Aqbeż għall-kontenut prinċipali
OpenAI

28 ta’ Ottubru 2025

Doppel’s AI defense system stops attacks before they spread

With GPT‑5 and reinforcement fine-tuning (RFT), Doppel cut analyst workloads by 80% and now mitigates threats in minutes instead of hours.

Logo ta’ Doppel bl-abjad fiċ-ċentru fuq sfond metalliku skur minsuġ b’linji mgħawġa u rivets.
Daqs tal-kumpanija: Startup
Reġjun: L-Amerika ta’ Fuq
Industrija: Teknoloġija
Prodotti: API

Riżultati

80%

flussi ta’ xogħol tal-analisti mnaqqsa

Riżultati

3x

kapaċità ta’ ġestjoni tat-theddid

Qed jillowdja…

A single impersonation site can launch, target thousands of users, and vanish in under an hour. That’s more than enough time for an attacker to do real damage. And with generative tools, they can spin up hundreds more just like it.

Doppel was built to defend organizations from deepfakes and online impersonations, but quickly realized AI meant threats could scale infinitely. Attackers no longer needed to handcraft scams; they could generate endless variants of phishing kits, spoofed domains, and impersonation accounts in seconds.

“Il-ħsara minn attakki ta’ phishing tista’ sseħħ fi ftit minuti hekk kif jinfirxu fuq il-midja soċjali u l-kanali tal-messaġġi. Il-kapaċità li tiġġenera persważjoni bla tmiem kważi mingħajr spiża bidlet kollox.”
—Rahul Madduluri, Ko-fundatur u CTO, Doppel

Inside the rollout

To stay ahead, Doppel developed a new kind of social engineering defense system built on OpenAI GPT‑5 and o4-mini models. Doppel’s platform detects, classifies, and takes down threats autonomously, cutting analyst workloads by 80%, triples threat-handling capacity, and reduces response times from hours to minutes.

Staying ahead of infinitely faster threats

Traditional digital risk protection relied on humans to manually review impersonation sites, phishing domains, and social media profiles and posts. Doppel saw that model breaking down as attackers began to automate, launching threats faster, and across more surface areas, than humans could evaluate them.

“Is-sistema tagħna tipproċessa għargħar kostanti ta’ sinjali biex tidentifika t-theddid reali fost l-istorbju. Ladarba tiġi skoperta theddida, hemm tieqa dejqa ħafna biex naġixxu qabel ma ssir il-ħsara. L-użu tal-IA biex jiġi awtomatizzat it-teħid tad-deċiżjonijiet huwa wieħed mill-akbar fatturi ta’ żblokk għall-kumpanija, u jippermettilna niġġieldu l-attakki fuq skala u b’veloċità tal-internet.”
—Rahul Madduluri, Ko-fundatur u CTO, Doppel

That speed is critical for Doppel’s customers, organizations that can’t afford to wait hours to confirm a threat. Doppel’s system classifies most threats automatically, using OpenAI models for reasoning and a structured feedback loop known as reinforcement fine-tuning (RFT) to improve the model over time. In RFT, human feedback is used as graded examples, helping models learn to make consistent, explainable decisions on their own.

Orchestrating LLM-driven threat detection

Doppel’s LLM-driven pipeline sits at the center of its detection stack. After signals are sourced and filtered, the system performs a series of targeted reasoning tasks: reasoning through potential threats, confirming intent, and driving classification decisions. Each stage is designed to balance speed, accuracy, and consistency, while keeping analysts focused on the edge cases that need human judgment.

Flowchart turi pipeline għas-sejbien tat-theddid bl-użu ta’ LLMs, li timxi mill-ġbir u l-iffiltrar, għall-estrazzjoni tal-karatteristiċi u l-klassifikazzjoni, sal-verifika finali u s-sistemi ta’ tneħħija. Mudelli bħal GPT-5 u o4-mini jintużaw fi stadji ewlenin.

