The company, founded by Cy Khormaee and Ryan Luo, both of whom previously worked on Google’s Safe Browsing and reCAPTCHA projects, seeks to ensure autonomous AI agents outsmart today’s phishing, malware, and business email compromise (BEC) attacks. 

Unlike rule-based systems, which attackers usually bypass, AegisAI’s system learns in real-time and adapts to evolving threats.

Email is still the easiest entry point for attackers. Traditional filters struggle against AI-powered phishing campaigns, which are more convincing than ever. 

A 2024 study found that phishing emails written by large language models had a 54% click-through rate, compared to 12% for human-written messages. This gap reveals how much more effective AI-powered lures have become, and how ill-prepared most defences are.

Attackers are no longer just relying on domains, they now exploit trusted services such as Salesforce, Zoom, and Google, making their content appear legitimate enough to bypass conventional filters. This has left enterprises exposed, with security teams overwhelmed by alerts and false positives.

AegisAI’s Pitch

Instead of static rules or user training manuals, AegisAI brings what it calls a network of AI agents that inspect and neutralise threats automatically. The company says customers are already seeing up to 90% fewer false positives compared to traditional solutions.

The platform integrates with Microsoft 365 and Google Workspace, with minimal setup required. Security teams can view real-time dashboards showing attempted intrusions, from AI-generated spear phishing to fuzzing attempts.

Co-founder and CEO Cy Khormaee explained the motivation, “We’ve spent almost a decade each protecting billions of users at Google, we’ve seen firsthand how enterprise email defences are falling behind. We’re seeing the sophistication of AI powered attacks increase rapidly while existing email security defences are standing still. This leaves security leaders without the tools they need to defend their organisations.”

Ryan Luo, co-founder and CTO, added, “We don’t believe in creating more alerts — we believe in creating better security outcomes. Our mission is to protect organisations without adding operational burden and to give security teams the reliable intelligence they need to focus on what matters most.”

Pilot customers say the results have been decisive. Bam Azizi, CEO of Mesh, stated, “As a former security founder, I’ve seen the cat-and-mouse game play out for decades—especially in email security, where attackers constantly evolve to trick employees. Aegis is the first solution that truly changes the game.

“They came into Mesh and stopped attackers in their tracks. Our dashboard shows everything from fuzzing attempts to AI-generated spear phishing and BEC, and Aegis catches them all—without my team wasting time managing rules.”

At Lokker, CEO Ian Cohen said the system immediately flagged threats aimed at critical teams, “We immediately saw threats to our accounting, engineering, and executive teams in the dashboard. Aegis enabled us to see and stop these threats without our team manually hunting them down.”

Backed by Accel and Foundation Capital

The $13 million seed round was co-led by Accel and Foundation Capital. The funds will drive product development, expand engineering talent, and accelerate go-to-market efforts.

According to Eric Wolford, Partner at Accel: “The AI era will inevitably drive disruption in email—the easiest attack vector. We were looking for a team that was AI-native—people who didn’t just whitewash with AI—people who had the DNA and career investments in the development of AI. Cy and Ryan were that right team. They are both AI-native and have spent an enormous amount of time in email security at Google.”

Following a stealth phase with fintech and tech companies, AegisAI is now moving into wider commercial deployment. Its founders argue that the industry doesn’t need more alerts or user training but tools that stop threats before they reach employees’ inboxes.

With both the scale of AI-driven attacks rising and traditional defences falling short, AegisAI is aiming to be a timely safeguard in one of cybersecurity’s biggest challenges.

“New and evolving threats are landing in users’ mailboxes daily, particularly within the hybrid workforce context, often using phishing campaigns that rely on clever techniques and panic to get users to click on links and share credentials or sensitive information, such as banking details,” explains Gideon Viljoen, Pre-Sales Specialist: ICT Security at Datacentrix, a leading hybrid ICT systems integrator and managed services provider.

“US wireless network operator Verizon confirms in its Data Breach Investigations Report 2023 that 74 percent of data breaches (three out of four) involve a human element, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering.”

Social engineering is a lucrative tactic for cybercriminals, the report says, especially given the rise of those techniques being used to impersonate enterprise employees for financial gain, an attack known as Business Email Compromise (BEC).

The median amount stolen in BECs, it reveals, has increased over the last few years to $50,000 USD, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting incidents – a specific type of social engineering attack – nearly doubling this past year.

With the growth of BEC, enterprises with distributed workforces face a challenge that takes on greater importance: creating and strictly enforcing human-centric security best practices.

Fighting fire with fire: User training and next-gen technology essential

“With a rapidly evolving landscape, changing attack strategies and new compromise techniques being introduced daily, it is imperative that users are trained and kept up to date on the latest campaigns and techniques being used,” says Viljoen.

“This is the most effective way of ensuring a more secure environment, with users acting as a ‘human firewall’ for organisations, and being able to spot, report and block compromise attempts. User awareness training is an excellent proactive option to assist email gateway administrators and engineers in staying on top of campaigns and potential breaches.

“And further to this, a collaborative workforce between machines and humans is key to successfully stem the attack on organisations, with the use of AI (artificial intelligence) additionally providing a smarter, faster approach to protecting against email phishing and breaches.

“AI is being used increasingly to run phishing campaigns and information collection, doing the heavy lifting on behalf of threat actors. A good example of this is how AI-powered chatbot ChatGPT has been used to help less-skilled cybercriminals to write malware and launch cyberattacks.

“So, having a technology in place to combat this is a necessity, and businesses cannot rely on a human alone to be able to administer and catch these threats.”

IBM’s recently launched Cost of a Data Breach Report corroborates this statement, affirming that AI and automation have had the biggest impact on speed of breach identification and containment for studied organisations.

The report says that businesses making extensive use of both AI and automation experienced a data breach lifecycle 108 days shorter than those companies that had not deployed these technologies (214 days versus 322 days).

According to the 2023 report, the incident costs shouldered by those organisations that were using AI and automation were significantly lower; on average, nearly $1.8 million lower data breach costs than organisations that didn’t deploy these.

How to protect business email

The best starting point for a business’s email security, according to Viljoen, is to invest in an email gateway solution.

“In fact, Datacentrix’s recommendation is that organisations implement an email gateway solution as a first priority before looking at any other security product.”

With a variety of toolsets available on the market, finding the best fit for your organisation is key, Viljoen clarifies. “There are full enterprise solutions, as well as small-to-medium business email offerings available to provide a secure email environment. These solutions offer reactive, real-time and proactive response solutions to secure the gateway.”

They also encompass a variety of functionalities that address the various aspects of an email gateway, namely:

• Spam filtering and blocking;
• Stationery (email signatures and campaigns);
• Anti-phishing (known bad threat actors);
• Sandboxing (‘detonation’ of suspicious emails found);
• Zero Day protection (behavioural or unknown/untrusted email domain);
• Data leak prevention (internal and external sharing of sensitive information);
• Email blocking (verification, blacklisting, whitelisting); and
• User awareness training and campaigns (helping users to keep up with phishing techniques and how to defend against those).

Ensuring that the gateway is configured and maintained from the start is critical, with the requirement that a specialist, either an internal engineer or an expert managed services provider, enforces the policies and rules and maintains best practice standards.

“Once you have the right technology in place and capabilities are procured and enabled within the organisation, the next step is to see that the policies and rule sets are updated, checked and verified in a cost-effective way to ensure losses are minimised. Running best practice assessments on policies and rules on a frequent basis is also vital to ensure a secure gateway.

“Finally, it is critical to utilise tools, such as pen testing and auditing, to ensure that the environment is hardened and stringently tested at frequent intervals.”