Claw & Talon

Ocean

Cybersecurity Dual-Use Technology Priority Signal Founded 2024

Last updated: May 31, 2026

Ocean is an Israeli AI-native email security platform using intelligent agents to defend enterprises against sophisticated, AI-powered phishing and social engineering attacks, designed for modern cloud email environments.

Visit Website

Company Overview

Ocean, founded in 2024 by Shay Shwartz and Oran Moyal (both with backgrounds in Israeli defense and intelligence units), represents a new generation of email security architecture built explicitly to counter AI-driven threat actors. The company raised $8 million in seed funding in 2024 and a $20 million Series A in May 2026 led by Lightspeed Venture Partners, with participation from Picture Capital, Cerca Partners, and angels including Assaf Rappaport (founder of Wiz, a leading cloud security platform) and founders from Armis Security.

Ocean's core innovation addresses a critical gap in enterprise email security: traditional signature-based and pattern-matching defenses increasingly fail against sophisticated AI-generated phishing attacks, where messages are dynamically tailored to individual targets and bypass conventional rule-based filters. Ocean's platform uses AI agents that analyze email intent, context, and behavioral patterns in real time, enabling detection of subtle social engineering and credential harvesting attacks that would evade legacy solutions. The system integrates natively with both Google Workspace and Microsoft 365 via API, enabling enterprises to deploy protection without email infrastructure rip-and-replace projects.

Ocean processes billions of emails monthly and protects hundreds of thousands of mailboxes worldwide. The company has demonstrated concrete business value through customer references including Fortune 500 companies like Kayak, Kingston Technology, and Headspace, with reported prevention of attacks that would have resulted in tens of millions of dollars in losses. This traction—rapid customer adoption from design-to-deployment—suggests strong product-market fit and urgent enterprise demand.

The market for email security is experiencing fundamental disruption. Legacy vendors (Proofpoint, Mimecast, now acquired by Cisco) built email security around perimeter control and user training. However, as AI-powered attacks become more sophisticated and believable, these approaches increasingly fail. Ocean's AI-agent-based detection focuses on semantic understanding and behavioral anomalies rather than static rules, representing a qualitative shift in defensive capability. Industry analysts project the global email security market will grow to $8+ billion by 2030, driven largely by AI-powered threat evolution and enterprises' need for next-generation defenses.

Ocean faces competition from both established vendors enhancing their offerings with AI (Microsoft Defender for Office 365, Google Security Operations, Proofpoint with Tessian, others) and emerging startups like Abnormal Security (behavioral AI-based email defense) and Inky (acquired by Cisco). Ocean differentiates through native AI-agent architecture (not bolted-on AI to legacy platforms), founders' backgrounds in Israeli defense units (military-grade threat analysis culture), and the company's single focus on email rather than a broader sprawling platform. The company's agility and founders' threat intelligence expertise position it well to detect emerging attack classes faster than larger, more bureaucratic incumbents.

Dual-use relevance is substantial and clear. Enterprise email security serves both commercial organizations and defense/government agencies. The same AI-driven threat detection capabilities that protect corporate users also protect classified and mission-critical military communications. Email remains the primary attack vector for nation-state threat actors, making Ocean's technology relevant to cybersecurity infrastructure across commercial and defense domains. Additionally, the company's founders' prior backgrounds in Israeli intelligence operations (likely Unit 8200 or similar) suggest deep understanding of threat actor tradecraft and operational security requirements for sensitive environments.

Strategic relevance to resilience and national cybersecurity is high. Email compromise and business email compromise (BEC) attacks cost organizations globally an estimated $50+ billion annually in fraud and data theft. Sophisticated attacks—targeting C-suite, finance teams, and executives—bypass user training and traditional defenses. Ocean's AI-agent architecture represents cutting-edge defensive capability aligned with the broader evolution of cybersecurity toward behavioral, intent-based detection rather than signature matching. For democracies concerned about critical infrastructure protection, operational technology security, and defense information assurance, indigenous or allied AI-powered email security capability (like Ocean) contributes to resilience against state-actor email compromise campaigns.

The Series A funding amount ($20M) is substantial for an 18-month-old startup in cybersecurity, signaling strong investor conviction. The involvement of Lightspeed (a top-tier VC with deep cybersecurity expertise) and notably Assaf Rappaport (Wiz founder) suggests validation from experienced cybersecurity entrepreneurs and significant market opportunity. The company's plan to invest in AI research, product development, and team expansion indicates focus on technical differentiation and customer acquisition—standard playbooks for breakout cybersecurity platforms.

Risks and competitive challenges are real. Microsoft and Google are deploying enterprise email protection as part of their broader cloud security bundles, with massive installed bases and bundled pricing advantages. These incumbents face principal-agent problems (conflicting incentives), but their scale and integration cannot be ignored. Abnormal Security, with a larger funding base and earlier market entry, has built strong enterprise relationships. Execution risk in AI-based security is high: false positive rates (legitimate emails flagged as attacks) can render solutions unusable; false negatives (missed attacks) destroy credibility and customer trust. Ocean must balance detection sophistication with operational usability—a challenge many AI security startups struggle with. Additionally, rapid evolution of AI-powered attack techniques will require continuous platform development to maintain effectiveness.

