Two former Google security executives have raised $13 million for AegisAI, a startup that believes artificially intelligent agents can autonomously analyze and block off phishing, malware and business email compromise before these messages ever land in an inbox.
The timing aims at an expanding issue. CISA has repeatedly cautioned that more than 90 percent of successful cyberattacks begin with a phishing email. According to CrowdStrike research, LLM-generated lures were more than 4x more likely to drive click-throughs than those written by humans. That combination has made email the most accessible front door for criminals — and the most difficult to police with static rules for defenders.
Agentic defense Defending against inbox
The basic pitch for AegisAI is a bunch of AI agents networked together, each of which is specialised in a particular class of threat. An orchestrator grades an incoming message, and then dispatches “specialists” who feverishly examine content, headers, links, attachments, QR codes, yes, even sender behavior, in microseconds. The agents talk over their findings, challenge one another’s conclusions, and come to a ruling—approved, quarantined, elevated — before dispatch.
Rather than endless rules, which attackers can probe and evade, the company says its agents self-tune against the latest variants as they are seen. The models are trained for various verticals — like venture capital or financial services — where attack patterns differ. This leads to a 90% reduction path in false positives than traditional secure email gateways, a crucial metric as over-blocking damages the user trust and results in shadow IT.
Behind the scenes, the agents also look deeper than simple reputation and signature checks on the URLs. They convert links within safe sandboxes, decode and analyze QR payloads, check for lookalike domains and display-name impersonation, and cross-reference message context with previous conversation history to power thread hijacks. The solution also scans transport metadata and anomalous mailbox rules – a staple of account-takeover playbooks.
Google-honed founders and backers
AegisAI was started by Cy Khormaee and Ryan Luo, alumni of Google’s Safe Browsing and reCAPTCHA teams. Before that Khormaee headed product for teams responsible for protecting billions of users and millions of websites against phishing, malware and fraud. Luo worked on Safe Browsing for nearly a decade, helping to develop large-scale systems to detect web threats. Their collective experience comes through in the product’s focus on adversarial testing and ongoing retraining.
The $13 million seed round is co-led by Accel and Foundation Capital. Working with a tight, senior team spread out over San Francisco and New York, the company is using its new capital to model engineering work and go-to-market buildout.
How it works with email security
There are two main strategies for email defense: traditional secure email gateways, such as Proofpoint and Mimecast, which sit in-line and are largely based on rules and signatures; and API-native providers like Microsoft Defender for Office 365, Abnormal Security and Material Security, which inspect messages after they are received using cloud-based APIs.
AegisAI is in the spirit of the API model but with a focus on pre-inbox decisions and by actions autonomous agents, rather than a static policy or classifier for a single model.
These change of focus is supported by the threat landscape. Attackers now leverage LLMs to generate fluent, personalized lures en masse; QR posing campaigns conceal malicious URLs within QR codes; vendor email compromise and thread hijacking attack on trust with established threads and mailbox rule abuse silently forwards invoices elsewhere. The FBI’s Internet Crime Complaint Center has reported billions of dollars of annual losses from business email compromise alone, showing that detection accuracy — as opposed to simple volume scanning — is important.
Early traction and deployment
AegisAI integrates with Google Workspace and Microsoft 365 through API. Installation reportedly takes just minutes, according to the company. New deployments begin in read‑only wave to compare detections against existing controls, followed by a phased activation of quarantine after the accuracy is verified in customer’s environment.
The startup says it is piloting with companies in the U.S. and Europe and already has signed on its first paying customers, which include data privacy software provider Lokker and crypto payments company Mesh Connect. Reports given a post-analysis describe missed threats and false positives so that security teams can tune policies and show value to stakeholders.
What to watch next
Agentic systems aren’t a cureall; adversaries adapt and learn as quickly as we do. The founders admit an arms race and will include specialized agents as attackers iterate. For buyers, the interesting signals will be consistent catch rates against new lures, reduced false positive rates, the ability to mitigate thread hijacking and supplier-impersonation campaigns, and time-to-decision at scale.
For now, the bet is simple: AI made email attacks cheaper and more convincing; AI, when deployed as cooperating specialists, could just to stop them before they reach you.
