# Hybrid MLOps framework for automated lifecycle management of adaptive phishing detection models

**Authors:** Asmaa Reda, Shereen A. Taie, Masoud E. Shaheen

PMC · DOI: 10.1038/s41598-025-23600-z · Scientific Reports · 2025-11-04

## TL;DR

A new MLOps framework called HAMF improves phishing detection by automatically adapting to changes and ensuring fairness and trustworthiness.

## Contribution

Introduces HAMF, a hybrid MLOps framework that integrates resilience and ethical governance into phishing detection model lifecycle management.

## Key findings

- HAMF detects drift within 18 seconds and restores F1 scores above 0.99 after attacks.
- The framework reduces subgroup disparities by over 60% and scales to 2,300 requests per second with low latency.
- HAMF validates the effectiveness of embedding resilience and ethical alignment in MLOps.

## Abstract

Phishing detection models degrade quickly due to drift, adversarial evasion, and fairness issues. Existing MLOps platforms mainly automate deployment and monitoring. Prior works have examined SHAP-based monitoring, retraining, or fairness audits separately, but lack an integrated theory of resilience for adversarial environments. We introduce the Hybrid MLOps Framework (HAMF), a system designed to embed resilience and ethical governance into the lifecycle of phishing detection models. HAMF is ‘hybrid’ because it unifies proactive and reactive adaptation, combining automation with stakeholder oversight, and embedding resilience with ethical governance. HAMF treats resilience as an integrated lifecycle property, designed to simultaneously preserve model accuracy, fairness, and stakeholder trust amidst concept drift. Methodologically, HAMF implements this through a hybrid control cycle. This cycle fuses four key capabilities: SHAP-guided feature replacement, event-driven retraining, fairness-triggered audits, and structured human feedback. Unlike conventional pipelines where these functions are isolated, HAMF ensures their interdependence as first-class triggers. Empirical evaluations on large-scale phishing streams demonstrate HAMF’s superior performance. The framework detects drift within 18 seconds, restores F1 scores above 0.99 post-attack, reduces subgroup disparities by over 60%, and scales to over 2,300 requests per second with sub-50ms latency. These results validate HAMF’s design, demonstrating that embedding resilience and ethical alignment into the MLOps lifecycle is both effective and scalable.

## Full-text entities

- **Chemicals:** HAMF (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12586440/full.md

## Figures

9 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12586440/full.md

## References

34 references — full list in the complete paper: https://tomesphere.com/paper/PMC12586440/full.md

---
Source: https://tomesphere.com/paper/PMC12586440