Former Google security leaders just raised $13 million to deploy AI agents that hunt down email threats before they hit your inbox. As hackers increasingly use AI to craft more convincing phishing attacks, AegisAI is fighting fire with fire, building autonomous systems that inspect and neutralize threats in real-time without human intervention.
Google alumni are striking back against AI-powered cybercriminals. AegisAI, a stealth email security startup, just emerged with $13 million in seed funding and a bold promise: stop phishing attacks before they ever reach user inboxes using autonomous AI agents.
The timing couldn't be more critical. CISA reports that over 90% of successful cyberattacks begin with phishing emails, while a recent CrowdStrike study found AI-generated phishing messages achieved a staggering 54% click-through rate in 2024 - more than four times the 12% rate for human-written emails. The arms race between attackers and defenders has entered a new phase.
"The sum of all evil is a PDF attachment in an email," co-founder Cy Khormaee told TechCrunch in an exclusive interview. "That's always where all the attacks started, and so I really wanted to solve this problem."
Khormaee brings serious credentials to the fight. As head of product and director of product management at Google for over five years until July 2023, he led the security team protecting Google's four billion users and four million websites from phishing, malware, and fraud through products like Safe Browsing, reCAPTCHA, and Web Risk. His co-founder Ryan Luo spent nearly a decade at Google as part of the Safe Browsing team.
Their solution abandons traditional rule-based email security for something more sophisticated: an orchestrated network of AI agents that reason together about threats. Each agent is a custom-built large language model tuned to specific attack vectors. When the orchestrating agent spots a potential threat, it calls what Khormaee playfully terms "buddies" - specialized agents that analyze the threat, debate among themselves, and deliver a verdict.
"What we know from building these tools at Google is what all the things are about an email you need to analyze," Khormaee explained. "What are all the data sources? What are all the techniques for spotting invasion, and all the nasty stuff adversaries do that we've seen over 10 years of playing chess with these adversaries?"
