How to Turn Any AI Prompt into an Email Data Security Tool
How to use an off-the-shelf LLM prompt to protect your company’s emails in 30 minutes or less.
Not a day passes without significant advances in AI. Despite these advances, gaps exist between AI’s promise and its meaningful application to core business systems. For many organizations, the benefits of AI remain theoretical or confined to marginal experiments. Tools like ChatGPT allow organizations to exploit AI to generate content or perform search queries, but these efforts are often limited to individual users. Employing AI in higher-value endeavors can require custom development, entailing higher costs and greater risks. How might a company leverage AI systemically, embedded in its operations, so that AI’s benefits are continuously delivered across the entire organization while not breaking the bank?
One recognized high-value application of AI is email (Sam Altman, OpenAI founder and CEO, also shared this view). This isn’t surprising given that LLM AI is technology trained on language, and email is written communication. At mxHERO, we study the use of AI for email. Our research confirms the immense value of LLM AI across a wide range of email use cases, including email search, security, and automation. mxHERO has built tools to allow organizations to leverage AI on email data.
Considerations for AI on Corporate Email
Email is a high-volume game
If email is one thing, it is high volume. Given the relatively narrow “context windows” AI models can work with, this is an immediate challenge for designing AI systems for email. Even a model boasting a 1M token window won’t be able to examine more than a couple hundred emails. The challenge becomes obvious, given that the average business user receives more than 120 emails/day. (Radicati)
Reduce volume with filtering
AI-email solutions must preprocess emails and intelligently target only emails within the required scope. This can be achieved by filters, for example, limiting the analysis to only emails from specific addresses and within a date range or using lower-cost analysis, like regular expression pattern matching, e.g., looking for project IDs. Other filters can consider the structure of the email, such as only examining email attachments. Ideally, an AI-capable system can chain a number of filters, each attempting to triage the email, leaving AI analysis for cases that fail all lower-cost examinations.
As an example, this article examines the application of AI for securing email attachments based on levels of confidentiality. A realistic pre-processing scenario for this use case is to limit analysis to only those emails sent out of the organization and, more specifically, only those outbound emails with email attachments. The initial analysis could be done using powerful regular expressions and lookup tables, checking for names of sensitive projects or other keywords indicating a certain confidentiality level. Only if there is no identified level of confidentiality after these multiple, low-cost, and computationally fast layers are files handed to AI. In our deployments, such pre-processing often reduces the amount of AI required by more than 95% compared to no filtering. As a result, the final solution benefits from much higher performance and much lower costs.
Basic building blocks of AI for Email Data Security
Applying AI to email for data security involves having AI evaluate select email content and, based on the output, trigger an action (e.g., redirect, block, record, manipulate, etc., the email). Any implementation will follow this basic structure, whether developed in-house or using a third-party service. This article briefly explains how AI can be configured for email security using mxHERO Mail2Cloud.
Automatically Classifying Emails with AI — A Prompt from OpenAI
To demonstrate how an organization can leverage AI for email, we will modify an OpenAI published prompt and apply it to email with mxHERO’s Mail2Cloud platform. Mail2Cloud allows organizations to easily apply advanced AI prompts to their emails without requiring costly AI integration development. The following demonstration uses a prompt published by OpenAI (source) for content moderation. The prompt classifies content into one of five scores, K0 to K4. Although this prompt classifies content for illegal intent, this exercise is ultimately a demonstration of content classification, and the same process described here can be used for any policy/classification need. For example:
- classifying customer emails based on sentiment — happy to angry;
- classifying email attachments for degrees of confidentiality — highly confidential to publicly accessible;
- classifying email messages for threats — dangerous, suspicious, innocent.
In our example, we will modify the OpenAI prompt to demonstrate a policy classifying the confidentiality of email attachments and then use that classification to secure those attachments automatically.
Overview diagram
The following diagram illustrates how to apply AI to your email stream with Mail2Cloud. Simply put, the process involves defining a trigger for an action on an email.
Define a condition (trigger)
- Provide an AI prompt (we will use OpenAI’s) in a Mail2Cloud Variable. The value of this variable is the response from the AI query.
- Create another variable that evaluates the AI's response stored in the above variable.
Define an Action
- Create a Security Definition; for example, remove attachments and replace them with 7-day, auto-expiring cloud storage links.
Create a Policy (condition + action)
- Create a security policy that combines the condition and the action. In other words, if the condition is true, take the action.
Create a Rule — apply the policy to a specific email flow
- Once created, the security policy is used in a Mail2Cloud Rule. Rules define what email the security policy should be applied to.
For simplicity, this example doesn’t include extensive pre-processing of the email, which is supported by the Mail2Cloud platform.
Step by Step: Applying AI to Email for Content Security with Mail2Cloud
To configure the Mail2Cloud platform for AI, we create a “variable.” The platform uses special user defined variables as values to trigger diverse functionality, like setting a specific security configuration on attachments.
Creating Triggers Variables
First, we create our AI Variable. In Mail2Cloud, you create a variable and add your prompt.
Many prompt libraries now exist (OpenAI, Anthropic, AI newsletters). Using a pre-existing, “off-the-shelf” prompt is a great way to start with high-quality results — see more below.
This variable will apply an edited version of the OpenAI query to the content of email attachments from pre-qualified emails, i.e., outbound emails with attachments. The query’s result becomes the variable’s value, which will be evaluated in the next step.
Create another variable to evaluate the output of the AI variable. The evaluation should result in a value like "True". We will create an AI Variable that has the value of "True" when the AI determines the email attachment to contain "highly confidential" information or level "K3".
ProTip: Mail2Cloud allows you to test your prompt directly from the configuration interface - use it. It’s a great way to tweak your prompt to your exact requirements. Another way to test is by using ChatGPT's chat interface. If you do, be sure you are using the same model as the one you have configured in Mail2Cloud, e.g., GPT-4, GPT-4.5, etc.
Creating Actions — creating a Security Policy
Security Policies represent actions in Mail2Cloud. A security policy combines the trigger variable and a security definition. We will use one of the many pre-configured security definitions in the platform. Given that we are setting the security for the most confidential content, we will create a policy that moves the file to the company’s cloud storage and puts a 7-day, self-expiring link in the email.
Creating the Rule
Finally, we define a rule determining when the action (our Security Policy) will be applied. In our case, we will set the rule to only act on emails sent externally from the organization.
Mail2Cloud has many more options, such as creating exceptions to rules. Plus, support for multiple rules allows different levels of security to be applied to other situations; for example, protect files with organization access-only links when shared internally. This type of policy hardens the organization against eventual breaches or accidentally forwarded emails.
Conclusion
AI is transforming the world. It will improve organizations’ operations, but understanding how and where to apply AI’s enormous capabilities is challenging. Fortunately, the market is producing solutions to bridge this gap.
References
Why Summarizing Email is One of AI’s Best Uses
How ChatGPT Protects Me From Phishing Attacks
How AI Instantly Gets What I Need From My Inbox
How I Tamed My Inbox With ChatGPT
Use ChatGPT with your Emails — An Invitation to “Chat for Email”
Visit us at DataDrivenInvestor.com
Subscribe to DDIntel here.
Featured Article:
Join our creator ecosystem here.
DDI Official Telegram Channel: https://t.me/+tafUp6ecEys4YjQ1
