This rule detects potentially malicious links shared from the buildin.ai domain that exhibit characteristics associated with credential harvesting. It specifically filters for links that contain the path '/share' in their URL and analyzes the corresponding display text for intent related to credential theft, utilizing a natural language understanding model. The detection logic employs a medium to high confidence threshold in categorizing the language as indicative of phishing activities. The rule provides protection against multifaceted credential phishing attacks that may leverage social engineering tactics through seemingly benign file-sharing mechanisms.