As AI is more and more serving to hackers to launch mass-scale e mail assaults, former Google safety leaders have joined forces to construct autonomous AI brokers that intention to cease phishing, malware, and enterprise e mail compromise threats earlier than they ever attain consumer inboxes.
That’s the mission behind AegisAI, a brand new e mail safety startup that has simply emerged from stealth with $13 million in seed funding co-led by Accel and Basis Capital.
Greater than 90% of successful cyberattacks begin with a phishing e mail, per U.S. federal cybersecurity company CISA. A latest CrowdStrike study (PDF) additionally discovered that phishing messages generated by giant language fashions (LLMs) had a 54% click-through price in 2024, far larger than the 12% price for human-written emails.
AegisAI goals to counter this rising risk with its suite of autonomous AI brokers.
Based by former Google Protected Looking and reCAPTCHA executives Cy Khormaee and Ryan Luo, the startup provides an orchestrated community of real-time AI brokers that examine, analyze, and neutralize e mail threats autonomously, with out counting on any particular algorithm. This strategy challenges typical e mail safety platforms that depend on static guidelines and sometimes require intensive consumer coaching.
“The sum of all evil is a PDF attachment in an e mail. That’s all the time the place all of the assaults began, and so I actually needed to resolve this drawback,” Khormaee stated in an unique interview with TechCrunch.
Khormaee was head of product and director of product administration at Google for over 5 years till July 2023. Throughout that point, he led the safety staff chargeable for defending Google, its 4 billion customers, and 4 million web sites from phishing, malware, and fraud, utilizing merchandise like Protected Looking, reCAPTCHA, and Internet Danger. It was additionally throughout this time that he first met Luo, who had spent virtually a decade at Google and was a part of the Protected Looking staff.
Google gave Khormaee firsthand expertise in constructing phishing detection applied sciences, a deep understanding of safety from the corporate’s perspective, and find out how to develop and scale safety companies rapidly, he advised TechCrunch.
Earlier than Google, Khormaee based the gross sales intelligence platform Contastic, which was acquired by SugarCRM in 2016. He later served as VP of product administration at Attentive for over a 12 months and a half till November 2024, earlier than beginning AegisAI.
AegisAI has constructed reasoning brokers, every of which is a custom-built LLM tuned to a selected risk. As soon as the orchestrating agent acknowledges a risk or potential risk, it calls different brokers within the community, which Khormaee refers to as “buddies.” These brokers then run the evaluation, purpose with one another, and reply to the orchestrating agent with a verdict.
The brokers carry out real-time evaluation of each message element, together with hyperlinks, attachments, metadata, QR codes, and behavioral patterns.
“What we all know from constructing these instruments at Google is what all of the issues are about an e mail it is advisable analyze? What are all the info sources? What are all of the methods for recognizing invasion, and all of the nasty stuff adversaries do this we’ve seen over 10 years of enjoying chess with these adversaries?” stated Khormaee.
Whereas AegisAI has at the moment constructed over 10 brokers for this work, Khormaee advised TechCrunch that there could possibly be 50 to 100 brokers over time as adversaries change into smarter and attempt to idiot the system.
“I absolutely consider that in two years, adversaries will perceive what we’re doing. They’ll retool and assault what we’re doing, after which we’ll must construct extra brokers to remain forward of them,” he stated.
Not like a typical e mail safety platform that makes use of a rules-based strategy, these AI brokers spot a bunch of assaults and self-tune themselves for each doable variant of these assaults in real-time, stated Khormaee. The startup has developed a number of AI fashions tailor-made to varied threats and particular industries, together with these in enterprise capital and monetary providers.
Alongside rapidly detecting threats, AegisAI’s brokers assist cut back false positives by as much as 90% in comparison with conventional options, the startup claims.
It takes “not more than 5 minutes” for patrons to put in AegisAI’s system on a Google Workspace or Microsoft 365 e mail account through an API, per Khormaee. As soon as arrange, the startup will ship a report in a few days with the small print on what the system discovered within the setting, together with false positives and false negatives. It is going to then run in read-only mode for per week after which activate quarantine.
“It’s so arduous with out this expertise to resolve this very heterogeneous drawback in e mail,” stated Khormaee.
The startup, with workplaces in San Francisco and New York, is at the moment operating a pilot with clients within the U.S. and Europe and has already added three paying clients, together with knowledge privateness compliance software program Lokker and crypto fee platform Mesh Join. The startup at the moment has a staff of six members.
With the recent funding, Khormaee stated the startup plans to develop its technical experience and construct a strong go-to-market infrastructure.