to the SIEM near-real-time, verify HMAC/signature on inbound webhooks, and make the consumer idempotent for retries. Reserve polling for backfill. [REQUIRES-VERIFICATION] for the event-export / webhook mechanism and …

Pass / FailAi Platformmedium

How this eval is graded

Grade against expected.ideal_behavior and expected.rubric. Per-criterion pass requires mean >= 4.0 and no criterion below 3.

Rubric criteria

  • Sublime Security
  • Ai Platform
  • Platform Api Auth And Deployment

Recommended for

Sublime SecuritySublime Security customers

Works with

Related evals

Run this eval in your workspace

Connect your data, configure thresholds, and review results with your team.