Threat posture overview

Latest 250 incidents · auto-refreshes every 30s

Incidents reviewed0Latest 250 cases
Critical threat rate0%High-risk share
Average exposure0%Across recent cases
AI-assisted reviews0Pipeline used
Risk overview

Threat posture at a glance

Risk concentration

0%critical

Critical incident share from the last seven days.

Channel pressure

Loading...

Busiest attack path surfaces here.

Threat posture

7-day trend

Safe · Suspicious · Critical
Loading...

Recent incidents

Loading incidents...

Threat investigation workspace

Scan suspicious content · Standard or AI pipeline

High-speed ML + rule engine detection.
Export & upload from: Outlook (.eml) Thunderbird (.eml) Apple Mail (.eml) Gmail (paste text)
Ready.
ML score0%
Rule score0%
Threat classUnknown
ActionReview

Executive summary

Run an assessment to generate an incident summary.

Recommended response

Response guidance will appear here after a scan.

Threat story

Threat narrative is built from evidence after each scan.

Investigation timeline

Run an assessment to build the timeline.
Evidence signals
No signals yet.
Indicators
No indicators yet.
AI trace

AI explanation

Enable AI mode for deeper narrative context.

AI pipeline

standard-only · N/A

Validation feedback

Case controls

AI settings
Not loaded
Not loaded

No provider settings saved.

AnalyticsSignal and channel breakdown
RulesAdjust detection coverage

Analytics

Signal breakdown, channel mix, and feedback quality

Incident mix

0%
0%
0%
0%quality
Detection quality

Validates once analysts mark incident outcomes.

Threat categories & patterns

Categories
Loading…
Loading…
Repeated reasons
Loading…
Loading…
Hot indicators
Loading…

Feedback quality

Correct0Confirmed
False positive0Precision gap
False negative0Missed risk

Channel summary

Loading…

Recent threat cards

Loading…
Signals

Repeated signals & channels

Most repeated detection reasons.

Loading…

Channel concentration.

Loading…

Rule manager

Govern live detection logic without redeployment

Access
One-click demo signs in with default credentials
Sign in to manage rules.
No rules loaded yet.

Create rule

Rule guidance

Explanation-friendly descriptionsIncident views surface rule reasons directly.
Consistent categoriesStrengthens analytics and AI guidance.
Tune with feedbackFalse positives visible in analytics.

Extensions

Client integrations for Gmail, Outlook, and Thunderbird

Full install guide
Chrome Extension
Gmail · Manifest V3
Available

Scans open Gmail messages automatically. Overlays a verdict badge inline with every email and provides detailed threat context in the popup.

Download ZIP Install guide
Outlook
Web & Desktop
Workaround

No native add-in yet. Use dashboard paste for quick scans, or install the OWA bookmarklet for one-click scanning directly in Outlook Web.

Setup guide
Thunderbird
Desktop
Workaround

No add-on yet. Copy email text or raw headers (Ctrl+U) and paste into the Scan tab for full ML + AI analysis.

Setup guide
Chrome · Sideload install

Step-by-step setup

5 steps
1
Download & extract the ZIP

Click Download ZIP above. Extract it anywhere — the chrome-extension/ folder is what you need.

2
Open Chrome Extensions

Navigate to chrome://extensions or go to Menu → More tools → Extensions.

3
Enable Developer mode

Toggle Developer mode in the top-right corner. This allows loading unpacked extensions.

4
Load Unpacked

Click Load unpacked and select the chrome-extension/ folder. The ThreatWatch AI for Gmail card will appear.

5
Open Gmail and scan

Go to mail.google.com, open any email — ThreatWatch AI scans it automatically and shows the verdict inline. The API URL is pre-set to this server.

Developers

Direct API access

API Docs 
curl -X POST ${location.origin}/api/v1/scan \
  -H "X-API-Key: <your-key>" \
  -H "Content-Type: application/json" \
  -d '{"subject":"Urgent: verify your account","body":"Click here...","mode":"ai"}'
ThreatWatch Copilot Analyst aide — summaries, escalation, stakeholder notes.
Waiting for a case.
status: standbyprovider: not selected
ThreatWatch CopilotOpen after a scan to generate analyst notes or stakeholder summaries.
Shift+Enter for new line
Incident quick view

Preview the case before opening the full workspace.

SAFE CHAT 0% risk

Headline

No incident selected.

Summary

Select an incident to preview.

Response

Recommended action appears here.

Signals

None yet