AI Transparency Statement
1. What AI Is Used
SphereMail's AI analysis engine is branded as SphereAI™ and is built and operated by SecureSphereLabs as an internal capability. It is powered by large language models (LLMs) accessed via our proprietary AI infrastructure. We do not disclose the specific underlying model provider(s) as this is commercially sensitive information. The architecture may change over time; this document reflects current data handling practices regardless of the underlying model.
2. What Data Is Sent to SphereAI™
| Data Element | Sent to SphereAI™? | Notes |
|---|---|---|
| Email headers (Received, Authentication-Results, From, etc.) | ✅ Yes | Truncated to 8,000 characters maximum |
| Email body text | ✅ Yes | Truncated to 4,000 characters maximum; HTML stripped |
| Subject line | ✅ Yes | Truncated to 500 characters |
| Sender address | ✅ Yes | Truncated to 500 characters |
| Attachment filenames and MIME types | ✅ Yes | Filenames and types only — not attachment content |
| Attachment file content | ❌ No | Never sent to SphereAI™ or any external service |
| Your account email or identity | ❌ No | AI prompts are anonymous |
| URL content or resolved pages | ❌ No | URL reputations come from VirusTotal, not AI |
3. How the AI Is Used
The AI is prompted to perform the following analysis tasks on submitted email data:
- Phishing intent detection and confidence scoring
- Business Email Compromise (BEC) classification (wire fraud, payroll fraud, vendor impersonation, executive spoofing)
- Social engineering and psychological manipulation technique identification
- Brand impersonation and lookalike domain detection
- MITRE ATT&CK tactic and technique mapping
- Threat actor pattern analysis (with hedged, non-attributive language)
- SOC-ready narrative and executive summary generation
4. Does SphereAI™ Train on Our Data?
No. SphereAI™ does not use submitted email content to train, fine-tune, or improve any AI model. Your email content is processed transiently to generate the analysis response and is not retained by our AI infrastructure beyond the immediate request lifecycle. This commitment applies regardless of any changes to the underlying model infrastructure.
5. Do We Retain AI Prompts or Responses?
6. AI Limitations and Known Risks
- False positives — The AI may flag legitimate emails as suspicious. Authentication-passing emails from known brands should not be blocked purely on AI verdict without additional evidence.
- False negatives — Sophisticated attacks, especially text-only BEC with no technical indicators, may not be detected.
- Hallucination — LLMs can generate plausible-sounding but incorrect information, including fabricated threat actor attributions or non-existent IOC correlations.
- Threat actor attribution — All attribution language in SphereAI™ output uses explicitly hedged language ("shares characteristics of", "consistent with TTPs commonly observed in"). It is never definitive and should not be cited as confirmed attribution in official reports without corroboration from live threat intelligence feeds.
- No live threat intelligence — The AI model has a training data cutoff and does not have access to real-time threat feeds, current campaign data, or live IOC databases.
- Model variability — AI outputs may vary between identical inputs due to inherent model stochasticity (temperature settings), even though we use low temperature (0.1) to minimise this.
7. Human Review Requirement
SphereMail is designed as a decision-support tool for trained security professionals. All SphereAI™ outputs should be reviewed by a qualified analyst before any security action (quarantine, incident escalation, user notification, threat actor reporting) is taken. SecureSphereLabs explicitly disclaims liability for decisions made solely on the basis of AI-generated analysis.
8. AI Model Updates
We may change the underlying AI model used by SphereAI™ without prior notice, including upgrading to newer model versions. Model changes that materially affect output quality or data handling will be disclosed in updates to this document.
These documents were last updated on May 26, 2026. For questions, contact legal@securespherelabs.com. · Back to SphereMail
SphereMail