Former Google security leaders just raised $13 million to deploy AI agents that hunt down email threats before they hit your inbox. As hackers increasingly use AI to craft more convincing phishing attacks, AegisAI is fighting fire with fire, building autonomous systems that inspect and neutralize threats in real-time without human intervention.
Google alumni are striking back against AI-powered cybercriminals. AegisAI, a stealth email security startup, just emerged with $13 million in seed funding and a bold promise: stop phishing attacks before they ever reach user inboxes using autonomous AI agents.
The timing couldn't be more critical. CISA reports that over 90% of successful cyberattacks begin with phishing emails, while a recent CrowdStrike study found AI-generated phishing messages achieved a staggering 54% click-through rate in 2024 - more than four times the 12% rate for human-written emails. The arms race between attackers and defenders has entered a new phase.
"The sum of all evil is a PDF attachment in an email," co-founder Cy Khormaee told TechCrunch in an exclusive interview. "That's always where all the attacks started, and so I really wanted to solve this problem."
Khormaee brings serious credentials to the fight. As head of product and director of product management at Google for over five years until July 2023, he led the security team protecting Google's four billion users and four million websites from phishing, malware, and fraud through products like Safe Browsing, reCAPTCHA, and Web Risk. His co-founder Ryan Luo spent nearly a decade at Google as part of the Safe Browsing team.
Their solution abandons traditional rule-based email security for something more sophisticated: an orchestrated network of AI agents that reason together about threats. Each agent is a custom-built large language model tuned to specific attack vectors. When the orchestrating agent spots a potential threat, it calls what Khormaee playfully terms "buddies" - specialized agents that analyze the threat, debate among themselves, and deliver a verdict.
"What we know from building these tools at Google is what all the things are about an email you need to analyze," Khormaee explained. "What are all the data sources? What are all the techniques for spotting invasion, and all the nasty stuff adversaries do that we've seen over 10 years of playing chess with these adversaries?"
The agents perform real-time analysis of every message component - links, attachments, metadata, QR codes, and behavioral patterns. Unlike static security systems that rely on predetermined rules, these AI agents adapt and self-tune for attack variants in real-time. AegisAI currently deploys over 10 specialized agents but expects that number could reach 50 to 100 as adversaries evolve.
"I fully believe that in two years, adversaries will understand what we're doing. They'll retool and attack what we're doing, and then we'll need to build more agents to stay ahead of them," Khormaee said.
The startup claims its approach reduces false positives by up to 90% compared to traditional solutions - a crucial advantage in enterprise environments where legitimate emails getting quarantined can disrupt business operations. Installation takes "no more than five minutes" via API integration with Google Workspace or Microsoft 365, followed by a pilot period and gradual activation.
AegisAI has already secured three paying customers, including data privacy compliance software Lokker and crypto payment platform Mesh Connect. The six-person team, split between San Francisco and New York offices, is running pilots with customers across the U.S. and Europe.
Before founding AegisAI, Khormaee created sales intelligence platform Contastic, which SugarCRM acquired in 2016. He later served as VP of product management at Attentive until November 2024.
The $13 million seed round, co-led by Accel and Foundation Capital, will fund technical team expansion and go-to-market infrastructure development. With email remaining the primary attack vector for cybercriminals and AI making attacks more sophisticated, AegisAI is positioning itself at the center of a growing market need.
"It's so hard without this technology to solve this very heterogeneous problem in email," Khormaee noted, highlighting how traditional security approaches struggle with the constantly evolving threat landscape.
As cybercriminals weaponize AI to craft more convincing attacks, AegisAI's approach of fighting AI with AI represents a necessary evolution in email security. With deep Google security expertise, proven technology, and strong funding, the startup is well-positioned to address the growing sophistication of email-based threats that continue to be the entry point for most successful cyberattacks.
