Our Take
Ocean is solving a real problem (LLMs made spear-phishing scalable) but hasn't published independent benchmarks showing it actually catches AI attacks better than Proofpoint or Abnormal Security.
Why it matters
AI-powered phishing is now a commodity threat, not a boutique one. Email remains the primary attack vector for enterprises, and defenders need to know whether context-based detection actually closes the gap that commodity LLMs opened.
Do this week
Security teams: Request Ocean's detection rate against synthetic AI-generated emails from your vendor (not just their benchmark) before budget commitment.
Ocean emerges with $28M from Lightspeed and top-tier angels
Shay Shwartz, who spent a decade leading cybersecurity projects for Israel's defense establishment (including work tied to the Iron Dome system) and later joined Axis (acquired by HPE), launched Ocean two years ago. The agentic email security platform just announced $28 million in total funding (per TechCrunch reporting). Lightspeed Venture Partners led the round; Picture Capital and Cerca Partners participated. Angel investors include Assaf Rappaport (Wiz co-founder and CEO), Yevgeny Dibrov and Nadir Izrael (Armis co-founders, company sold to ServiceNow for $7.75 billion).
Ocean claims to analyze billions of emails monthly for customers including Kayak, Kingston Technology, and Headspace. The platform uses a small language model trained to evaluate sender intent and organizational context in real time.
LLMs made spear-phishing automated and scalable
Traditional phishing detection vendors like Proofpoint, Mimecast, and newer entrants like Abnormal Security have succeeded against rule-based and behavioral attacks. But Shwartz's core claim is structural: "AI just made the entire process automatic, so the scale is much, much bigger now." An LLM can harvest public data, model a target's communication patterns, and generate contextually plausible impersonation emails at scale in minutes. Sophisticated spear-phishing was once the domain of well-funded threat actors. Now it's a prompt away.
If that diagnosis is correct, then detection strategies built for low-volume, manually-crafted attacks may not hold. A detector that catches 95% of traditional phishing but only 60% of LLM-generated attacks is a regression in practical security.
Demand independent benchmarks before deploying
Ocean's funding and customer roster are real. Its problem statement is credible. But the company has not published peer-reviewed benchmarks, independent detection rates, or comparative testing against Abnormal Security, Proofpoint, or other incumbents. Vendor-published numbers on email volume processed prove throughput, not accuracy or security impact.
Security teams evaluating new email defenses should ask: How does Ocean perform against synthetically generated LLM phishing versus human-crafted attacks? What is the false-positive rate on legitimate organizational emails? How does that compare to your current vendor? Request red-team testing on your own email corpus before committing budget. The fact that a startup has elite backing and addresses a real threat is not proof that it solves the threat better than alternatives already in your stack.