Incident management · Production

Doppel's AI agent cuts security operations workload by 30% in 30 days using OpenAI o1

The problem

Cybersecurity teams are overwhelmed by alert volumes; nuanced decisions about phishing takedowns require detailed manual analysis that is difficult to scale when ingesting over 10 million websites, social media accounts, and mobile apps daily.

First attempt

Traditional machine learning filtered out obvious false positives but could not make the nuanced judgment calls required for takedown decisions, which require interpreting unstructured data such as screenshots, time-series activity, and customer-specific policies.

Workflow diagram · grounded in source
1
Daily data ingestion
trigger
“Every day, Doppel ingests more than 10 million websites, social media accounts, and mobile apps to identify phishing attacks worldwide”
2
ML false-positive filter
ai_action
“Traditional machine learning filters out obvious false positives”
3
AI agent nuanced classification
ai_action
“we incorporated thousands of well-curated historical decisions, effectively distilling years of our analysts' experience into the model. As a result, the AI developed the nuanced judgment required to classify and take action on even the …”
4
Continuous learning loop
feedback_loop
“the agent is constantly learning as it sees new examples. This tight feedback loop is critical in combatting security threats like phishing”
5
Threat response delivered
output
“it delivered faster response times and more threats eliminated”
Reported outcome

Doppel's AI agent automated 30% of security operations workload in under 30 days, exceeded human-level benchmarks with a lower false-positive rate and more genuine threats uncovered, and delivered faster response times to customers.

Reported metrics
SOC workload reduction30%
Time to achieve 30% workload reduction30 days
False-positive rate vs human analystslower false-positive rate
Genuine threats uncovered vs human analystsuncovered more genuine threats
Show all 5 reported metrics
SOC workload reduction30%
time to achieve 30% workload reduction30 days
false-positive rate vs human analystslower false-positive rate
genuine threats uncovered vs human analystsuncovered more genuine threats
customer response timefaster response times
Source
https://www.doppel.com/blog/ai-in-cybersecurity
Read source ↗

Frequently asked questions

What did this team achieve with this AI workflow?

Doppel's AI agent automated 30% of security operations workload in under 30 days, exceeded human-level benchmarks with a lower false-positive rate and more genuine threats uncovered, and delivered faster response time…

What results were reported?

SOC workload reduction: 30%; Time to achieve 30% workload reduction: 30 days; False-positive rate vs human analysts: lower false-positive rate; Genuine threats uncovered vs human analysts: uncovered more genuine threats (source-reported, not independently verified).

What failed first in this deployment?

Traditional machine learning filtered out obvious false positives but could not make the nuanced judgment calls required for takedown decisions, which require interpreting unstructured data such as screenshots, time-s…

How is this incident management AI workflow structured?

Daily data ingestion → ML false-positive filter → AI agent nuanced classification → Continuous learning loop → Threat response delivered.