As AI is increasingly helping hackers to launch mass-scale email attacks, former Google security leaders have joined forces to build autonomous AI agents that aim to stop phishing, malware, and business email compromise threats before they ever reach user inboxes.
That is the mission behind AegisAI, a new email security startup that has just emerged from stealth with $13 million in seed funding co-led by Accel and Foundation Capital.
More than 90% of successful cyberattacks begin with a phishing email, per U.S. federal cybersecurity agency CISA. A recent CrowdStrike study (PDF) also found that phishing messages generated by large language models (LLMs) had a 54% click-through rate in 2024, far higher than the 12% rate for human-written emails.
AegisAI aims to counter this growing threat with its suite of autonomous AI agents.
Founded by former Google Safe Browsing and reCAPTCHA executives Cy Khormaee and Ryan Luo, the startup offers an orchestrated network of real-time AI agents that inspect, analyze, and neutralize email threats autonomously, without relying on any specific set of rules. This approach challenges typical email security platforms that rely on static rules and often require extensive user training.
“The sum of all evil is a PDF attachment in an email. That’s always where all the attacks started, and so I really wanted to solve this problem,” Khormaee said in an exclusive interview with TechCrunch.
Khormaee was head of product and director of product management at Google for over five years until July 2023. During that time, he led the security team responsible for protecting Google, its four billion users, and four million websites from phishing, malware, and fraud, using products like Safe Browsing, reCAPTCHA, and Web Risk. It was also during this time that he first met Luo, who had spent almost a decade at Google and was part of the Safe Browsing team.
Google gave Khormaee firsthand experience in building phishing detection technologies, a deep understanding of security from the company’s perspective, and how to develop and scale security businesses quickly, he told TechCrunch.
Before Google, Khormaee founded the sales intelligence platform Contastic, which was acquired by SugarCRM in 2016. He later served as VP of product management at Attentive for over a year and a half until November 2024, before starting AegisAI.
AegisAI has built reasoning agents, each of which is a custom-built LLM tuned to a specific threat. Once the orchestrating agent recognizes a threat or potential threat, it calls other agents in the network, which Khormaee refers to as “buddies.” These agents then run the analysis, reason with each other, and respond to the orchestrating agent with a verdict.
The agents perform real-time analysis of every message component, including links, attachments, metadata, QR codes, and behavioral patterns.
“What we know from building these tools at Google is what all the things are about an email you need to analyze? What are all the data sources? What are all the techniques for spotting invasion, and all the nasty stuff adversaries do that we’ve seen over 10 years of playing chess with these adversaries?” said Khormaee.
While AegisAI has currently built over 10 agents for this work, Khormaee told TechCrunch that there could be 50 to 100 agents over time as adversaries become smarter and try to fool the system.
“I fully believe that in two years, adversaries will understand what we’re doing. They’ll retool and attack what we’re doing, and then we’ll need to build more agents to stay ahead of them,” he said.
Unlike a typical email security platform that uses a rules-based approach, these AI agents spot a bunch of attacks and self-tune themselves for every possible variant of those attacks in real-time, said Khormaee. The startup has developed multiple AI models tailored to various threats and specific industries, including those in venture capital and financial services.
Alongside quickly detecting threats, AegisAI’s agents help reduce false positives by up to 90% compared to traditional solutions, the startup claims.
It takes “no more than five minutes” for customers to install AegisAI’s system on a Google Workspace or Microsoft 365 email account via an API, per Khormaee. Once set up, the startup will send a report in a couple of days with the details on what the system found in the environment, including false positives and false negatives. It will then run in read-only mode for a week and then activate quarantine.
“It’s so hard without this technology to solve this very heterogeneous problem in email,” said Khormaee.
The startup, with offices in San Francisco and New York, is currently running a pilot with customers in the U.S. and Europe and has already added three paying customers, including data privacy compliance software Lokker and crypto payment platform Mesh Connect. The startup currently has a team of six members.
With the fresh investment, Khormaee said the startup plans to expand its technical expertise and build a robust go-to-market infrastructure.
