Free to read. Sign up to save your progress and take knowledge-check quizzes.

Sign up free
5 min read·Updated May 20, 2026

Ocean

Ocean logoBy Ocean

Ocean is an AI-native email security platform that launched from stealth in May 2026 with $28 million led by Lightspeed Venture Partners. Its agentic investigation engine, Ray, analyzes every incoming email in real time to flag fraud, impersonation, and AI-driven phishing — already protecting Kayak, Kingston Technology, and Headspace.

Listen to this lesson

Free preview · first 0:30
0:00 / 0:30

Audio & video lessons are paid features

Plus unlocks audio streaming. Pro adds downloadable audio, video, certificates, and more.

Plus adds:
  • Audio streaming
  • Downloadable PDFs
  • All AI Playbooks
  • Personalized content
Pro also adds:
  • Certificates of completion
  • Audio MP3 downloads
  • Video lessonssoon
  • & More…soon
Sign upSign inCompare plans

Watch this lesson

Video coming soon

Learning Objectives

  • Understand how Ocean''s agentic email security model differs from legacy rules-and-signatures filters
  • Identify the AI-versus-AI dynamic that makes generative-AI phishing defense an urgent enterprise category
  • Evaluate Ocean against incumbent email-security vendors (Proofpoint, Microsoft Defender for Office 365, Abnormal Security)

What Is Ocean?

Ocean is an AI-native email security platform that launched from stealth in May 2026 with $28 million in funding led by Lightspeed Venture Partners, with participation from Picture Capital and Cerca Partners and angel backing from Wiz CEO Assaf Rappaport and Armis co-founders Yevgeny Dibrov and Nadir Izrael. The company was founded in 2024 by Shay Shwartz and Oran Moyal.

Ocean''s product centers on an autonomous investigation engine called Ray, which evaluates every incoming email in real time. Ray analyzes sender information, message content, embedded links, technical infrastructure, and the organizational business context to determine trustworthiness — running a custom small language model rather than the rules-and-signatures approach that defined legacy email security. The company is already replacing legacy email security products in complex enterprise environments, reviewing billions of messages a month for customers including Kayak, Kingston Technology, and Headspace.

The thesis driving Ocean is straightforward: AI has democratized spear-phishing. Techniques that previously required skilled human attackers — custom pretexts, convincing voice and writing style, multi-step social engineering across multiple channels — can now be automated at scale with frontier-class language models. As foundation-model capabilities improve, so does the floor of attacker capability. Ocean argues that the defense has to be agentic AI too: pattern matching against known-bad signatures cannot keep up with adversaries that generate novel-but-plausible attacks on demand.

💡Key Concept

The AI-versus-AI dynamic in cybersecurity. Every advance in frontier AI capability has a dual-use shadow. Better conversational models also write better phishing emails. Better voice synthesis enables better impersonation calls. Better code-generation accelerates malware development. The defensive response is itself agentic AI — models that read intent and context the way human analysts do, faster and at higher scale. Expect to see this pattern repeat across other security categories (DLP, endpoint, identity) as AI-native challengers raise capital against incumbent rule-based vendors.

Founder Background — Shay Shwartz

Shwartz''s lineage is part of Ocean''s identity. As a teenager he made money as a hacker, got caught at 16, then pivoted to cybersecurity defense — spending roughly a decade in Israel''s elite defense and intelligence units, including work tied to the Iron Dome project, before leading projects at Axis, the startup later acquired by Hewlett Packard Enterprise. That trajectory — top-tier government cyber operations to enterprise startup — is a common founder profile among the strongest Israeli cybersecurity companies, and it''s reflected in the angel investor list (Wiz, Armis) of operators with the same background.

Core Capabilities

Ray — The Agentic Investigation Engine

Ray is the platform''s defining piece. For each incoming email, Ray runs an end-to-end investigation: sender reputation, message linguistic analysis, link-and-attachment risk evaluation, infrastructure provenance, and organizational business-context fit. The output is a trustworthiness judgment paired with an investigation trail that explains the reasoning — replacing the "blocked: matched rule N" black box of legacy filters with an audit-grade decision record.

Custom Small Language Model

Ocean runs a custom small language model tuned specifically for email security rather than a general-purpose frontier model. The trade-off is intentional: a smaller specialized model is cheaper to run at the billions-of-messages-per-month scale required for inbox protection, and it can be fine-tuned on adversarial email data without exposing customer content to third-party AI providers. The "small" framing is itself a positioning statement against vendors that route enterprise email through general-purpose API models.

Organizational Business Context

A key differentiator versus content-only filters is business context integration. Ray uses signals about the receiving organization — typical sender patterns, vendor relationships, internal communication norms — to evaluate whether a borderline email fits the organization''s actual behavior. A finance request from a "CEO" out of normal pattern; a vendor invoice from a new bank account; an HR communication outside business hours — these are exactly the patterns AI-augmented attackers exploit, and they''re invisible to filters that look only at email content.

