// SECTION: ZERO_TRUST_GATE
001
Design Partner Beta — Financial & Legal MSPs Only

Zero-Trust Enforcement for High-Risk Email

If they don't have
the phone,
the attack fails.

IntegrityLayer stops high-risk email actions — wire transfers, payroll changes, credential requests, sensitive data access, and script execution — by requiring the sender to tap their registered device before the message is delivered.

Works natively with Microsoft 365 & Google Workspace
Stops impersonation and compromised internal accounts
Built for enterprise security. Deployable by MSPs.
Book a Technical Briefing See the Attack Scenarios →

No MX changes. No DNS changes. No plugins.  ·  5 design partner slots — 2 remaining.

$47B
BEC losses 2024
+4,151%
Phishing volume since LLMs
82.6%
AI-generated phishing
23–24%
AI outperforms red teams
9:41
IntegrityLayer now
High Risk Intent Detected
Wire transfer request · $47,500
From: cfo@acme-corp.com
Deny
Approve →
Verify to Release
TOTP code expires in 30s
// SECTION: AGENTIC_THREAT_REALITY
002

This is what a modern BEC attack
looks like in your client's mailbox.

Not a typo-filled spam email. A patient, multi-turn, objection-handling agent that has read weeks of internal correspondence.

attack_agent.log — SILENT PAYROLL HEIST
# AGENT STATUS: ACTIVE
[Mon 09:14] OAuth token stolen — CFO account compromised
[Mon 09:16] Agent reads 6 weeks of sent mail
→ Learns tone: informal, signs "Cheers"
→ Learns timing: wire requests on Fridays
→ Finds context: "I hate these banking fees"
[Wed 11:32] Optimal send window calculated (mid-week, mid-day)
[Wed 11:33] AGENT → Sarah (HR):
"Hey Sarah, finally switching banks to ditch the fees.
Too late to get that in for this cycle? Cheers, John"
[Wed 11:34] DEFENDER: score=0.03 — CLEAN. Delivered.
[Wed 11:45] Sarah: "Need to use the portal per security policy."
[Wed 11:46] AGENT (objection handler activated):
"I tried! Portal keeps timing out. Traveling with spotty
wifi — can I send the voided check just this once?"
[Wed 11:52] Wire processed. $47,500 gone.
[Wed 11:52] Agent: deletes sent emails, creates archive rule
[Fri 14:00] Fraud detected on payday. Wire is unrecoverable.
# Session was valid. Auth passed. Behavior was normal.
_
THE SKYNET MOMENT

AI phishing efficacy vs. elite human red teams:

Nov 2024 — Human red teams 2.30%
Nov 2024 — AI agents 2.10%
Mar 2025 — Human red teams 2.25%
Mar 2025 — AI agents 2.78%
+55% AI performance improvement over 2 years. Human performance: flat.
82.6% Of phishing emails now contain AI-generated content.
+4,151% Phishing volume increase since advanced LLMs.
+49% Increase in filter bypasses — agents rewrite content when blocked.

"The AI agent doesn't make spelling mistakes. It doesn't send at 3 AM. It waits until Wednesday, uses your CFO's exact vocabulary, and offers a reasonable excuse for every objection. Your filter has nothing to detect."

Hoxhunt 2025 Phishing Research — AI vs. Human Red Team Efficacy

// SECTION: WHY_FILTERS_FAIL
003

Microsoft Defender. Abnormal Security.
Mimecast. Proofpoint.
They were built to detect anomalies.
An AI agent produces zero anomalies.

Every probabilistic email security tool shares the same architectural assumption: attackers are humans who make mistakes. They analyze language patterns, sender history, and behavioral baselines.

When an AI agent has spent 48 hours reading the CFO's email history, it doesn't have anomalous language. When it uses a stolen OAuth session token, it has a valid authenticated session. SPF passes. DKIM passes. DMARC passes. The behavioral baseline matches.

The filter scores it 0.03. It delivers.

