The opportunities for using AI to automate workflows are many and varied, but one of the easiest ways to use AI to save time and improve your organization’s security is by building an automated SMS analysis service.
The Tines workflow automation platform provides a good example of how to do this. The supplier recently released its first own functions of artificial intelligenceand security teams have already started sharing AI-enhanced workflows they’ve created using the platform.
Tines library of built-in workflows includes AI-enhanced built-in workflows for normalizing alerts, creating cases, and determining which phishing emails require escalation.
Let’s take a closer look at their SMS analysis workflow, which like all of their pre-built workflows is free to access and import, and can be used with a free Community Edition account.
Here we will share an overview of the workflow and a step-by-step guide to get it up and running.
The problem is text messages directed at employees
Employees often receive fraudulent SMS messages designed to steal login credentials or install malware on devices. These messages can lead to compromised accounts, unauthorized access to sensitive information, and potential breaches that can cause significant damage to an organization’s operations and reputation.
Responding to each report manually can be time-consuming and error-prone, making it difficult for security teams to keep up with the large number of threats.
The solution is an automated SMS analysis service
 |
| A web page with a form inviting employees to submit a message for analysis |
Using workflow automation, security services can create an SMS analysis service that anyone in the organization can use.
It works as a simple self-service model. When employees receive a suspicious message, they visit the web page and submit a screenshot of the message or a URL using the form provided. This form starts the workflow and they get a response within seconds. The response includes a clear and detailed analysis of the message and some recommended next steps.
Here’s an example of an image they might send:
Here’s an example of the result they might get:
 |
| Employee-generated automated analysis |
The text reads:
Hello! Thanks for posting about the post. I have analyzed the content and have a few observations:
The message states that your Amazon account has been locked due to multiple failed login attempts. This is a common tactic used in phishing scams where attackers try to get you to click on a malicious link to “recover” your account.
The message has a sense of urgency, which is another sign of a phishing attempt. Legitimate companies usually do not require immediate action in this way.
The link in the post (hxxp://s953909557/servweb) looks suspicious. I’ve cleaned the link, but I strongly advise you not to click on it, as it may lead you to a malicious website designed to steal your login credentials or install malware on your device.
Also, it looks like the message is not from any of our senior executives (executive names here). This could be a CEO fraud attempt, where someone impersonates a senior executive to request confidential information or perform unauthorized actions.
In summary, this message exhibits several characteristics of a common phishing scam and should be treated with caution. I recommend that you do not click on the link provided, but contact Amazon directly through their official website or customer service channels to check the status of your account.
If you have any other questions or concerns, please let me know. I’m here to help keep our organization safe.
Here are some of the main benefits of running such a service:
- It fosters a cybersecurity culture, making it easier for employees to exercise vigilance and empowering security-conscious decision-making
- This reduces manual, repetitive work for the security team
- This increases the speed and accuracy of threat detection
 |
| Pre-built workflow in Tines library |
Workflow overview
This workflow uses Tines Pages to create an automated SMS analysis service that anyone in the organization can use.
Tools used:
- Tines is a workflow automation and orchestration platform popular in security services. If you don’t have a paid account, you can use the free edition of Tines to get this workflow up and running. AI must be enabled on your tenant. Note that using AI actions is based on a credit system, but all accounts have free credit.
- OCR – a free tool that parses images and multi-page PDF documents and returns extracted text results in JSON format. Professional plans with larger usage sizes are also available.
The workflow begins with a submission to the Tines page, which contains a form where users can submit an SMS image or a corresponding URL.
The workflow then uses OCR to extract the text. If an image exceeds the file size limit, it is resized using an auto-resize action that calls a small piece of Python code that was generated by the artificial intelligence in Tines.
The workflow also receives an image when a URL is entered. When the image has been loaded, it renames the image according to the required format.
Once the text is extracted, it is sent to an AI action for analysis. The AI prompt asks the language model to analyze it for potential fraud indicators and clean up any links.
Here’s the AI tip the Tines team used to create the workflow:
You are a virtual security analyst analyzing a suspicious SMS that has been reported to you. Screenshot SMS was recognized by you.
Reply to the user who sent the SMS with the analysis. You should analyze it for tone and common scams like phishing, romance scams, fake invoice, fake tickets and dozens of others.
Since this is an internal tool, the main concern is CEO fraud, where someone can impersonate a senior executive. The top executives of this company are (show the names and titles of the executives here).
If you add any links in your reply that might be suspicious, make sure you defang them.
Start with:
“Hello! Thanks for posting about the message…”
The action of artificial intelligence forms a response to the user, including analysis – whether the message looks malicious – and recommended next steps – do not click the link, etc.
If the analysis fails for some reason, the user will be prompted to try again or contact the security team.
Workflow setup – step-by-step guide
 |
| Tines Community Edition registration form |
1. Log in to Tines or create a new account.
2. Make sure AI is enabled on your tenant. To do this, you need to be the owner of the tenant. Select the Account Settings drop-down menu in the upper left corner of the screen and check the box to enable AI.
 |
| Registration form in OCR Space |
 |
| Adding new credentials to Tines |
3. Create OCR credentials. Set up an OCR API account if you don’t already have one and get an API key for your account. On the Credentials page, select New Credentials. You will then be prompted to select a credential type (Text in this case) and fill in the required fields. Name the credentials “ocr_space” to automatically connect the credentials to the workflow.
 |
| Import history from the library to the tenant |
4. Go to pre-created workflow in the library.
 |
| Tines canvas workflow with drag and drop |
5. Select import. This will take you straight to your new pre-built workflow.
 |
| Editing Tines page |
 |
| Customizing the AI hint |
6. Customize your actions. For example, you can edit the layout of the Tines page that launches the workflow and customize the AI prompt with the names of your company’s executives.
7. Check the workflow. Submit an image through the form to test your workflow.
8. Publish your workflow and share the page URL with the right users.
Integration with other automation platforms
You can use another no-code automation platform to create a similar service, although it’s worth noting that some features of this workflow are unique to Tines:
- pages: This workflow starts with a submission to a form on a web page, and the result is delivered through the same web page. This is created using the Tines’ Pages feature.
- Alternative: Receive information and send results by email.
- Action AI: Tines AI is unique in that it allows users to directly access the language model and use it at any point in the workflow, offering robust security fences. There is no training, registration, validation, or storage of data going in and out of the language model.
- Alternative: Connect to an external LLM such as ChatGPT for analysis, but be sure to evaluate the security and privacy features of any model you plan to use when sensitive data will be transmitted.
- Converting an event automatically: This feature uses artificial intelligence at build time to generate Python code based on the instructions and input provided by the constructor. After you save the changes, the code will be locked in place. This means that when an action is executed, only the code is executed and no artificial intelligence is involved.
- Alternative: Write Python code by hand to transform your data.
If you want to learn AI in Tines yourself or try out this workflow, you can subscribe to free account including artificial intelligence functionality.