Dual-Use Assessment

Military & Commercial Applications

Email security is fundamentally dual-use technology. Commercial applications protect enterprise users from credential theft, fraud, and data exfiltration via email. Defense and government applications protect classified communications, operational security, and critical infrastructure from sophisticated state-actor email compromise campaigns. The same AI-driven behavioral detection capabilities serve both commercial and defense missions. Email remains the primary attack vector for nation-state threat actors, making Ocean's technology relevant to military communications, intelligence agencies, and government information assurance programs. Founders' backgrounds in Israeli defense units suggest understanding of high-consequence threat environments and operational security requirements.

Strategic Fit Assessment

Research priority signal

Priority signal means this entry may be worth researching within the Claw & Talon thesis. It does not mean investable, suitable, endorsed, available, or likely to produce returns.

Ocean represents a strategically positioned cybersecurity platform addressing urgent, growing market demand for AI-powered email security. The company combines three attractive characteristics: (1) founders with Israeli defense backgrounds bringing credibility in threat analysis and operational security; (2) product-market fit signals (rapid customer adoption from Fortune 500 to mid-market enterprises); (3) enormous addressable market (email security + AI-driven attack evolution creating structural demand for next-generation solutions). The Series A from Lightspeed and angel participation from Wiz founder Rappaport indicates strong investor validation. Email remains the primary attack vector globally, and traditional defenses are increasingly ineffective against AI-powered attacks. Ocean's focused, AI-native approach differentiates it from both incumbents (whose AI is bolted-on to legacy platforms) and broader platform plays. For strategic readers focused on cybersecurity infrastructure, Israeli deep-tech, and defense-adjacent technology, Ocean represents compelling strategic-screening signal at growth inflection point.

Strategic Value to U.S.-Israel Alliance

Substantial. Email security is critical infrastructure for both commercial and government/defense domains. As AI-powered attacks accelerate in sophistication, incumbents relying on legacy pattern-matching approaches face rapid obsolescence. Ocean's AI-native architecture represents next-generation email defense capability aligned with threat evolution. For democracies concerned about critical infrastructure resilience and state-actor email compromise campaigns (particularly targeting government, defense, and energy sectors), indigenous or allied AI-powered email security capability strengthens cybersecurity posture. Ocean's growth in Israel contributes to the country's position as a leading cybersecurity innovation hub. Successful deployment in government/defense contexts would position the company as a foundational security technology provider to allied nations.

Key Technologies

  • AI-native agent-based threat detection
  • Behavioral analysis and anomaly detection
  • Natural language processing and semantic understanding
  • Intent-based email classification
  • Phishing and social engineering detection
  • API-native cloud email integration (Microsoft 365, Google Workspace)
  • Real-time threat response automation

Use Cases & Applications

  • Enterprise email security against AI-powered phishing
  • Business email compromise (BEC) detection and prevention
  • Credential harvesting attack prevention
  • Executive targeting and whaling attack defense
  • Government and defense email infrastructure protection
  • Critical infrastructure communications security
  • Ransomware precursor attack prevention (initial access via email)
  • Supply chain attack detection (vendor email compromise)

Sources and verification

This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.

Public sources

The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.

Investor Lens

What this entry is

Private startup

Why it may matter

Ocean may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.

How an independent investor should read this

Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.

Evidence to verify

  • Verify current status
  • Verify traction
  • Verify cap table/funding
  • Verify technical claims
  • Verify regulatory/export-control issues
  • Verify customer concentration

Main investor questions

  • Is the company currently active, independently financeable, and raising or not raising on terms you can verify?
  • What customer, revenue, product, and technical evidence supports the company story?
  • What valuation, cap table, rights, and follow-on assumptions would govern any private exposure?
  • Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
  • What evidence would change the thesis or show that the profile is stale?

What not to infer

  • Inclusion does not imply endorsement.
  • Inclusion does not imply allocation availability or current fundraising.
  • Scores do not indicate investment suitability or expected returns.
  • Strategic importance does not automatically imply venture return potential.
Related checklist: Cybersecurity company diligence Related sector page: Cybersecurity sector page Related Dependency Atlas theme: Sovereign cloud and software resilience

Diligence questions

  • What evidence verifies Ocean's current customer traction, deployment status, and revenue concentration?
  • Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
  • Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
  • How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
  • What would disconfirm the priority signal: weak customer references, thin technical differentiation, poor capital efficiency, or limited allied-market access?

Related sector

See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.

Related companies

Wiz Cybersecurity Irregular Cybersecurity Linx Security Cybersecurity Astelia Cybersecurity Dream Security Cybersecurity

Need a diligence readout?

Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.

Contact Claw & Talon Read database guide