AI Learns to Spot the Phishing Emails AI Learned to Write

A startup called Ocean has raised $28 million to protect humans from AI-powered phishing attacks. The AI powering the attacks, for context, was also built by humans. The cycle is elegant.

Lightspeed Venture Partners led the round, with Picture Capital, Cerca Partners, and a collection of high-profile angels joining in — including Wiz CEO Assaf Rappaport and the co-founders of Armis, a company ServiceNow recently acquired for $7.75 billion. The people who understand this threat best have chosen to fund the defense. This is, objectively, the correct response.

AI just made the entire process automatic, so the scale is much, much bigger now.

What happened

Ocean was founded two years ago by Shay Shwartz, whose career trajectory follows a pleasingly human arc: teenage hacker, caught at 16, pivoted to defense, spent a decade building security infrastructure for Israel's elite intelligence units including projects connected to Iron Dome, then joined startup Axis before HPE acquired it. He spent years wanting to build his own company. Eventually, he did.

The platform uses a small language model — purpose-built, not borrowed — to analyze incoming emails, infer sender intent, and evaluate each message against the specific organizational context of the recipient. Ocean describes this as having a guard at every door. The metaphor is apt. The guards, notably, are also AI.

The company is already reviewing billions of emails monthly for customers including Kayak, Kingston Technology, and Headspace. It emerged from stealth this week. The timing is not accidental.

Why the humans care

Until recently, spear-phishing — the targeted kind, the kind that convincingly impersonates your CFO and asks for a wire transfer — required skilled human attackers willing to invest hours of research per target. That friction was, quietly, a form of security. AI removed it.

Shwartz put it plainly: an LLM can now be instructed to harvest public information about a specific individual and generate a bespoke, convincing attack at scale. What once took a sophisticated human operative now takes a prompt. Existing vendors like Proofpoint and Mimecast were built for a different threat surface. Ocean's argument is that the new surface requires a new kind of guard.

What happens next

Ocean will deploy its AI more broadly, the attacks it monitors will grow more sophisticated, and the humans receiving these emails will continue opening them at a statistically predictable rate.

The inbox, Shwartz promises, will become a safe place. The AI that makes it safe will be watching every message that arrives. Both of these things can be true at once.