TyroneGowerStreamlining classification workflows
Reducing cognitive load and improving efficiency
Project Overview
The AI Agent feature automatically analyzes and classifies domains into risk-based categories, helping users quickly assess which domains may be safe, suspicious, or potentially harmful. By surfacing these insights, the feature reduces the manual effort required for domain analysis and gives users a clearer picture of where to focus their attention. Ultimately, it empowers organizations to make informed decisions about managing their digital assets, mitigating threats, and protecting their brand.
The Problem
With the increase of domains being added to the platform, the number of domains that need to be classified manually was increasing. This was a time-consuming process and was not efficient
The Solution
Introducing an AI Agent that would assess and classify domains into different categories based on their risk level and provide a recommendation on what to do next
Progression
This feature is currently in progress and is expected to be released in the next few months
Purpose for the AI Agent
User Feedback
This project was designed with a quick turnaround, focusing less on heavy wireframing and more on iterative testing. Our goal was to understand why users weren’t classifying and moving lookalike domains from Unclassified into Low Risk, High Risk, or Takedown categories.
Through early user feedback sessions, we uncovered key pain points:
- Users reported seeing too many new lookalikes on a daily basis, making it difficult to manage.
- Many users felt overwhelmed by data, with most domains proving safe, they only wanted to see what required action (eg. takedown or monitoring).
- Users frequently asked, “What’s important?”, highlighting a need for clearer prioritization.
- Time was a recurring barrier, not all of our users had the capacity to manually review and classify domains every day.
These insights revealed that users needed a way to cut through the noise and focus only on actionable threats
From this, we developed the idea of an AI Agent that would mimic how a human analyst evaluates a lookalike: analyzing signals, comparing WHOIS metadata, and breaking everything down into clear, actionable results for customers.
Discovery
Defining and Aligning Goals
We started by framing the purpose of introducing an AI Agent: to reduce the manual burden of classifying lookalike domains while increasing accuracy and efficiency. Together, we mapped out what the Agent should achieve for users, such as faster takedown decisions, clearer prioritization of threats, and better overall trust in automated recommendations.
Identifying Pain Points
Next, we gathered insights from both a user perspective and a technical perspective. Users expressed frustrations around information overload, lack of prioritization, and limited time to manually review domains. On the technical side, scalability, feedback loops, and ongoing maintenance emerged as potential roadblocks that needed to be considered early in the design.
Brainstorming Solutions
Finally, we explored solutions that could directly address the identified challenges. These included:
- Improving AI explainability by showing why a domain was flagged.
- A recommendation system that would provide users with actionable insights based on the AI's analysis
- Designing classification outputs that prioritize clarity and trust, helping users focus only on the domains that matter most.
- A feedback loop that would allow users to provide input on the AI's recommendations and help it improve over time
The Design
Designing for clarity and action
The first UI enhancement we introduced was the Recommendation column, which signaled the urgency of each lookalike domain. Categories such as Safe, Suspicious, or Takedown Candidate gave users an at-a-glance understanding of risk.
This design decision ensured that users could quickly distinguish between routine domains and those requiring immediate attention, reducing cognitive load while increasing trust in the AI’s guidance.
Adding a summry and quick filter
To give users a clear overview of the AI Agent’s findings, we introduced an AI Recommendation summary widget at the top of the Activity page. This component displays the total number of recommendations and breaks them down into actionable categories: Takedown Candidates, Suspicious, and Safe.
Each category is interactive (following an existing pattern in our summary component), users can click on an item to instantly filter the table below, surfacing only the domains most relevant to their immediate needs. This design not only reduces time spent searching but also ensures that users can focus on the highest-priority threats without being overwhelmed by data.
By combining a high-level snapshot with direct filtering controls, the widget bridges the gap between awareness and action, making AI insights both accessible and actionable.
AI Recommendation breakdown
The AI Agent provides a comprehensive breakdown of its analysis through four key sections:
What was discovered
The system highlights the evidence collected (e.g., logos, faces, emails, keywords). This gives users transparency into the signals the AI Agent used to classify the domain.
What the Agent found
A short narrative explains how the suspicious domain relates to the user's brand. For example: "yoursdomain.com is actively impersonating yourdomain.com by using your logo and an executive's image to misrepresent your brand."
Why it matters
The card outlines the potential risks (e.g., deception of users, brand infringement, reputational damage). Severity tags like Takedown Candidate make urgency clear.
What to do next
Action buttons (e.g., Mark for Takedown) allow users to act immediately. A "Show Thinking" option provides deeper analysis and reasoning, helping build trust in the AI's decision-making.
Initial AI Recommendation Card concept
Updated AI Recommendation Card concept based on feedback and updated data
Closing the Loop on AI Recommendations
To complete the workflow, we introduced a dashboard card that highlights what the AI Agent has discovered and directs users to the right place for action.
Visibility at a glance
Users see the most recent AI-driven findings immediately upon logging in, ensuring nothing critical is missed.
Prioritization
Alerts are broken down into categories like Takedown Candidates, Suspicious, and Safe, helping users focus on what matters most.
Direct action
Each alert links users directly to the relevant table (e.g., Unclassified, High Risk), reducing friction and saving time.
The Final Design
This project set out to solve a critical problem for users: the overwhelming volume of lookalike domains and the difficulty of deciding which ones required action. Through research and user feedback, we learned that most users didn’t have the time or capacity to manually classify domains every day, they needed clarity, prioritization, and actionable guidance.
The solution was to introduce an AI Agent that mimics the way a human analyst evaluates domains, surfacing the most relevant threats and breaking them down into clear categories: Safe, Suspicious, and Takedown Candidates.
To support this, we designed a set of UI components that guide users through the entire journey:
- Recommendation column & tags – making AI-driven classifications visible directly in the table.
- Summary widget – providing a high-level breakdown of all recommendations with one-click filtering.
- Detail cards – explaining what was discovered, why it matters, and what action to take, building trust in AI reasoning.
- Dashboard integration – surfacing key discoveries and linking users to the right workflows, ensuring visibility and immediate action.
Together, these design decisions created a seamless round trip: from detection → recommendation → explanation → resolution. The result is a workflow that reduces cognitive load, increases trust in automation, and empowers users to focus on the domains that matter most to their brand security.
