Shay Shwartz is no stranger to email phishing attacks. As a teenager, he made money as a hacker, but after being arrested at the age of 16, he realized that his talent for cyber attacks could be used to thwart attacks rather than launch them.
He then spent nearly a decade in top-level cybersecurity roles, leading major projects for Israel’s elite defense and intelligence forces, including work related to the Iron Dome project, before joining Axis, a startup that was later acquired by HPE.
He had been itching to launch his own startup for a long time, and two years ago, he finally took the plunge.
His startup Ocean, an agent-based email security platform built to counter AI-powered attacks, just came out of stealth mode with $28 million in funding. The round was led by Lightspeed Venture Partners with participation from Picture Capital and Cerca Partners. Prominent angel investors also participated in the round, including Assaf Rappaport, co-founder and CEO of Wiz, and Evgeny Dibrov and Nadir Israel, co-founders of Armis, which was recently sold to ServiceNow for $7.75 billion.
While established vendors like Proofpoint and Mimecast and startups like Abnormal Security are helping detect standard phishing attacks, Shwartz (pictured right next to co-founder and CTO Oran Moyal) argues that AI requires a different defensive approach.
Previously, spear phishing was only possible for highly sophisticated hackers, as it required extensive time, research, and manual effort to launch a targeted attack.
“The scale is much larger now because AI just automated the whole process,” Schwartz told TechCrunch. “I can instruct LLM to understand exactly who you are, collect large amounts of public information, and create phishing attacks targeting you.”
Ocean claims its AI can thoroughly analyze the context of every incoming email to detect fraud and impersonation attempts.
The company already reviews billions of emails each month for customers such as Kayak, Kingston Technology, and Headspace.
According to Schwartz, Ocean has built small language models that are tailored to quickly analyze emails, understand the sender’s intent, and evaluate it against the user’s specific organizational context.
“It’s like having a security guard at every door,” Schwartz said. “This helps make your inbox a sanitary and safe place.”
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
