Ocean Emerges from Stealth with $28M for Agentic Email Security Platform Built on Autonomous Investigation

On May 19, 2026, Ocean announced its launch from stealth with $28 million in total funding led by Lightspeed Venture Partners, with participation from Picture Capital and Cerca Partners. The company has developed what it describes as the first 'agentic email security platform,' using AI agents to investigate every email in real time rather than relying on detection-based filtering. Ocean's platform, powered by its autonomous intelligence engine Ray, analyzes sender behavior, message content, technical infrastructure, embedded links, and business context to identify malicious intent hidden within legitimate-looking communications. The company reports it already protects hundreds of thousands of enterprise mailboxes, processes more than one billion emails per month, and counts KAYAK, Kingston Technology, and Headspace among its customers.

Ocean's launch reflects a broader shift in email security from anomaly detection to intent investigation, driven by AI-generated phishing campaigns that eliminate the patterns legacy tools were built to catch. CEO Shay Shwartz, a former nation-state operator and Forbes 30 Under 30 alumnus, argues that AI-powered attackers now produce flawless language, reference real projects, and impersonate trusted colleagues, making surface-level detection insufficient. For security teams, the operational implication is that email security is moving from a signature-based control to an AI-versus-AI investigation model, where defenders must continuously validate context and intent at scale.

Organizations evaluating email security replacements should assess whether their current tools can handle AI-generated phishing at volume, particularly campaigns that bypass traditional anomaly detection. Ocean's approach introduces a new architectural pattern (autonomous investigation per email) that may require different integration, logging, and response workflows compared to gateway-based filtering. CISOs should evaluate whether agentic email security platforms introduce new dependencies on LLM availability, accuracy, and explainability, and whether incident response teams have visibility into agent decision-making when investigating false negatives.