Former Google Leaders Launch AI Agents to Stop Phishing

AegisAI emerges to stop LLM-powered phishing

AegisAI, a new email security startup founded by former Google Safe Browsing leaders Cy Khormaee and Ryan Luo, has come out of stealth with $13 million in seed funding. The company’s pitch: autonomous AI agents that detect and neutralize phishing, malware, and business email compromise (BEC) before malicious messages reach user inboxes.

Khormaee and Luo bring deep experience from Google’s Safe Browsing and reCAPTCHA teams, where they built defenses at internet scale. That background shaped AegisAI’s goal: move beyond brittle, rules-based systems and instead use networks of purpose-built AI models to reason about each email in real time.

AegisAI’s architecture uses an orchestrating agent that, upon spotting a potential threat, calls a suite of specialized 'buddy' agents. Each buddy is a tuned LLM that analyzes a specific signal—links, attachments, QR codes, headers, or behavioral patterns—and they jointly produce a verdict. This agent-to-agent reasoning is designed to adapt continuously rather than depend on static signatures.

The timing matters. U.S. cybersecurity guidance notes that over 90% of successful attacks start with phishing. A 2024 CrowdStrike study found LLM-generated phishing had a 54% click-through rate versus 12% for human-written phishing—an alarming jump that pressures defenders to adopt faster, adaptive controls.

AegisAI says its models reduce false positives by up to 90% compared to traditional platforms. It has already built more than ten agents and expects to scale to dozens as adversaries evolve. The startup also offers quick integration—customers can connect Google Workspace or Microsoft 365 via API and see an initial environment report within days.

Early pilots are underway in the U.S. and Europe; a few paying customers include a data privacy compliance firm and a crypto payment platform. With the seed round, AegisAI plans to grow its engineering and go-to-market teams to scale deployments.

This is an arms race. Khormaee anticipates adversaries will adapt in months, forcing defenders to add new agents and models. The key question for organizations: can they adopt defensive architectures that learn and re-tune as attack tactics change?

What organizations should do now

• Treat phishing defenses as adaptive systems, not static rule-sets—prioritize solutions that learn from new variants automatically.
• Measure real-world metrics—false positives, time-to-detect, and user impact—during short trials before full enforcement.
• Layer defenses: combine agent-based detection with sender authentication, user training, and incident response playbooks.

How QuarkyByte thinks about this: autonomous agents represent a promising shift toward proactive, context-rich defenses. We recommend framing pilots with clear success criteria and building telemetry that shows not just detections but downstream impact—reduced phishing clicks, fewer support tickets, and measurable ROI.

In short, AegisAI is betting on agent orchestration to stay ahead of LLM-powered attackers. For security teams, the practical step is to test adaptive solutions quickly, validate their claims against live traffic, and plan for continuous evolution as adversaries respond.