Phishing defense company Cofense Inc. today unveiled new artificial intelligence-driven detection and automation features for its Phishing Defense Platform aimed at catching coordinated polymorphic phishing campaigns that slip past traditional filters and AI-only tools.

The company says the new features shift away from one-email-at-a-time responses toward action at the campaign level. The release pairs campaign-aware detection with workflow automation and AI-assisted training, with the goal of compressing the window between a phishing attempt landing in an inbox and a security team containing it.

At the center of the release is Vision 3.2, available to customers of Cofense Phishing Remediation. The module uses clustering and pattern matching to identify coordinated attacks across related messages, including campaigns engineered to vary content, senders and delivery patterns to evade detection. Once a campaign is flagged, the platform can quarantine every variant in the cluster and contain related threats in a single action, reducing what Cofense calls the blast radius of a confirmed attack.

Cofense is also shipping Triage 3.0, which routes automated responses based on the reporter’s domain. Security teams and managed security service providers can run multi-domain setups without hand-sorting reports and employees who flag a suspicious email get a reply tailored to their context. Analysts are left to work the cases that actually need a human call.

Phishing Training customers are getting an AI Assistant inside the Cofense Command Center that builds simulation campaigns from natural language prompts, recommending simulations, difficulty levels and training content. A new Customization Portal lets customers edit templates, brand content, adjust quizzes and auto-translate materials into other languages. Cofense says the combination cuts campaign creation from hours to minutes and allows fresh threat intelligence to feed targeted training the same day it surfaces.

“Phishing defense has to operate at the speed of the attack and today that means teams only have minutes to intercept a threat,” explains Rachel Roldan, vice president of product at Cofense. “With Phishing Remediation detecting campaigns before they spread, then automating response at scale and Phishing Training turning threat insights into training in real-time, we’re giving organizations the ability to stay ahead, not just keep up.”

The release comes as phishing remains the most persistent initial-access vector in enterprise breaches and when defenders are increasingly contending with attacker tooling that uses generative AI to mass-produce convincing lures. Cofense is leaning on what it describes as human-validated intelligence drawn from millions of real-world user reports to differentiate its detection from purely model-driven competitors, arguing that transparency in how AI decisions are made is itself a selling point to security buyers.

Vision 3.2, Triage 3.0 and the updated Cofense Command Center are available now to Phishing Remediation and Phishing Training customers through the Cofense Phishing Defense Platform.

Image: Cofense