Our Investment in AegisAI: The overdue email security breakthrough

Today, AegisAI emerged from stealth to announce its next-generation email security platform and the $13M seed round Foundation Capital co-led alongside Accel. AegisAI provides security teams with an opportunity to replace the decades-old rules engine-driven model in email security with intelligent AI agents that can detect and classify threats in real time. The company does this by deploying a network of specialized AI agents that investigate emails and automatically quarantine threats before they reach employees’ inboxes.

We worked closely with the founders to incubate the company at the beginning of this year, and I’ve personally been on the board since inception. Here’s the story of how the journey began, why we invested, and what’s ahead.

A decade-long relationship comes full circle

My partnership with AegisAI CEO Cy Khormaee began a decade ago. Over the years, I’ve watched him become one of the most thoughtful product leaders in the security space. Cy spent 5 years at Google where he led product and sales for reCAPTCHA and Safe Browsing. He took these products from zero to $100M+ ARR while monitoring 7M websites and 5B devices for phishing and threat actors.

Those who have worked with Cy describe him as someone who “just devours information” and is constantly thinking about cutting-edge technologies. He loves testing new ideas with quick, cost-effective experiments, and he’s one of the rare technical founders who excels at customer discovery and understanding market needs.

Cy’s experience is comprehensive, to say the least. He has spent plenty of time at large companies like Microsoft and Google, but he’s been both a startup founder (Contastic, CIMLS) and executive (Attentive, SugarCRM). I’ve tried multiple times to recruit Cy back to the startup world to lead product at startups like Stacklet and Mesh, knowing he could add tremendous value. While the timing and fit was never quite right in the past, I continued to encourage Cy to pursue the startup path again either as an executive or a founder.

Replacing yesterday’s rules with today’s AI

In late November 2024, Cy and I discussed an idea I have long been excited about – reimagining email security using AI agents. By this time, I had already conducted 30+ customer calls on email security and had tried to incubate something in this space myself. Email security has been an age-old sector of security, but we had recognized a unique opportunity because of three converging trends: the rapid prevalence of zero-day phishing attacks, the complexity (and failings) of existing rules-based architecture, and the opportunity to run inference at the edge.

More importantly, this is a market where Cy and his co-founder Ryan Luo have deep expertise. Ryan has spent almost a decade at Google leading engineering for reCAPTCHA and Safe Browsing, scaling the phishing detection platform that protects billions of users.

Candidly, we were all still initially skeptical of the tech. Could a multi-agent system for email security today perform in a manner that was both effective and cost-efficient? Cy and Ryan worked on their prototype, and we met again once they had an initial version. The early data looked very promising. We started to build conviction and see the insertion point. In early January, I set up a dozen customer meetings with CISOs from companies like Yext, SoFi, Robinhood, Carlyle, Qualtrics, HP, and Greenlight (specifically chosen because I knew they were dealing with email security risks firsthand).

The problem that AegisAI is solving today is one Cy and Ryan have lived firsthand at Google, and now they can apply that expertise to protect enterprises from increasingly sophisticated AI-generated phishing attacks.

Agents that actually think like security analysts

The email security market is ripe for disruption. According to Verizon’s annual Data Breach Investigation Report, email remains the delivery method for over 90% of successful cyber incidents. The single largest known theft of any kind – the February 2025 ByBit hack of $1.5B ether from their cold wallet – started via a socially engineered phishing attack. Yet incumbent vendors like Proofpoint, Mimecast, and Trellix rely on decades-old rules engines that require human SOC teams to write new rules every time they see an attack pattern in the wild.

Hackers have moved to fully individualized attacks that not only mutate automatically to find gaps in these filters, but leverage AI to respond like humans to build trust and reputation with targets.

AegisAI replaces rules with AI agents that detect and classify threats just like expert security analysts. The platform includes a network of specialized agents individually focused on areas like urgency analysis, signature scams, gift card attacks, OAuth lures, link scanning, etc. These agents are empowered to call one another as the system investigates threats, creating a collaborative investigation process that adapts to new attack patterns in real-time.

The installation is almost immediate, involving a simple mail API connection (5-10 minutes via Google Workspace or Microsoft 365) that sits parallel to traffic and reads all incoming emails. If a threat is detected, the platform removes the email from the user’s inbox and quarantines it automatically. Today, the core capabilities of the platform are not only built but also already deployed at ten organizations.

What’s particularly exciting is that AegisAI is already outperforming best-in-class competitors in these engagements. The platform has achieved detection rates that are on par with competitors like Mimecast while generating 10x fewer false positives. The team has also found that while modern API-focused vendors catch more threats than traditional vendors, they also generate significantly more false positives that block legitimate business emails. AegisAI’s system of agents’ approach solves both sides of this equation.

Ready to defend against tomorrow’s attacks

Email is still the easiest way into a company. It’s where trust, speed, and human judgment collide – and where attackers win by moving faster than rules can keep up. There are over 20,000 mid-market companies that don’t have enough security talent to keep up with modern threats. Aegis shifts the paradigm from reactive static rules to a proactive and adaptive system of agents-based reasoning.

The response from security leaders continues to be overwhelmingly positive. They are disappointed by the lack of innovation from PE-owned incumbents and eager to try a new approach as sophisticated phishing attacks become more prevalent. With over $2B in ARR held by top five incumbent email security vendors, there’s a massive opportunity for an AI-native approach to capture market share.

All of us at Foundation Capital are proud to support AegisAI’s mission to replace rules with intelligence in email security. Congratulations, Cy, Ryan, and the entire AegisAI team!

AegisAI is headquartered in San Francisco, CA and New York, NY and is actively hiring across engineering, AI, sales, and marketing roles.

Published on September 10, 2025
Written by Sid Trivedi

• Facebook
• Twitter
• LinkedIn