Just a minute there
"an agent can analyze an email and determine "this is a bad return address," Lord said. "This is a fake logo. This is a URL that's hosted in a .parks domain and has only been up for the last 12 hours. This is legitimately bad. Filter it to the security team"
I fail to see how you need pseudo-AI to get such results.
I programmed my own personal spam filter that could easily detect when someone claimed to represent (example) Microsoft(*) but the return address was somewhere.iranistan.com. I was capable of going through all http links and check if they were pointing to legitimate Microsoft domains. I had an extensive subject dictionary where I stored the blatant examples of things that spammers would use (mostly spelling errors and references to orders that needed to be confirmed and such). I also had a keyword database that looked through the mail checking for the most obvious things spammers put in their mails (I need someone to recover the money and send it to me, etc).
It was accurate, evolutive, and stored the offending spam in a reference database with the reason for its removal as keyword.
I'd have to go check the code, but I'm pretty sure I didn't write 10,000 lines to get this result, and there were no calls to any external libraries whatsoever.
This pseudo-AI thing is an industrial crusher looking for a walnut to justify its existence.
*Replace Microsoft by any company, bank or official organization