01
Passive Detection Only
Probabilistic tools create alerts — they do not block. An analyst still has to review. The wire is already processing.
02
No Physical Gate
Even if the tool flags an email as suspicious, it cannot demand proof from the sender. Only a physical gate stops a physical-world transaction.
03
Session Hijacking Wins
Once an attacker has a valid session token, the MFA event already happened. The session appears legitimate. There is nothing to detect.
attack_simulation.log
# SCENARIO: CEO Account Compromise
# VECTOR: OAuth Token Theft via Phishing
[09:14:32] Attacker steals OAuth refresh token
[09:14:38] Opens CEO mailbox via Graph API
[09:14:45] Agent reads 6 weeks of sent mail
→ Tone learned: informal, signs "Cheers"
→ Context: "I hate these banking fees"
[09:15:02] Drafts payroll change request to HR
[09:15:06] DEFENDER: SCORE=0.03 — CLEAN. DELIVERED.
[09:15:06] ABNORMAL: BASELINE_MATCH — DELIVERED.
[09:15:18] HR processes request. $47,500 gone.
# Session was valid. Mail was real. No filter caught it.
_

"The session is valid. The auth passed. The behavior matches the baseline. Every probabilistic system in the stack says: clean."

That is not a detection problem. It is an architecture problem.

// PRINCIPLE: DETERMINISTIC_VERIFICATION
004

You can out-analyze the text.
You cannot out-analyze the phone.

The logical conclusion of AI-powered phishing is simple: any text-based security system that relies on analyzing message content will eventually be defeated by AI that generates perfect content.

The only defense that is permanently immune to this attack is one that demands something the AI agent cannot produce:

Proof that a physical human is holding their phone
at the exact moment of the transaction.

A stolen OAuth token does not give the attacker access to the CFO's phone.
A perfectly written email does not give the attacker access to the CFO's phone.
A deepfake video call does not give the attacker access to the CFO's phone.

IntegrityLayer is not a filter. It is a physical gate. When it catches a high-risk intent signal, the email does not move until the sender's registered device confirms it.

That is what "deterministic" means: the outcome is certain, not probabilistic.

PROBABILISTIC
Does this email look suspicious?
Content analysis + heuristics
Analyst review required
Score: 0.03 → delivered
Can be bypassed with perfect content
DETERMINISTIC
Did the human tap their phone?
Physical gate — binary outcome
Zero analyst required
APPROVE / DENY — no gray area
Cannot be bypassed remotely
// SECTION: SNATCH_RELEASE_ENGINE
005

How IntegrityLayer Works

API-driven intercept at the account level. No MX changes. No DNS changes. No browser extensions. Active the moment you grant API consent.

System Blueprint
SEQUENCE_DIAGRAM
CEO Account
Compromised
M365 / GWS
Graph · Pub/Sub
IntegrityLayer
Cloudflare Worker
Intent Engine
Semantic Classifier
Quarantine
Hidden Archive
CEO Device
Physical Verify
sends high-risk request
webhook fires instantly
intercepts in <300ms
classifies HIGH_RISK
snatches to quarantine
push verify to sender
The Two-Pillar Mechanism
PILLAR 2 — OUTBOUND INTENT GATE
PHASE 1: INTERCEPT

Exchange Transport Rule / Google Workspace Admin routing rule holds outbound email in system quarantine.

No plugins.
No MX changes.
No DNS changes.

PHASE 2: CLASSIFY

SLM scores semantic intent in <300ms. ROUTINE: email released. HIGH RISK: escalates to Semantic Intent Engine.

Zero data retained.
US-hosted infrastructure.

WIRE_TRANSFER
PAYROLL_CHANGE
CREDENTIAL_REQUEST
SENSITIVE_DATA
SCRIPT_EXECUTION
PHASE 3: VERIFY

Push notification sent to sender's registered device immediately.

