Shay Shwartz knows a lot about email phishing attacks. As a teenager, he made money as a hacker, but after getting caught at age 16, he realized he could use his cyber talents to prevent attacks rather than launch them.
He went on to spend about a decade in top-tier cybersecurity roles, leading major projects for Israel’s elite defense and intelligence units, including work connected to the Iron Dome project, before joining Axis, the startup later acquired by HPE.
All along, he had been itching to launch his own startup, and two years ago, he finally took the plunge.
His startup Ocean, an agentic email security platform built to fight AI-powered attacks, just emerged from stealth mode with $28 million in total funding. The round was led by Lightspeed Venture Partners, with participation from Picture Capital and Cerca Partners. High-profile angel investors also joined the round, including Wiz co-founder and CEO Assaf Rappaport, as well as Yevgeny Dibrov and Nadir Izrael, the co-founders of Armis, which recently sold to ServiceNow for $7.75 billion.
While established vendors like Proofpoint and Mimecast, along with newer players like Abnormal Security, help detect standard phishing attacks, Shwartz (pictured right next to co-founder and CTO Oran Moyal) argues that AI requires a different defensive approach.
In the past, only highly sophisticated hackers could pull off spear-phishing due to the sheer amount of time, research, and manual labor needed to launch targeted attacks.
“AI just made the entire process automatic, so the scale is much, much bigger now,” Shwartz told TechCrunch. “I can instruct LLM to go and understand exactly who you are, harvest large amount of public information, and create those phishing attacks very targeted against you.”
Ocean claims its AI can thoroughly analyze the context of every incoming email to detect fraud and impersonation attempts.
The startup is already reviewing billions of emails each month for customers including Kayak, Kingston Technology, and Headspace.
Shwartz said Ocean built a small language model tailored to quickly analyze emails, understand the sender’s intent, and evaluate it against the user’s specific organizational context.
“This is like having a guard in every door,” Shwartz said. “This is how we make the inbox a safe place with high hygiene.”
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
