As AI is more and more serving to hackers to launch mass-scale e-mail assaults, former Google safety leaders have joined forces to construct autonomous AI brokers that goal to cease phishing, malware, and enterprise e-mail compromise threats earlier than they ever attain consumer inboxes.
That’s the mission behind AegisAI, a brand new e-mail safety startup that has simply emerged from stealth with $13 million in seed funding co-led by Accel and Basis Capital.
Greater than 90% of profitable cyberattacks start with a phishing e-mail, per U.S. federal cybersecurity company CISA. A current CrowdStrike examine (PDF) additionally discovered that phishing messages generated by massive language fashions (LLMs) had a 54% click-through charge in 2024, far increased than the 12% charge for human-written emails.
AegisAI goals to counter this rising risk with its suite of autonomous AI brokers.
Based by former Google Secure Searching and reCAPTCHA executives Cy Khormaee and Ryan Luo, the startup affords an orchestrated community of real-time AI brokers that examine, analyze, and neutralize e-mail threats autonomously, with out counting on any particular algorithm. This method challenges typical e-mail safety platforms that depend on static guidelines and sometimes require intensive consumer coaching.
“The sum of all evil is a PDF attachment in an email. That’s always where all the attacks started, and so I really wanted to solve this problem,” Khormaee mentioned in an unique interview with TechCrunch.
Khormaee was head of product and director of product administration at Google for over 5 years till July 2023. Throughout that point, he led the safety group chargeable for defending Google, its 4 billion customers, and 4 million web sites from phishing, malware, and fraud, utilizing merchandise like Secure Searching, reCAPTCHA, and Internet Threat. It was additionally throughout this time that he first met Luo, who had spent virtually a decade at Google and was a part of the Secure Searching group.
Google gave Khormaee firsthand expertise in constructing phishing detection applied sciences, a deep understanding of safety from the corporate’s perspective, and find out how to develop and scale safety companies rapidly, he instructed TechCrunch.
Earlier than Google, Khormaee based the gross sales intelligence platform Contastic, which was acquired by SugarCRM in 2016. He later served as VP of product administration at Attentive for over a 12 months and a half till November 2024, earlier than beginning AegisAI.
AegisAI has constructed reasoning brokers, every of which is a custom-built LLM tuned to a selected risk. As soon as the orchestrating agent acknowledges a risk or potential risk, it calls different brokers within the community, which Khormaee refers to as “buddies.” These brokers then run the evaluation, motive with one another, and reply to the orchestrating agent with a verdict.
The brokers carry out real-time evaluation of each message part, together with hyperlinks, attachments, metadata, QR codes, and behavioral patterns.
“What we know from building these tools at Google is what all the things are about an email you need to analyze? What are all the data sources? What are all the techniques for spotting invasion, and all the nasty stuff adversaries do that we’ve seen over 10 years of playing chess with these adversaries?” mentioned Khormaee.
Whereas AegisAI has at present constructed over 10 brokers for this work, Khormaee instructed TechCrunch that there may very well be 50 to 100 brokers over time as adversaries turn out to be smarter and attempt to idiot the system.
“I fully believe that in two years, adversaries will understand what we’re doing. They’ll retool and attack what we’re doing, and then we’ll need to build more agents to stay ahead of them,” he mentioned.
Not like a typical e-mail safety platform that makes use of a rules-based method, these AI brokers spot a bunch of assaults and self-tune themselves for each potential variant of these assaults in real-time, mentioned Khormaee. The startup has developed a number of AI fashions tailor-made to varied threats and particular industries, together with these in enterprise capital and monetary companies.
Alongside rapidly detecting threats, AegisAI’s brokers assist scale back false positives by as much as 90% in comparison with conventional options, the startup claims.
It takes “no more than five minutes” for patrons to put in AegisAI’s system on a Google Workspace or Microsoft 365 e-mail account through an API, per Khormaee. As soon as arrange, the startup will ship a report in a few days with the main points on what the system discovered within the atmosphere, together with false positives and false negatives. It’ll then run in read-only mode for per week after which activate quarantine.
“It’s so hard without this technology to solve this very heterogeneous problem in email,” mentioned Khormaee.
The startup, with places of work in San Francisco and New York, is at present operating a pilot with clients within the U.S. and Europe and has already added three paying clients, together with knowledge privateness compliance software program Lokker and crypto cost platform Mesh Join. The startup at present has a group of six members.
With the contemporary funding, Khormaee mentioned the startup plans to increase its technical experience and construct a sturdy go-to-market infrastructure.