Enterprise Replacement Footprint

Ocean is already deployed in complex enterprise environments replacing legacy email security products, not just augmenting them. The named customers — Kayak, Kingston Technology, Headspace — span travel commerce, hardware, and consumer wellness; the platform''s scale claim is billions of messages reviewed monthly. The replacement-not-augmentation framing matters for evaluation: Ocean is positioning Ray as a full email security gateway, not a layer on top of Proofpoint or Microsoft Defender.

Strengths

  • AI-native architecture: Custom small language model tuned for email security from day one, not a rules engine retrofitted with ML
  • Agentic investigation: Ray''s end-to-end investigation produces audit-grade decision trails, not opaque rule matches
  • Business context integration: Reads organizational behavior patterns, not just email content
  • Strong investor and angel base: Lightspeed lead, Wiz CEO and Armis co-founders as angels — operators-deep validation
  • Enterprise replacement footprint: Already replacing legacy products at Kayak, Kingston Technology, Headspace
  • Defense-research founder lineage: Israeli elite cyber and Iron Dome project background — a credentialed founder in a category that values it

Limitations & Considerations

  • New company: Founded 2024, launched from stealth May 2026 — limited public deployment history beyond the named customers
  • No public pricing: Enterprise sales motion; per-seat or per-mailbox pricing not disclosed
  • No SMB tier announced: Initial focus is complex enterprise environments; smaller organizations may need to wait for a packaged tier
  • Incumbent competition: Proofpoint, Microsoft Defender for Office 365, and Abnormal Security are entrenched in many enterprise email stacks; switching has integration and procurement friction
  • AI-versus-AI is a moving target: As attacker capability evolves, the defensive model has to evolve with it — the platform''s effectiveness will be re-evaluated continuously against the latest attack vectors

Best Use Cases

TaskWhy Ocean
Enterprise email gateway replacementAI-native architecture replaces legacy rules-and-signatures products end-to-end
AI-driven phishing defenseCustom small LM tuned for spear-phishing-style attacks generated by frontier AI
Vendor impersonation and BEC defenseBusiness-context integration catches out-of-pattern requests legacy filters miss
Audit-grade decision trailsRay''s investigation logs document the reasoning for each decision — useful for security operations and compliance
Organizations under active AI-augmented attackSectors seeing the strongest AI-driven email attack rates (finance, healthcare, professional services)

When to choose alternatives:

  • Microsoft-365-native security integration → Microsoft Defender for Office 365 (deepest 365 telemetry integration)
  • Behavior-analytics-first incumbent → Abnormal Security (the established AI-leaning email security vendor)
  • Mature broad enterprise vendor → Proofpoint (large enterprise footprint, broad feature set)
  • Smaller organizations on a budget → wait for an Ocean SMB tier or evaluate Microsoft Defender / Google Workspace built-in protections

Getting Started

  1. Visit ocean.security and request a demo through the enterprise contact form
  2. Identify the email security incumbent currently in place (Proofpoint, Microsoft Defender, Abnormal, legacy gateway) — Ocean''s sales conversation starts from a replacement framing
  3. Scope the deployment to a representative pilot subset (one business unit, one mail flow) before full rollout
  4. Configure organizational business-context signals — vendor relationships, internal communication norms — to give Ray the context required to evaluate borderline cases accurately
  5. Compare Ray''s investigation logs to incumbent rule-match logs during the pilot — the audit-grade decision trail is one of Ocean''s clearest evaluation differentiators
  6. Plan integration with downstream SOC tooling — Ocean''s decision output should land in the same SIEM/SOAR surface as the rest of the security stack

Tip

Evaluating AI-native email security. When comparing Ocean against incumbents, focus on three dimensions: (1) detection on AI-generated novel attacks (request a red-team set rather than relying on historical attack data), (2) explainability of the decision (compare Ray''s investigation log to the alternative''s rule-match output), and (3) integration with the rest of the security stack (SIEM, SOAR, identity). The AI-versus-AI dynamic makes detection benchmarks the headline number, but explainability and integration usually determine which product survives a full enterprise procurement cycle.

Key Takeaways

  • Ocean launched from stealth in May 2026 with $28 million led by Lightspeed Venture Partners — an AI-native email security platform built around the Ray agentic investigation engine
  • The platform is positioned to replace rather than augment legacy email security: custom small language model + business-context integration + audit-grade investigation trails
  • Already protecting Kayak, Kingston Technology, and Headspace at billions of messages reviewed per month
  • Founder Shay Shwartz''s lineage — Israeli elite defense including Iron Dome project, then Axis (acquired by HPE) — is the kind of profile that has produced top Israeli cybersecurity companies; angel backing from Wiz CEO Assaf Rappaport and Armis co-founders reinforces the operator-network signal
  • The broader category dynamic is AI-versus-AI: frontier-AI capabilities lower the cost of spear-phishing, and the defense has to be agentic AI too; expect this pattern to repeat across DLP, endpoint, and identity security through 2026

Save your progress & take the quiz

Sign up free to bookmark lessons, track which modules you've completed, and lock in what you learned with a quick knowledge-check quiz at the end of each lesson.

Sign up freeAlready a member? Log in
🧭Recommended for you