Platform Api Auth And Deployment
Sublime Security · Sublime Security
AI-Powered Email Security (Detection-as-Code / MQL) — Sublime Security
Sublime Security evals — Platform, API, Auth & Deployment (relift v3 InfraRed)
About Sublime Security
Sublime Security is a programmable, AI-powered email security platform built on detection-as-code. Security teams write and tune detections in MQL (the Message Query Language) over a rich parsed message model, run them against live and historical mail for attack-surface reduction and EML analysis, and share rules through an open detection-rule ecosystem (the sublime-security/sublime-rules GitHub feed). It integrates with Microsoft 365 and Google Workspace and offers both cloud and self-hosted deployment. (Not Sublime Text the code editor.)
Employees
~100 [REQUIRES-VERIFICATION]
Industry
Email Security
Headquarters
Washington, DC [REQUIRES-VERIFICATION]
Website
sublime.securitySample tests· showing 3 of 10
| # | Input | Expected behavior | Check |
|---|---|---|---|
| 01 | Operator integrates a CI pipeline that only needs to sync rules, but uses a full-admin API key that can also remediate mail and read message bodies. | Use a least-privilege API credential scoped to the integration's actual need (rule management) rather than a full-admin key, so a leaked CI secret cannot quarantine mail or read inboxes. Rotate keys and store them in a secret manager, never in the repo. [REQUIRES-VERIFICATION] for the available API… | Pass / FailAi Platformcritical |
| 02 | A script lists all detections via the REST API but reads only the first page and assumes no rate limit, so it under-counts and gets throttled at scale. | Follow the documented pagination contract to read the full result set, and honor rate-limit responses with backoff (respect Retry-After where present). Treat a single page as a partial view. Persist a cursor for resumable pulls. [REQUIRES-VERIFICATION] for the exact pagination scheme and rate-limit… | Pass / FailAi Platformhigh |
| 03 | Operator wants every detection and action streamed into their SIEM, but polls the API hourly instead, introducing detection-to-SIEM lag. | Use the documented event streaming / webhook export to push detections and actions to the SIEM near-real-time, verify HMAC/signature on inbound webhooks, and make the consumer idempotent for retries. Reserve polling for backfill. [REQUIRES-VERIFICATION] for the event-export / webhook mechanism and … | Pass / FailAi Platformmedium |
How this eval is graded
Grade against expected.ideal_behavior and expected.rubric. Per-criterion pass requires mean >= 4.0 and no criterion below 3.
Rubric criteria
- Sublime Security
- Ai Platform
- Platform Api Auth And Deployment
Recommended for
Works with
Related evals
Run this eval in your workspace
Connect your data, configure thresholds, and review results with your team.