diff --git a/detection-rules/beta_fuzzy_graymail_rule.yml b/detection-rules/beta_fuzzy_graymail_rule.yml
new file mode 100644
index 00000000000..9024a05bc2e
--- /dev/null
+++ b/detection-rules/beta_fuzzy_graymail_rule.yml
@@ -0,0 +1,8 @@
+name: "Beta: Fuzzy Graymail"
+description: "Exercises the beta.fuzzy_attack_score() function. Flags on Graymail verdicts."
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  and any([beta.fuzzy_attack_score()], .analyzed and .verdict == "graymail")
+id: "f83b83bc-039b-4025-be85-78a36ffabf6e"
diff --git a/detection-rules/beta_fuzzy_malicious_rule.yml b/detection-rules/beta_fuzzy_malicious_rule.yml
new file mode 100644
index 00000000000..7b8dc24d6ba
--- /dev/null
+++ b/detection-rules/beta_fuzzy_malicious_rule.yml
@@ -0,0 +1,8 @@
+name: "Beta: Fuzzy Malicious"
+description: "Exercises the beta.fuzzy_attack_score() function. Flags on Malicious verdicts."
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  and any([beta.fuzzy_attack_score()], .analyzed and .verdict == "malicious")
+id: "4822150c-e06c-48aa-8e2e-8bede0bd39d3"
diff --git a/detection-rules/beta_fuzzy_spam_rule.yml b/detection-rules/beta_fuzzy_spam_rule.yml
new file mode 100644
index 00000000000..e1f5ec9dd55
--- /dev/null
+++ b/detection-rules/beta_fuzzy_spam_rule.yml
@@ -0,0 +1,8 @@
+name: "Beta: Fuzzy Spam"
+description: "Exercises the beta.fuzzy_attack_score() function. Flags on Spam verdicts."
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  and any([beta.fuzzy_attack_score()], .analyzed and .verdict == "spam")
+id: "ed0965c3-8691-40ed-a44d-c73b23e8c76e"