[APPROVE] → email released
[DENY] → destroyed + alert
[TIMEOUT/5min] → alert sent
PILLAR 1 — INBOUND IMPERSONATION SHIELD
PHASE 1: INTERCEPT

Same routing layer. External inbound email to VIP mailbox held before delivery.

No client-side change required. No plugin.

PHASE 2: CLASSIFY

Semantic Engine detects (a) sensitive-action request + (b) identity claim ("I am [VIP]").

If pattern matches: QUARANTINE triggered.

IDENTITY_CLAIM + any trigger
PHASE 3: CHALLENGE

Auto-reply challenge sent to sender's address.

"Open your IntegrityLayer app and input code [XXXX]"

Hacker stares at a blank screen. Attack dies silently. Recipient never sees it.

Deployment Questions
[A] "What if your service goes down?"
fail_mode: open — if our Cloudflare Worker is unreachable, email delivers normally. Your client's mail flow is not dependent on our uptime.
[B] "How long does deployment take?"
M365: Azure Enterprise App admin consent URL → 30 seconds. GWS: Google Workspace Marketplace install → 30 seconds. VIP policy active immediately. Zero L1 helpdesk tickets generated.
[C] "What about all their devices and mobile clients?"
Interception is at the account API layer, not the device or browser layer. iOS Mail, Android Gmail, OWA, desktop Outlook — all covered by default. Zero client-side configuration.
// SECTION: THREAT_COVERAGE_MATRIX
006

Six attack vectors.
One gate.

IntegrityLayer covers the full lifecycle of a Business Email Compromise attack — whether the attacker is impersonating your CEO from a burner Gmail, or operating from a compromised internal account they've had for three weeks.

INBOUND SHIELD
Executive Wire Fraud
THREAT

AI agent emails CFO from burner Gmail posing as CEO. "Boarding flight to London. Process $150k wire immediately. — John"

BLOCKED

IDENTITY_CLAIM + WIRE_TRANSFER triggers quarantine. CFO never sees the email. Auto-challenge sent to the attacker's Gmail. Attack dies silently.

INBOUND SHIELD
"I'm Locked Out" Credential Heist
THREAT

Attacker scrapes company directory, emails IT Helpdesk from Yahoo impersonating VP of Engineering. "Locked out of Okta — dropped my phone in a lake."

BLOCKED

CREDENTIAL_REQUEST + IDENTITY_CLAIM triggers quarantine. IT Helpdesk never exposed to the social engineering attempt. Zero L1 tickets generated.

OUTBOUND GATE
Internal Lateral Movement
THREAT

AI sleeper agent compromises junior dev's M365 account. Emails DB Admin: "Hey, can you Slack me the AWS production API keys for this new project?"

BLOCKED

CREDENTIAL_REQUEST from internal account triggers push to dev's physical phone. Agent cannot tap the screen. Lateral movement hits a brick wall.

OUTBOUND GATE
Vendor Invoice Switch
THREAT

Hacked vendor emails Finance with "updated wiring instructions." Finance employee is fooled and replies with signed authorization form.

BLOCKED

WIRE_TRANSFER authorization triggers push to Finance employee. Forced to pause and consciously verify before the email releases. Audit trail created.

OUTBOUND GATE
Silent Payroll Heist
THREAT

Compromised account emails HR: "Please update my direct deposit to this new Chime account." Agent has full access to the authenticated session.

BLOCKED

PAYROLL_CHANGE triggers push to the real employee's phone — who is at lunch. Employee sees the alert, realizes their session is compromised. Hits Deny.

OUTBOUND GATE
Malicious Script Execution
THREAT

Compromised internal account emails sysadmin with attached PowerShell script. "Run this to update VPN configs for the new remote team."

BLOCKED

SCRIPT_EXECUTION request triggers push to sender's phone. Attacker cannot verify. Ransomware deployment via trusted employee channels blocked.

