Is that link malicious? Build your own AI agent to check

“Suspicious login detected. Use the link below to update your password immediately.”?

Is it a legitimate alert, or is it a phishing attempt???

With cyber threats becoming more sophisticated by the day, distinguishing between legitimate alerts and malicious attempts can be challenging.?

Before you click that link, consider learning how to develop an AI agent that can detect threats in emails, text messages, URLs, and phone numbers. Here’s what you need to know. ?

What are AI agents??

AI agents are autonomous programs designed to handle tasks on behalf of users or systems. They’re built to manage their own workloads by using a set of tools to interact with their environment. In cybersecurity, that means these agents can assess threats, like phishing attacks, using data from external sources.?

How do they work??

AI agents are powered by large language models (LLMs). These models enable agents to understand user inputs, analyze the data, and decide when and how to use external tools—whether that’s a search engine or a third-party API.??

AI agents don’t just follow scripts. They’re designed to engage in reflection and self-criticism. This means they can learn from their actions, adapt to new scenarios, and refine their approach for future tasks. They also have memory—storing, retaining, and retrieving information—so they become smarter and more effective as they go.?

How can AI agents help with cybersecurity??

AI agents can help you assess security risks in real time.??

Take BRAMA, for example—an open-source AI agent that helps analyze the security of emails, SMS, URLs, and phone numbers.?

By using third-party APIs and resources like VirusTotal, URLhaus, and Cisco Umbrella, the agent can provide additional context, such as whether a URL has been marked as malicious or used for phishing, or whether a phone number sending SMS messages is associated with scams or other suspicious activities.?

Here’s an example of a suspicious SMS.??

When you receive a phishing SMS like this one, your AI agent can run a series of tools, such as a phone number, message, or domain analyzer. After processing, you’ll get a full report that gives you the information you need to act safely.??

In the video below, Oleksii Borisenko, DevNet Developer Advocate, walks through this process.???

In the demo, Oleskii used a zero-shot react agent, which performs a reasoning step before acting. This means it can handle scenarios that require an immediate response without prior training, which is ideal for quickly detecting phishing attempts in emails or analyzing suspicious URLs.???

Build your own security AI agent??

Want to try for yourself? Here’s a step-by-step guide explaining how to build an AI agent that can assess whether domains, emails, or phone numbers are malicious or part of a phishing attack.?

How will you put your AI agent to work? We’d love to hear your approach—share in the comments!?