Case study: an inbox triaged by disposable AI agents
Inbound e-mail is the most hostile input a company processes: phishing, prompt injection, malware. We wanted AI triage — classification, summaries, suggested actions — without ever running an LLM on raw mail inside our infrastructure.
The design: every single e-mail is triaged by a disposable LLM agent inside a dedicated virtual machine, behind five independent defense layers — LLM-free ingest, injection guard with PII anonymization and quarantine, per-tenant blacklists, an isolated VM with whitelisted tools only (no shell, no outbound SMTP), and a cross-tenant guard. On any anomaly the VM reverts to a clean snapshot.
It has been running in production on our own company mailboxes for months of continuous testing. The host never touches raw mail with a model, a compromised e-mail can burn nothing beyond its own throwaway agent, and the operator sees a classified, summarized queue instead of a raw inbox.
← All case studies