As AI is increasingly helping hackers To launch a massive email attack, former Google security leaders have united to create autonomous AI agents designed to stop phishing, malware and business email compromise threats before they can reach users’ inboxes.
That’s the task behind it aegisaiIt’s a new email security startup that has just emerged from invisibility, with a $13 million seed funding co-led by Accel and Foundation Capital.
more than 90% of successful cyberattacks begin Phishing emails are provided by the Federal Cybersecurity Agency CISA. The nearest crowd study (PDF) also found that the Large Language Model (LLMS) generated phishing messages with a hit rate of 54% in 2024, which is much higher than the 12% of emails written by humans.
Aegisai’s aim is to contradict this growing threat to its suite of autonomous AI agents.
Founded by former Google Safe Browsing and Recaptcha executives Cy Khormaee and Ryan Luo, the startup offers a well-planned real-time AI proxy network that automatically checks, analyzes and neutralizes email threats without relying on any specific rules. This approach challenges typical email security platforms that rely on static rules and often require a lot of user training.
“The sum of all evil is a PDF attachment in the email. This is always where all the attacks start, so I really want to fix this.”
Khormaee has served as Google’s product manager and director of product management for more than five years until July 2023. During this time, he led a security team responsible for protecting Google, its 4 billion users, and 4 million websites from phishing, malware and fraud, using products such as secure browsing, Recaptcha and web risk. It was during this time that he first met Luo, who spent nearly a decade at Google and was part of the safe browsing team.
He told TechCrunch that Google provides Khormaee with first-hand experience in building phishing detection technologies, a deep understanding of security, and how to rapidly grow and expand security businesses.
Before Google, Khormaee established the sales intelligence platform Contastic, which is Acquisitioned by Sugarcrm in 2016. Later, he served as Vice President of Product Management at Actentive for a year and a half until November 2024 before starting Aegisai.
Aegisai builds inference agents, each of which is a customized LLM and adjusts for specific threats. Once a well-planned agent recognizes a threat or potential threat, it will call it another agent in the network, and Khormaee calls it a “partner.” These agents then analyze, reason with each other, and respond to the carefully planned agent through judgment.
The agent performs real-time analysis of each message component, including links, attachments, metadata, QR codes, and behavior patterns.
“Building these tools from Google is what are the emails you need to analyze? What are all the data sources? What are all the techniques to discover intrusion, and all the annoying things can your opponents see chess we played with these opponents for over 10 years?” Khormaee said.
Although Aegisai has built more than 10 agents for the work right now, Khormaee told TechCrunch that as opponents get smarter and try to trick the system, there may be 50 to 100 agents over time.
“I totally believe that within two years, the opponents will understand what we are doing. They will reattack what we are doing and then we need to build more agencies to stay ahead of the pack,” he said.
Unlike typical email security platforms that use rule-based approaches, these AI agents discover a bunch of attacks and adjust themselves in real time for every possible variant of these attacks, Khormaee said. The startup has developed a variety of AI models tailored to a variety of threats and specific industries, including venture capital and financial services companies.
The startup claims that in addition to rapidly detecting threats, Aegisai’s agents have reduced false positives by 90% compared to traditional solutions.
It takes “no more than five minutes” for customers to install AEGISAI system through API on their Google Workspace or Microsoft 365 email accounts. Once set up, the startup will send reports within a few days and provide detailed information about what the system finds in the environment, including false positives and false negatives. It will then run in read-only mode for one week, then activate the quarantine.
“Without this technology, it’s hard to solve this very heterogeneous problem in emails,” Khormaee said.
The startup has offices in San Francisco and New York, is currently operating a pilot with its customers in the U.S. and Europe, and has added three paid customers, including data privacy compliance software Lokker and Crypto Payment Platform Platform conne. The startup currently has a team of six members.
With the new investment, the startup plans to expand its technical expertise and build a strong to-market infrastructure, Khormaee said.
