As AI makes it easier for attackers to scale phishing campaigns, two former Google security leaders have launched AegisAI, an email-security startup that uses autonomous AI agents to detect and neutralize phishing, malware, and business-email-compromise attacks before they hit users’ inboxes. The company emerged from stealth with $13 million in seed funding co-led by Accel and Foundation Capital.
More than 90% of successful cyberattacks begin with a phishing message, according to CISA, and a CrowdStrike study found that LLM-generated phishing in 2024 had a roughly 54% click-through rate versus 12% for human-written attacks. AegisAI’s founders say their agent-based approach is designed to counter that accelerating threat.
Founded by former Google Safe Browsing and reCAPTCHA executives Cy Khormaee and Ryan Luo, AegisAI runs an orchestrated network of real-time reasoning agents. Rather than depending on static rules or extensive user training, an orchestrating agent flags suspicious messages and summons specialized “buddy” agents—each a custom-tuned LLM focused on a particular threat—to analyze the message collaboratively and return a verdict.
Those agents examine every part of a message in real time: links, attachments, metadata, QR codes and behavioral signals. The startup’s goal is autonomous, adaptive defense that stops malicious email campaigns at scale before end users ever have to interact with them.
About the Author
