ThreadScanner is local-first email security for the analyst who has to be right. Email is analyzed on your machine — with an AI ensemble you control, real cryptographic authentication, and deep document inspection. A complement to your gateway, not a replacement.
Built to sit alongside the gateway you already run
Secure email gateways do real work at scale — but the attacks that get through are the ones built specifically to look clean: session-stealing phishing, vendor and executive impersonation, and payloads hidden inside everyday documents. ThreadScanner is built for that residue.
Adversary-in-the-middle kits capture the session after multi-factor succeeds, so every signal a gateway trusts still reads “legitimate.”
Business email compromise rarely carries a payload — it relies on trust, look-alike domains, and timing that volume filters aren’t built to weigh.
Malicious intent tucked inside PDFs, Office files, HTML, and QR codes slips past inboxes that never unpack what’s really inside.
A focused set of detections across the layers gateways tend to skim: authentication, identity, links, and document payloads. Every verdict comes with the evidence behind it, in plain language.
Modern phishing kits relay credentials and steal the session after multi-factor succeeds — which is exactly why the signals gateways rely on still wave them through. ThreadScanner is built to recognise the patterns these campaigns leave behind, and to flag impersonation and intent that volume filters miss.
Email content is analyzed on your machine. Nothing about a message leaves your device unless you explicitly opt into a cloud step.
Bring your own API keys and choose your providers — run fully local, add a cloud second opinion, or both. You pay for the product, not metered inference.
Full signature verification against the sender’s published keys — not just header parsing — so spoofed and replayed mail has nowhere to hide.
PDFs, Office files (OOXML), and HTML are unpacked and inspected for the things attackers hide where inboxes never look.
QR codes in images and documents are decoded and checked — and the scanner surfaces risk in messages your gateway already marked clean.
Built for security engineers and IT generalists alike. The scanner runs locally; the integrations are progressive — wire up only what you need.
A native desktop app for macOS today, with Windows next. No mail content is sent to ThreadScanner — analysis happens on your device.
Paste a suspect email, drop an .eml file, or connect a
reporting mailbox. Bulk mode handles a backlog of messages at once.
An explainable verdict with the reasoning behind it, plus a redacted evidence package that’s safe to share with the reporter or your vendor.
Built for the way analysts actually work. Bring your own AI keys at every tier — you pay for the product, not the inference.
Self-serve checkout opens later in 2026. Until then, design partners get private-beta pricing.
We’re onboarding a small cohort of design partners through 2026. Tell us a little about your environment and we’ll reach out when your slot opens.
We won’t share your info. No marketing automation, no list selling.
