Jane Street
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20none;%20}%20.st1%20{%20fill:%20%23fff;%20}%20.st2%20{%20clip-path:%20url(%23clippath);%20}%20%3c/style%3e%3cclipPath%20id='clippath'%3e%3crect%20class='st0'%20width='1500'%20height='330.9'/%3e%3c/clipPath%3e%3c/defs%3e%3cg%20class='st2'%3e%3cg%3e%3cpath%20class='st1'%20d='M490.9,19.1h-79.9v245.2h79.5c78.5,0,129.3-44.5,129.3-124s-50.5-121.2-129-121.2ZM486.3,229.6h-34.7V53.8h34.7c62.4,0,91.5,31.5,91.5,86.5s-29.1,89.3-91.5,89.3Z'/%3e%3cpath%20class='st1'%20d='M728.4,78.7c-51.5,0-92.9,37.5-92.9,93.5s41.3,96,92.9,96,92.9-37.8,92.9-96-40.7-93.5-92.9-93.5ZM728.4,234.9c-31.9,0-54-25.6-54-62.7s21.7-60.2,54-60.2,54,25.2,54,60.2-22.1,62.7-54,62.7Z'/%3e%3cpath%20class='st1'%20d='M934.9,78.7h0,0c-28,0-47.6,12.6-57.1,27.3v-23.1h-37.8v248h37.8v-90.4c10.2,15.8,30.1,27.7,56.4,27.7,45.6,0,84.4-34,84.4-96s-37.8-93.5-83.7-93.5ZM928.6,235.9c-28.7,0-51.5-23.8-51.5-63.7s21.4-61.3,51.5-61.3,50.8,21.4,50.8,61.3-22.4,63.7-50.8,63.7Z'/%3e%3cpath%20class='st1'%20d='M1134.6,78.7h0,0c-28,0-47.6,12.6-57.1,27.3v-23.1h-37.8v248h37.8v-90.4c10.2,15.8,30.1,27.7,56.4,27.7,45.5,0,84.4-34,84.4-96s-37.8-93.5-83.7-93.5ZM1128.3,235.9c-28.7,0-51.5-23.8-51.5-63.7s21.4-61.3,51.5-61.3,50.8,21.4,50.8,61.3-22.4,63.7-50.8,63.7Z'/%3e%3cpath%20class='st1'%20d='M1325.9,78.6h0s0,0,0,0c-46.9,0-90,36.1-90,93.5s42.1,96,92.5,96,73.6-16.8,84.5-55.7h-37.9c-9.1,17.5-27.3,23.5-45.6,23.5-27.7,0-51.2-19.3-54.7-50.8h139.8v-8.7c0-65.1-41.7-97.7-88.7-97.7ZM1274.4,155c3.2-27.7,24.9-44.5,50.8-44.5s47.7,17.5,49.8,44.5h-100.6Z'/%3e%3cpath%20class='st1'%20d='M1473.4,234.3V19.1h-37.8v209.6c0,19.7,16,35.6,35.6,35.6h28.8v-30h-26.6Z'/%3e%3cpath%20class='st1'%20d='M176.7,0v18c39.5,11.3,68.5,47.7,68.5,90.8s-28.9,79.5-68.5,90.8v84.1c66.8-12.7,117.3-71.4,117.3-141.9S243.5,12.7,176.7,0Z'/%3e%3cpath%20class='st1'%20d='M48.8,174.9h0c0-43.2,28.9-79.5,68.5-90.8V0C50.5,12.7,0,71.4,0,141.9s50.5,129.2,117.3,141.9v-18c-39.5-11.3-68.5-47.7-68.5-90.8Z'/%3e%3cpath%20class='st1'%20d='M120.7,93.2l-11.5,67.5,63.5,30.3,11.5-67.5-63.5-30.2Z'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
About
Doppel is an AI-native platform focused on detecting and disrupting social engineering attacks. We build systems that identify AI-powered impersonation, phishing, and fraud across the internet, link them into real-time threat graphs, and actively dismantle attacker infrastructure.
Our work combines LLM-driven detection, large-scale threat intelligence, and autonomous response systems with training and simulation to strengthen human defenses. Our mission is to protect the world from social engineering attacks every day.
A challenge for the 3Blue1Brown Audience
At Doppel, every decision comes down to reasoning about p(y) — the probability that a message is malicious given what we observe. Here's a puzzle that captures the core of that challenge.
Setup. You're a cracked security team defending your users against a known phisher. Each day, the two of you are locked in a cat-and-mouse fight. The attacker sends a phishing campaign and chooses how often to use each of n persuasive phrases in their messages — things like "urgent", "verify account", "free gift", "security alert", "payroll".
The attacker selects a distribution \mathbf{p} = (p_1, p_2, \ldots, p_n) over phrases T = \{t_1, t_2, \ldots, t_n\}, where p_i = P(\text{attacker uses } t_i).
Each phrase t_i has an intrinsic social-engineering payoff s_i: if a message using t_i reaches a user unflagged, it succeeds with probability s_i. If the message is flagged or fails to convince, payoff = 0.
Your detector. You don't have the bandwidth to inspect every message perfectly — these phrases appear innocently in normal traffic too. Instead, you run a lightweight detector that monitors phrase frequencies. Given a baseline distribution \mathbf{q} = (q_1, q_2, \ldots, q_n) representing natural phrase frequencies, you raise an alarm when:
\displaystyle \sum_i p_i \log\!\left(\frac{p_i}{q_i}\right) > C
for some constant C. (You might recognize this quantity.)
The question. What distribution \mathbf{p} should the attacker choose to maximize their expected payoff?
Hint: the optimal strategy isn't deterministic.
Featured work
Threat Classification with OpenAI RFT
Doppel's threat classification system uses OpenAI's GPT-5 and Reinforcement Fine-Tuning (RFT) to make real-time decisions on whether a detected signal is malicious, benign, or ambiguous. Each signal passes through multiple LLM prompts purpose-built for different threat types — assessing impersonation risk, brand misuse, and social engineering patterns.
The system learns continuously: human analysts review and correct classifications, those corrections fine-tune models via OpenAI's RFT platform, and improved models are redeployed to production. The result is a tightening feedback loop that cut analyst workloads by 80% and reduced threat mitigation from hours to minutes.
Read Full Case Study
Doppel's threat classification workflow, powered by OpenAI's RFT training framework.
Eliminating ML Infrastructure Tax with Modal
Running ML at scale used to mean managing a maze of Docker builds, Cloud Run services, IAM auth layers, and cold starts — overhead that crowded out the actual modeling work. Doppel replaced that stack with Modal's function-based inference, collapsing multi-step service pipelines into direct function calls.
The result: warm builds dropped from 10–30 minutes to under a minute, the team gained automatic scaling for traffic spikes, and engineers shifted their attention from infrastructure management to model development.
Read Full Write-up
Before and after: service-oriented inference on GCP vs. function-based inference on Modal.