Ocean Raises $28M to Build Agentic Email Security for the AI Threat Era

Cybersecurity spent years treating inbox attacks like pickpockets at a train station. Annoying. Predictable. Manageable. Meanwhile, attackers evolved into precision operators using language models and automation sophisticated enough to make Fortune 500 security teams sweat through quarter-end earnings calls. Ocean, an agentic email security startup founded by Shay Shwartz and Oran Moyal, just emerged from stealth with $28M in total funding. Lightspeed Venture Partners led the company's $20M Series A, joined by Picture Capital and Cerca Partners. The investor roster also includes Assaf Rappaport from Wiz, Yevgeny Dibrov and Nadir Izrael from Armis, and Dor Knafo from Cyberstarts.

The timing matters because enterprise cybersecurity is entering an uncomfortable transition period. AI-generated phishing campaigns no longer rely on broken grammar, suspicious attachments, or cartoon-villain social engineering. The attacks now mirror executive tone, internal communication patterns, project timing, and vendor relationships with alarming precision. Email remains one of the largest enterprise attack surfaces on earth, but the economics of phishing changed overnight once generative AI made personalization infinitely scalable. Ocean believes email security needs autonomous investigation instead of reactive filtering, and that distinction could define the next phase of enterprise cybersecurity infrastructure.

What Happened

Ocean officially launched from stealth on May 19, 2026, announcing $28M in total funding. The company operates across New York City and Tel Aviv and positions itself as an “agentic email security” platform built specifically for AI-powered cyber threats. Shay Shwartz serves as CEO while Oran Moyal serves as CTO. The two founders first met in Israel’s Magshimim cybersecurity program before serving in elite Israeli cyber defense units. Their background matters because Ocean is not approaching phishing as a spam problem. The company approaches it as behavioral warfare conducted at machine speed.

The startup says its platform has already scanned more than 1B emails and now processes over 1B monthly across hundreds of thousands of enterprise mailboxes globally. Named customers include KAYAK and Headspace, while Calcalist additionally reported Kingston as a customer. Ocean’s core system revolves around its autonomous investigation engine called Ray. Rather than relying primarily on static detection scoring or traditional pattern matching, Ray coordinates AI agents that analyze sender behavior, organizational context, infrastructure, communication history, links, and intent before an email reaches employees. Ocean describes this approach as agentic security: software operating more like an autonomous analyst than a passive filtering tool. That architecture reflects a larger shift happening across enterprise cybersecurity and AI-native security infrastructure because attackers now have access to the same generative AI capabilities as defenders.

Why This Matters

Enterprise email remains one of the most exploited attack vectors in cybersecurity, but what changed is the sophistication and scale of social engineering. Generative AI dramatically lowered the skill barrier for attackers. A phishing campaign that once required time, language fluency, operational discipline, and research can now be generated instantly with frightening personalization. Attackers can mimic executives, recruiters, vendors, investors, and internal employees with near-perfect contextual awareness. That creates a dangerous gap between modern attacks and legacy email defense systems.

Many incumbent platforms still prioritize anomaly detection, domain scoring, known threat signatures, and rules-based filtering. Those systems worked reasonably well when phishing attacks looked sloppy, but they become less effective when malicious emails resemble authentic executive communication crafted with machine precision. Ocean is betting that enterprise cybersecurity will shift toward autonomous investigation systems capable of reasoning through context instead of merely detecting suspicious patterns. The company’s framing around “agentic security” aligns with a broader movement across AI infrastructure where software increasingly acts as an active operator rather than passive tooling. Investors clearly see the opportunity, and Lightspeed’s participation signals continued institutional conviction around AI-native security startups despite broader venture caution across enterprise software categories.

Market Context

The cybersecurity market spent the last decade consolidating around cloud security, identity management, endpoint protection, and zero-trust architecture. Email security often sat quietly in the background despite remaining one of the most successful attack vectors inside enterprise environments. That dynamic is changing because AI amplified social engineering economics. Attackers no longer need massive operational sophistication to launch convincing phishing campaigns because AI now handles language refinement, contextual adaptation, personalization, and message consistency automatically.

Ocean enters a market historically dominated by Proofpoint and Mimecast alongside newer enterprise phishing defense startups attempting to modernize behavioral detection. The challenge for incumbents is structural because detection-based systems were largely designed around identifying suspicious artifacts, while AI-generated attacks increasingly remove those artifacts altogether. That leaves enterprise security teams chasing intent rather than indicators. Ocean’s architecture reflects this market transition directly by treating every email as an event requiring investigation rather than simple filtering, a mindset that feels closer to intelligence analysis than traditional spam defense.

Competitive Landscape

Cybersecurity startups love declaring categories obsolete, and usually the market ignores them. This time feels different because generative AI altered attacker economics faster than enterprise systems adapted. Ocean’s positioning is aggressive but strategically coherent because the company is not selling incremental phishing improvements. It is arguing that email security requires a fundamentally different operational model built around AI-native reasoning systems.

That puts Ocean into competition not only with legacy vendors like Proofpoint and Mimecast, but also with modern AI-focused security companies building contextual defense layers around enterprise communication. The differentiator may come down to workflow automation and investigative depth because security teams are overwhelmed by alert fatigue, fragmented tooling, and endless false positives. Platforms capable of reducing manual investigation while preserving contextual accuracy will command serious enterprise attention. Ocean also benefits from founder-market alignment that sophisticated cybersecurity buyers increasingly value because enterprise customers purchasing security infrastructure want teams that understand adversarial environments operationally, not just theoretically.

What This Signals

Ocean’s launch reflects a broader truth spreading across enterprise infrastructure: AI is compressing the timeline between technological innovation and threat adaptation. For years, enterprise AI conversations centered around productivity gains, copilots, workflow automation, and software efficiency. Security teams understood the offensive implications intellectually, but now they are confronting them operationally. That shift is creating an entirely new category of AI-native security infrastructure.

The next generation of cybersecurity winners may not simply detect threats faster. They may operate more like autonomous analysts capable of reasoning through ambiguity, behavioral context, and organizational intent in real time. Ocean is positioning itself directly inside that transition, and the company’s emergence says as much about where cybersecurity is heading as it does about email itself.

Frequently Asked Questions

What is Ocean?

Ocean is an agentic email security startup founded by Shay Shwartz and Oran Moyal that uses AI agents to investigate enterprise emails in real time before threats reach employees.

How much funding did Ocean raise?

Ocean raised $28M in total funding, including a $20M Series A led by Lightspeed Venture Partners.

What does Ocean’s Ray engine do?

Ray is Ocean’s autonomous investigation engine that analyzes sender behavior, links, infrastructure, organizational context, communication history, and intent before emails reach enterprise employees.

Why is AI-generated phishing becoming more dangerous?

Generative AI allows attackers to create highly personalized phishing emails at scale, making attacks more convincing and harder for traditional email security systems to detect.

Who invested in Ocean?

Investors include Lightspeed Venture Partners, Picture Capital, Cerca Partners, Assaf Rappaport, Yevgeny Dibrov, Nadir Izrael, and Dor Knafo.

Who founded Ocean?

Ocean was founded by Shay Shwartz and Oran Moyal, who previously worked in elite Israeli cyber defense units before launching the company across New York City and Tel Aviv.

What companies use Ocean?

Ocean says customers include KAYAK and Headspace, while Calcalist additionally reported Kingston as a customer.

What category does Ocean compete in?

Ocean operates in enterprise cybersecurity and focuses specifically on agentic AI-powered email security designed for modern phishing and impersonation attacks.