Ocean, an agentic email security startup founded by former Israeli defense cyber operator Shay Shwartz, has emerged from stealth with $28 million in total funding to combat AI-powered phishing attacks. Lightspeed Venture Partners led the round, joined by Picture Capital, Cerca Partners, and a roster of heavyweight angels including Wiz CEO Assaf Rappaport and Armis co-founders Yevgeny Dibrov and Nadir Izrael (Armis just sold to ServiceNow for $7.75 billion).
Shwartz isn’t your typical founder. He started as a teen hacker, got caught at 16, then flipped sides and spent roughly a decade running cyber projects for Israel’s elite defense and intelligence units, including work tied to the Iron Dome. He later joined Axis, which HPE acquired, before launching Ocean two years ago with CTO Oran Moyal.
Why this matters
Phishing used to be a numbers game with obvious tells. Spear-phishing, the targeted kind that actually fools executives, required serious manual research and was reserved for sophisticated attackers. LLMs blew that bottleneck wide open.
“AI just made the entire process automatic, so the scale is much, much bigger now,” Shwartz told TechCrunch AI. “I can instruct LLM to go and understand exactly who you are, harvest large amount of public information, and create those phishing attacks very targeted against you.”
What stands out here is the threat model shift. Legacy vendors like Proofpoint and Mimecast, plus newer entrants like Abnormal Security, were built to catch patterns at scale. When every attack is hand-tailored by a model that knows your org chart, your vendors, and your writing style, pattern matching falls short.
Ocean’s approach
The company built a small language model purpose-trained to read incoming email the way a careful human would, but at machine speed. Per TechCrunch AI, the system:
- Analyzes the full context of every inbound message
- Infers the sender’s intent
- Evaluates that intent against the recipient organization’s specific context
- Flags impersonation and fraud attempts before they hit the inbox
Ocean is already screening billions of emails a month for customers including Kayak, Kingston Technology, and Headspace.
“This is like having a guard in every door,” Shwartz said. “This is how we make the inbox a safe place with high hygiene.”
What practitioners should take from this
A few immediate implications for security and IT teams:
- The phishing volume curve is bending up, fast. If your current email gateway was tuned in 2023, assume its hit rate is degrading. AI-generated lures don’t repeat themselves.
- Context is the new signal. Detection that ignores who the recipient is, who they normally talk to, and what’s on their plate will keep missing the targeted stuff. Expect more vendors to pitch “organizational context” as a feature.
- The funding signal is loud. When Wiz’s CEO and the Armis founders write personal checks, the category is heating up. Expect Proofpoint, Mimecast, and Abnormal to respond with their own agentic angles, and expect M&A.
- Small, task-specific models are showing up everywhere. Ocean’s choice to build its own SLM rather than wrap a frontier model is part of a broader pattern: faster inference, lower cost, tighter control over the security envelope.
The attacker side already shipped AI into production. Defenders are catching up, and Ocean just put $28 million behind the bet that the next email gateway looks more like an agent than a filter.
Full details at the original source.