Intent classes: WIRE_TRANSFERPAYROLL_CHANGECREDENTIAL_REQUESTSENSITIVE_DATASCRIPT_EXECUTIONIDENTITY_CLAIM
// SECTION: COMPETITIVE_ANALYSIS
007

Passive Detection vs.
Active Physical Gate

Every existing solution alerts after the fact. IntegrityLayer stops the transaction before it happens.

Capability
MS Defender
Abnormal
IntegrityLayer
Detection method
ML pattern matching on content/sender
Behavioral AI baseline deviation
Semantic Intent Engine — intent classification
Response to high-risk mail
Alert admin. Email delivered.
Quarantine. Admin reviews later.
Instant API quarantine. Sender challenged immediately.
Session hijacking protection
None — valid session = trusted sender
Partial — may flag unusual behavior
Full — physical MFA required regardless of session
Mobile coverage
Push notifications only
Push notifications only
Account-level API — iOS, Android, desktop, web
Wire / payroll gate
Passive alert, no blocking
Passive alert, no blocking
Active physical gate before delivery
Bypassable by attacker?
Yes — valid session bypasses
Often — if mail appears normal
No — requires physical device attacker doesn't have

Comparison based on published capabilities as of 2025. MS Defender = Office 365 Plan 2.

// SECTION: MSP_CHANNEL_VALUE
008

Stop eating liability.
Start billing for certainty.

Every BEC incident that hits your client list becomes a conversation about why your security stack didn't stop it. IntegrityLayer is the answer to that conversation.

The architecture is built for the channel. One Admin Consent URL per client. No per-device configuration. No MX record migration. No per-user onboarding training. Roll out to 20–50 VIP seats and you're done.

WHAT YOU GET AS A DESIGN PARTNER:
01
NFR Internal License
Full deployment for your own team's M365 or Google Workspace. Not-For-Resale. No expiry. Protect your own team first.
02
Permanent Preferred Pricing
Design Partners lock in the lowest wholesale tier for life. Pricing details shared on the 15-minute briefing call.
03
Zero L1 Ticket Generation
When the gate fires, the push goes to the user's device — not to your helpdesk. The system auto-resolves. No tickets.
04
Multi-Tenant Console
One dashboard for all client deployments. Limbo feed per client, intent tuning per industry, audit log export for cyber insurance review.
05
Direct Roadmap Input
Two 15-minute calls over 30 days. Your operational feedback shapes the admin console. You get the product you actually want.
VIP ROLLOUT MODEL

Not 5,000 seats. 20–50.

C-Suite. Finance. HR.
The 50 accounts with blast radius.

One admin consent URL per client.
30-second deployment per client.
Zero organizational friction.
Zero end-user training required.
Zero L1 helpdesk overhead.

The sender gets a push notification when they do something high-risk. That's the entire user experience.

DESIGN PARTNER ECONOMICS:
NFR internal license (no expiry)
Preferred partner pricing, locked at launch
Direct engineering access
Earliest channel deployment window

Pricing details on the briefing call. No pricing published at this stage.

// SECTION: DESIGN_PARTNER_BETA
009
3 OF 5 SLOTS FILLED

5 design partner slots.
2 remaining.

Two 15-minute calls. Lifetime preferred pricing.

WHAT WE ASK:
Two 15-minute calls over 30 days
Test a sandbox deployment in your own environment
Feedback on the admin console UX
WHAT YOU RECEIVE:
NFR internal license (M365 or Google Workspace, no expiry)
Direct input into the product roadmap
Permanent preferred partner pricing, locked at GA
First window for channel deployment in your sector
AES-256
Encrypted Audit Logs
Zero Data Retained
No email storage
Fail-Open
Zero Mail Flow Risk
US-Hosted
Cloudflare Infrastructure
Book a Technical Briefing

15 minutes. No commitment.

We'll walk through the full architecture and answer any technical questions about the deployment workflow.

Book a Technical Briefing →

Financial & Legal MSPs prioritized.

If you prefer email first:

→ partners@integritylayersecurity.com