What is KillPhish AI
KillPhish AI is an automated email analysis tool designed to help users detect and report phishing threats directly from their inbox. It leverages artificial intelligence to assess the risk of suspicious messages and provide users with immediate, informative feedback. Whether the email is a genuine threat or a simulated test from your organization, KillPhish AI assists in making smarter, faster decisions while promoting a more secure email environment.
How Does It Work?
When a user clicks the KillPhish button on a suspicious email in Outlook, the platform scans the email and routes its contents to an AI model for analysis. The AI then generates a risk score—typically labeled as low, medium, or high—and provides a natural language summary explaining any suspicious elements it detected.
Above: An example of Killphish's AI email analysis.
What Data is Collected From the Email?
To ensure accurate threat analysis, KillPhish AI collects nearly all available data from the reported email. This includes the email’s headers, subject line, body content, sender and reply-to addresses, URLs, attachments, timestamps, and routing details. By analyzing this full context, the AI can better detect common phishing indicators such as spoofed domains, suspicious links, or misleading formatting. We do not store any emails or analyzed data, and you have the option to configure a third-party model of your choice or one approved by your organization.
AI Model Options and Configuration
By default, KillPhish AI uses a locally-hosted version of Google's llama3 model that has been optimized specifically for phishing threat detection. However, organizations that prefer to use their own AI infrastructure can connect to an external provider such as OpenAI or Anthropic via the Integration Store. After configuring the provider with API credentials and endpoint information, administrators can select the desired model in Administration > Settings > Account Settings > AI tab.
If no external provider is configured, KillPhish AI will automatically use the built-in model with no additional setup required. This ensures all users benefit from intelligent, real-time email analysis out of the box.