Here’s how it works:

  • Signal filtering and feature extraction: Doppel’s systems ingest millions of domains, URLs, and accounts daily. A combination of heuristics and OpenAI o4-mini filters out noise and extracts structured features to guide downstream model evaluations.
  • Parallel threat confirmation: Each signal is passed through multiple GPT‑5 prompts purpose-built for different types of threat analysis. These prompts assess factors like impersonation risk, brand misuse, or social engineering patterns.
  • Threat classification: The RFT version of o4-mini synthesizes the earlier confirmations to assign a structured label—malicious, benign, or ambiguous—with production-grade consistency.
  • Final verification: A second GPT‑5 pass validates the model’s decision and generates a natural-language justification. If confidence exceeds threshold, the system auto-initiates enforcement.
  • Human review: Low-confidence or conflicting results are routed to human analysts. Their decisions are logged and fed back into the RFT loop to continuously improve model consistency.

Training models through reinforcement fine-tuning (RFT)

Doppel had already seen meaningful gains from its original LLM-enhanced detection pipeline, but when it came to cases where the same threat might be judged differently depending on the analyst, consistency became the limiting factor.

“Benefiċċju reali wieħed li ħareġ mir-RFT huwa li qed tagħmel id-deċiżjonijiet ta’ dak il-mudell aktar konsistenti.”
—Kiran Arimilli, Inġinier tas-Software, Doppel

To build that consistency, Doppel applied RFT using its own analyst data as the feedback source. Each decision to classify a domain as malicious, benign, or unclear became a graded example. Those labeled examples trained the model to replicate expert judgment, even on ambiguous edge cases.

Dijagramma ċirkolari turi l-fluss tax-xogħol tal-klassifikazzjoni tat-theddid ta’ Doppel: LLMs tal-produzzjoni jieħdu deċiżjonijiet → reviżuri umani jipprovdu korrezzjonijiet → it-taħriġ tal-mudell jaġġorna l-mudelli → id-distribuzzjoni tibgħat il-mudelli aġġornati għall-produzzjoni.

Working closely with OpenAI’s applied engineering team, Doppel designed grader functions that evaluated not only accuracy but explanatory quality, rewarding models that reasoned clearly, not just correctly. By turning analyst feedback into structured training data, Doppel helped show how RFT could make automated detection more consistent and reliable.

Operationalizing trust through transparency

Hyperparameter tuning and iterative evals brought the model closer to human-level consistency. But for Doppel, completing the final mile of automation also meant making decisions immediately understandable.

Each automated takedown now includes an AI-generated justification explaining why a threat was removed, giving customers immediate insight into why action was taken—something that once required analyst intervention.

Veduta ta’ dashboard turi allert ta’ tneħħija għad-dominju “d0ppel.click,” immarkat talli qed jimpersona lil Doppel. Is-sommarju jsemmi phishing u serq ta’ kredenzjali, b’timeline fuq il-lemin li turi aġġornamenti tal-istatus mill-ħolqien sat-tlestija fl-10 ta’ Ottubru 2025.

That visibility enhances trust, which is a critical factor for Doppel’s users. Seeing not just what action was taken, but why, gives teams the confidence to respond quickly and the context to explain those decisions internally or to stakeholders.

Results at a glance

  • Cut analyst workloads by 80%
  • Reduced threat response times from hours to minutes
  • Tripled threat-handling capacity
  • Most threats classified automatically

What’s next

Having reached near-complete automation for phishing and impersonation domains, Doppel is now applying the same model-driven framework to other high-variance channels.

“Domains are probably the hardest channel we handle,” said Madduluri. “The signals are messy, content changes constantly, and threats evolve fast across several surfaces at once. If we can automate that end to end, we can do it for anything: social media, paid ads, you name it.”

The next milestones include scaling their RFT dataset by an order of magnitude, experimenting with new grading strategies, and using GPT‑5 for upstream feature extraction. These changes will allow Doppel to consolidate pipeline stages and reason over more complex threat indicators earlier in the process.

With each iteration, Doppel is building toward a system that defends what’s real across every surface where trust is under attack.