As AI is increasingly helping hackers launch large-scale email attacks, former Google security leaders have joined forces to build an autonomous AI agent aimed at exploiting phishing, malware, and business email emails to compromise threats before they reach the user's inbox.
This is the mission behind Aegisai. This is a new email security startup just born out of stealth with Seed Funding, co-led by Accel and Foundation Capital.
More than 90% of successful cyberattacks begin with phishing emails, according to the US federal cybersecurity agency CISA. A recent Cloud Strike Study (PDF) also found that there was a 54% click-through rate in 2024 for phishing messages generated by large-scale language models (LLM), far higher than the 12% rate for human-written emails.
aegisai aims to counter this growing threat.
Founded by former Google Safe Browsing and Recaptcha executives Cy Khormaee and Ryan Luo, the startup offers an orchestrated network of real-time AI agents that autonomously inspect, analyze and neutralize email threats without relying on a specific set of rules. This approach relies on static rules and challenges typical email security platforms that often require extensive user training.
“The sum of all evils is an email PDF attachment. It's always where all the attacks started, so we really wanted to solve this issue,” Khormaee said in an exclusive interview with TechCrunch.
Aegisai co-founders Ryan Luo (left) and Cy Khormaee (right)
Khormaee was Google's Product Manager and Product Management Department for over five years until July 2023. Meanwhile, he used products such as Google, 4 billion users, and 4 million websites, 4 million websites from phishing, malware, and fraud, safe browsing, Recaptcha, and web risk. And that was the first time he met Luo, who was originally a part of the safe browsing team, who spent nearly a decade on Google.
Google told TechCrunch that it directly gave Khormaee's experience in building phishing detection technologies, a deep understanding of security from the company's perspective, and how to quickly develop and scale its security business.
Before Google, Khormaee founded Sales Intelligence Platform Contastic, which was acquired by SugarCRM in 2016. He later served as Attentive's Vice President of Product Management until November 2024, before starting Aegisai.
aegisai built an inference agent. Each is a custom LLM tailored to a specific threat. When an orchestration agent recognizes a threat or a potential threat, it invokes other agents in the network. These agents then perform their analysis and reasons with each other and respond to orchestration agents with verdicts.
The agent performs real-time analysis of all message components, including links, attachments, metadata, QR codes, behavioral patterns, and more.
aegisai dashboardimagecredit: aegisai
“What we know from building these tools on Google is everything about emails that need to be analyzed. What are all the data sources? What are all the techniques for finding invasions, and have you ever seen all the nasty stuff playing chess with these enemies for over a decade?” Khormaee said.
Aegisai is currently building more than 10 agents for this task, but Khormaee told TechCrunch that there could be 50-100 agents as enemies get smarter and try to trick the system.
“I totally believe that in two years, the enemy will understand what we're doing. They need to modify and attack what we're doing, and then build more agents,” he said.
Unlike typical email security platforms that use a rule-based approach, these AI agents find many attacks and self-adjust in real time against any possible variants of those attacks, Khormaee said. The startup has developed multiple AI models tailored to a variety of threats and specific industries, including those in venture capital and financial services.
In addition to rapid threat detection, Aegisai's agents can help reduce false positives by up to 90% compared to traditional solutions, the startup claims.
Customers need to “5 minutes or less” to install Aegisai's system on a Google Workspace or Microsoft 365 email account via the API per Khormaee. Once setup is set up, the startup will send a report in a few days with details of the system discovered in the environment that contains false positives and false negatives. It then runs in read-only mode for a week, and activates Qualantine.
“Without this technology, it would be very difficult to solve this very uneven problem via email,” says Khormaee.
The startup, with offices in San Francisco and New York, currently runs a pilot with US and European customers, and has already added three payment customers, including data privacy compliance software Lokker and Crypto Payment Platform Mesh Connect. The startup currently has a team of six members.
With the new investment, Khormaee said the startups are planning to expand their technical expertise and build infrastructure that will lead them to a robust market.