-
Notifications
You must be signed in to change notification settings - Fork 0
Comparison and Positioning
Nick edited this page Nov 18, 2025
·
2 revisions
This document provides a detailed comparison of PATAS with traditional approaches and existing solutions in the anti-spam/abuse detection market.
| Aspect | Classic ML Classifier | PATAS |
|---|---|---|
| Pattern Discovery | Requires labeled training data, manual feature engineering | Automatic discovery from historical logs |
| Transparency | Black-box model (neural network, ensemble) | Transparent SQL/regex rules |
| Explainability | Hard to explain why a message was flagged | Clear: shows exact rule and why it matched |
| Metrics | Global model metrics (accuracy, F1) | Per-rule metrics (precision, recall, coverage) |
| Rule Management | Retrain entire model | Individual rule lifecycle (promote/deprecate) |
| Safety Control | Single threshold for all decisions | Tiered safety profiles (Conservative/Balanced/Aggressive) |
| On-Premise | Often requires cloud ML services | Fully on-premise, no external dependencies |
| Aspect | Classic LLM Filter | PATAS |
|---|---|---|
| LLM Usage | Real-time per-message classification (online) | Pattern discovery from aggregated data (offline) |
| Pattern Discovery | LLM analyzes individual messages in real-time | Automatic clustering + LLM analyzes aggregated patterns |
| Rule Generation | LLM suggests rules per message (may be inconsistent) | LLM discovers patterns, then deterministic SQL/regex generation |
| Cost | Per-message API calls (expensive at scale) | One-time pattern discovery on aggregated data, then rule-based |
| Latency | API call per message (100-500ms) | Rule evaluation (1-10ms) |
| Transparency | LLM reasoning may be opaque | Transparent SQL rules (LLM used for discovery, not classification) |
| Consistency | LLM may give different answers for similar messages | Deterministic rule matching (LLM discovers patterns once) |
| Privacy | Messages sent to external API in real-time | Aggregated data only, encrypted/PII-redacted, on-premise option |
| Data Volume | Processes each message individually | Processes aggregated patterns, scales to millions |
Key Difference: Classic LLM Filters use LLM for real-time classification of individual messages. PATAS uses LLM for offline pattern discovery from aggregated data, then uses deterministic rules for real-time evaluation.
| Aspect | Manual Rule Writing | PATAS |
|---|---|---|
| Discovery | Human analysts identify patterns | Automatic discovery from data (with LLM semantic understanding) |
| Coverage | Limited by analyst time/expertise | Discovers patterns at scale |
| Maintenance | Manual updates when spam evolves | Automatic re-discovery |
| Metrics | Often no per-rule metrics | Built-in precision/recall/coverage |
| Safety | Ad-hoc safety decisions | Systematic safety profiles |
| Scalability | Doesn't scale with data volume | Scales automatically |
| Feature | Sardine | Abnormal | Feedzai | Stream | PATAS |
|---|---|---|---|---|---|
| Auto pattern discovery | ❌ | ✅ (LLM) | ❌ | ❌ | ✅ (data-driven + LLM) |
| Transparent rules | ✅ | ~ | ✅ | ✅ | ✅ |
| Per-rule metrics | ✅ | ❌ | ~ | ❌ | ✅ |
| Safety profiles | ❌ | ❌ | ❌ | ❌ | ✅ |
| On-premise | ~ | ❌ | ~ | ❌ | ✅ |
| General-purpose | ❌ (fintech) | ❌ (email) | ❌ (fintech) | ✅ | ✅ |
| Developer API-first | ✅ | ~ | ~ | ❌ | ✅ |
- Focus: Fintech fraud detection
- Strengths: Transparent rules, per-rule metrics
- Limitations: No automatic pattern discovery, fintech-specific, limited on-premise
- PATAS Advantage: Automatic discovery, general-purpose, full on-premise
- Focus: Email security
- Strengths: LLM-based pattern discovery
- Limitations: Email-specific, SaaS-only, no per-rule metrics, no safety profiles
- PATAS Advantage: Data-driven discovery (not LLM-dependent), general-purpose, on-premise, per-rule metrics
- Focus: Fintech fraud prevention
- Strengths: Transparent rules, some on-premise options
- Limitations: Fintech-specific, no automatic discovery, limited per-rule metrics
- PATAS Advantage: Automatic discovery, general-purpose, comprehensive per-rule metrics
- Focus: General-purpose content moderation
- Strengths: General-purpose, transparent rules
- Limitations: No automatic discovery, SaaS-only, no per-rule metrics, no safety profiles
- PATAS Advantage: Automatic discovery, on-premise, per-rule metrics, safety profiles
No other product combines all of these features:
- ✅ Automatic pattern discovery from historical logs (not manual rule writing)
- ✅ Transparent rule generation (SQL/regex-like, not black-box models)
- ✅ Per-rule metrics (precision, recall, coverage for each rule)
- ✅ Safety profiles (Conservative/Balanced/Aggressive tiers)
- ✅ On-premise / self-hosted option (not SaaS-only)
- ✅ General-purpose (not limited to email or fintech)
- ✅ Developer API-first (not just UI for non-technical teams)
PATAS is ideal when you need:
- Transparency: You need to explain why messages were flagged
- Control: You want per-rule metrics and safety profiles
- Privacy: You need on-premise processing
- Scale: You have large volumes of historical logs to analyze
- Flexibility: You need a general-purpose solution (not domain-specific)
- Developer-friendly: You prefer API-first over UI-only tools
PATAS may not be ideal if:
- You need real-time per-message LLM analysis (use LLM filters for real-time classification)
- You prefer black-box ML models (use traditional ML classifiers)
- You only need simple keyword blocking (use basic regex rules)
- You require a SaaS-only solution (PATAS is on-premise-first)
PATAS is designed to complement, not replace, existing anti-spam systems:
- Use PATAS for pattern discovery and rule generation (offline analysis)
- Use your existing ML/LLM for real-time classification if needed
- Combine signals from both systems for final decisions
- Use PATAS metrics to validate and improve your ML models
This hybrid approach gives you the best of both worlds: automatic discovery with semantic understanding (PATAS) + real-time classification (ML/LLM filters).
Last Updated: 2025-11-18