As artificial intelligence increasingly assists hackers in launching mass-scale email attacks, former Google security leaders have joined forces to build autonomous AI agents designed to stop phishing, malware, and business email compromise threats before they ever reach user inboxes.
This is the mission of AegisAI, a new email security startup that has just emerged from stealth with $13 million in seed funding co-led by Accel and Foundation Capital.
More than 90 percent of successful cyberattacks begin with a phishing email, according to the U.S. federal cybersecurity agency CISA. A recent CrowdStrike study also found that phishing messages generated by large language models had a 54 percent click-through rate in 2024, which is far higher than the 12 percent rate for human-written emails. AegisAI aims to counter this growing threat with its suite of autonomous AI agents.
Founded by former Google Safe Browsing and reCAPTCHA executives Cy Khormaee and Ryan Luo, the startup offers an orchestrated network of real-time AI agents that inspect, analyze, and neutralize email threats autonomously, without relying on any specific set of rules. This approach challenges typical email security platforms that depend on static rules and often require extensive user training.
Khormaee stated that the fundamental origin of many attacks is a PDF attachment in an email, which is the problem he wanted to solve.
Khormaee was head of product and director of product management at Google for over five years until July 2023. During that time, he led the security team responsible for protecting Google, its four billion users, and four million websites from phishing, malware, and fraud using products like Safe Browsing, reCAPTCHA, and Web Risk. It was also during this time that he first met Luo, who had spent almost a decade at Google and was part of the Safe Browsing team. Google provided Khormaee with firsthand experience in building phishing detection technologies and a deep understanding of how to develop and scale security businesses quickly.
Before Google, Khormaee founded the sales intelligence platform Contastic, which was acquired by SugarCRM in 2016. He later served as VP of product management at Attentive for over a year and a half until November 2024, before starting AegisAI.
AegisAI has built reasoning agents, each of which is a custom-built large language model tuned to a specific threat. Once the orchestrating agent recognizes a threat or potential threat, it calls other agents in the network. These agents then run the analysis, reason with each other, and respond to the orchestrating agent with a verdict. The agents perform real-time analysis of every message component, including links, attachments, metadata, QR codes, and behavioral patterns.
Khormaee explained that their experience from building tools at Google provided deep insight into all the elements of an email that need analysis, the necessary data sources, and the techniques for spotting intrusion and the various methods adversaries use.
While AegisAI has currently built over 10 agents for this work, Khormaee said there could be 50 to 100 agents over time as adversaries become smarter and attempt to fool the system. He fully believes that adversaries will eventually understand their methods, retool their attacks, and necessitate the development of more agents to stay ahead.
Unlike a typical email security platform that uses a rules-based approach, these AI agents spot a multitude of attacks and self-tune themselves for every possible variant of those attacks in real-time. The startup has developed multiple AI models tailored to various threats and specific industries, including venture capital and financial services.
Alongside quickly detecting threats, AegisAI’s agents help reduce false positives by up to 90 percent compared to traditional solutions, according to the startup.
It takes no more than five minutes for customers to install AegisAI’s system on a Google Workspace or Microsoft 365 email account via an API. Once set up, the startup will send a report in a couple of days with the details on what the system found in the environment, including false positives and false negatives. It will then run in read-only mode for a week before activating quarantine.
Khormaee said it is incredibly hard to solve the very heterogeneous problem in email without this technology.
The startup, with offices in San Francisco and New York, is currently running a pilot with customers in the U.S. and Europe and has already added three paying customers, including data privacy compliance software Lokker and crypto payment platform Mesh Connect. The startup currently has a team of six members.
With the fresh investment, Khormaee said the startup plans to expand its technical expertise and build a robust go-to-market infrastructure.