Shay Shwartz is well-versed in email phishing attacks. In his teenage years, he earned money as a hacker, but after being caught at 16, he decided to channel his cyber skills into preventing attacks instead of perpetrating them.
He subsequently spent about ten years in high-level cybersecurity roles, leading significant projects for Israel’s elite defense and intelligence units, such as work related to the Iron Dome project, before joining Axis, a startup later acquired by HPE.
Shwartz always had the desire to start his own company, and two years ago, he finally took the leap.
His startup, Ocean, an autonomous email security platform designed to combat AI-driven attacks, has recently come out of stealth with $28 million in total funding. The funding round was led by Lightspeed Venture Partners, with participation from Picture Capital and Cerca Partners. Notable angel investors also participated, such as Wiz co-founder and CEO Assaf Rappaport, and Yevgeny Dibrov and Nadir Izrael, co-founders of Armis, which was recently sold to ServiceNow for $7.75 billion.
Established companies like Proofpoint and Mimecast, and newer companies like Abnormal Security, help detect standard phishing attacks, but Shwartz (pictured next to co-founder and CTO Oran Moyal) believes AI requires a new defensive strategy.
Previously, only sophisticated hackers could execute spear-phishing due to the extensive time, research, and manual work required for targeted attacks.
“AI has automated the entire process, vastly increasing its scale,” Shwartz explained to TechCrunch. “I can instruct a large language model to understand who you are, gather a significant amount of public information, and create those highly targeted phishing attacks against you.”
Ocean asserts that its AI can effectively analyze the context of each incoming email to identify fraud and impersonation attempts.
The startup is already analyzing billions of emails monthly for clients including Kayak, Kingston Technology, and Headspace.
Shwartz noted that Ocean developed a small language model tailored to swiftly analyze emails, understand the sender’s intent, and assess it against the user’s specific organizational context.
“This is like having a guard at every door,” Shwartz stated. “This is how we ensure the inbox is a safe place with high security.”
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.