AegisAI wants to stop phishing before you click

$4.45 million — that’s the average cost of a single data breach caused by phishing today. According to IBM, it remains the most common entry point for cybercriminals. But email has long ceased to be just a carrier of extorted logins. Today, email channels ransomware, malicious software, and even sophisticated scams — from fake invoices to messages impersonating board members. The more personalized and convincing they are, the more effective they become, and those created by AI are increasingly difficult to distinguish from real ones. According to a CrowdStrike study, phishing generated by large language models achieves a click-through rate of 54%. In comparison, classic emails written by humans only achieves a 12%.

New creators, old mistakes

Cy Khormaee and Ryan Luo, former Google managers known for their work on reCAPTCHA. are entering the game. Their new startup AegisAI just secured $13 million in funding. Their goal is to approach email security using the same technologies that attackers use today. Khormaee diagnoses the problem frankly: for 30 years, email protection systems haven’t kept up with threats. Initially, they relied on the sender’s reputation — today, that’s childishly easy to circumvent. Later came the rule-based filters trained on past incidents. The issue is that today’s attacks aren’t repeated — they’re unique, dynamic, contextual. By the time a filter learns, it’s already too late.