💡 Note
This isn’t an issue with the system itself — it’s related to the AI model currently being used.
The model (llama3:8b) is a general-purpose language model and hasn’t been trained specifically for phishing or email classification. Because of that, it may:
Mislabel legitimate messages as phishing
Miss more subtle phishing attempts
🧠 Why This Happens
The model doesn’t yet understand the patterns unique to your organization’s emails (staff communications, newsletters, vendor notices, etc.).
To improve accuracy, it needs additional training data — real examples of both safe and phishing messages.
⚙️ Built-In Training Support
The system already supports data collection for fine-tuning.
When the following setting is enabled in config.json:
"train_ai": true
It will automatically:
Save each request sent to the AI classifier
Store the AI’s response in a training table
Those stored samples can later be reviewed and corrected. Once you have enough labeled examples, they can be used to fine-tune the model so it learns what a normal vs. phishing message looks like in your environment.
🚀 Next Steps
Enable "train_ai": true in your configuration.
Let the system collect several hundred or thousand labeled examples.
Use that dataset to fine-tune or retrain the model for higher accuracy.
💡 Note
This isn’t an issue with the system itself — it’s related to the AI model currently being used.
The model (llama3:8b) is a general-purpose language model and hasn’t been trained specifically for phishing or email classification. Because of that, it may:
Mislabel legitimate messages as phishing
Miss more subtle phishing attempts
🧠 Why This Happens
The model doesn’t yet understand the patterns unique to your organization’s emails (staff communications, newsletters, vendor notices, etc.).
To improve accuracy, it needs additional training data — real examples of both safe and phishing messages.
⚙️ Built-In Training Support
The system already supports data collection for fine-tuning.
When the following setting is enabled in config.json:
"train_ai": true
It will automatically:
Save each request sent to the AI classifier
Store the AI’s response in a training table
Those stored samples can later be reviewed and corrected. Once you have enough labeled examples, they can be used to fine-tune the model so it learns what a normal vs. phishing message looks like in your environment.
🚀 Next Steps
Enable "train_ai": true in your configuration.
Let the system collect several hundred or thousand labeled examples.
Use that dataset to fine-tune or retrain the model for higher accuracy.