Back to vendors
O

Ocean

Also known as: Ocean Security, Ray

Visit site
Security / SOC agentindependentVerified 2026-07-07

Agentic email security platform whose network of AI agents, led by an autonomous investigation engine called Ray, inspects every message in real time to catch phishing and social engineering that evade legacy filters.

Ocean is an agentic email security company headquartered in New York City and Tel Aviv, founded in 2024 by Shay Shwartz and Oran Moyal. Both served in elite Israeli military intelligence units and later led offensive social engineering operations, and they built Ocean to defend email from the attacker's point of view. The company emerged from stealth in May 2026 with twenty eight million dollars in total funding, an eight million dollar seed led by Picture Capital followed by a Series A led by Lightspeed Venture Partners, with Cerca Partners and a roster of security angels including Wiz chief executive Assaf Rappaport and the founders of Armis. Its thesis is that generative AI has made flawless, context rich spear phishing cheap to produce at scale, which breaks detection tools built to flag anomalies.

Rather than scoring messages against static rules or anomaly models, Ocean deploys a network of AI agents that investigate every inbound email the way a human analyst would. The core engine, called Ray, examines sender identity, message content, embedded links, technical infrastructure, and the recipient's business context to judge intent. It cross references claimed identities against multiple data sources and can even reach out to a supposed sender through a separate channel to verify legitimacy. When a message is judged malicious the agents act directly, quarantining it or alerting the user with a plain language explanation. Ocean runs on a purpose built small language model tuned for fast email analysis rather than a general purpose model, and connects to Google Workspace and Microsoft 365 through the API in minutes, adding retrospective analysis of prior mail.

Ocean positions itself as a full replacement for legacy and first generation tools rather than an add on, and reports real scale, more than one billion emails scanned in its first year and a similar volume every month, protecting hundreds of thousands of mailboxes for customers such as Kayak, Kingston Technology, and Headspace. For an enterprise, especially in finance or digital services, that is losing ground to AI generated impersonation and wants autonomous investigation instead of rule tuning, Ocean is a strong fit. A buyer wanting a broad, multi channel security platform, open model choice, or self hosted deployment will find Ocean deliberately narrow, deep on email and light everywhere else.

Vendor details

Canonical URL

https://ocean.security

Category

Security / SOC agent

Subcategory

Agentic email security

Funding status

Independent, dual headquartered in New York City and Tel Aviv, founded in 2024 by Shay Shwartz (CEO) and Oran Moyal (CTO), both former Israeli intelligence operators with offensive social engineering backgrounds. Ocean emerged from stealth in May 2026 with twenty eight million dollars total, an eight million dollar seed led by Picture Capital and a Series A led by Lightspeed Venture Partners, with Cerca Partners and angels including Assaf Rappaport of Wiz and Armis founders Yevgeny Dibrov and Nadir Izrael. The company reports seven figure revenue and roughly thirty five employees.

Company status

independent

Use cases & customers

Primary use cases

Phishing and spear phishing detectionBusiness email compromise preventionSocial engineering defenseAutonomous email investigation

Target customers

Enterprise security teamsFinancial services organizationsDigital services companiesFortune 500 enterprises

Deployment options

Cloud (API integration with Microsoft 365 and Google Workspace)

Integrations

Ocean connects to Microsoft 365 and Google Workspace through their APIs, deploying in minutes and immediately running both live inspection and retrospective analysis of prior mail. Its agents cross reference sender identities against multiple external data sources and can reach out through alternative channels to verify legitimacy. The platform is API first and focused on the email channel rather than a broad connector catalog.

In practice

An attacker sends a flawless impersonation of a trusted colleague with no obvious anomalies. Ocean's Ray engine reads the intent behind the message and quarantines it before the employee ever acts.

A security team wastes hours chasing low value alerts while real threats blend in. Ocean investigates every email autonomously and surfaces only the messages that carry genuine malicious intent.

A finance employee receives a payment change request that looks legitimate. Ocean cross references the sender identity across sources and verifies out of band before the transfer can proceed.

Capability coverage

5.5 / 14 capabilities · 39%

Integrations & Tool CallingConnects to Microsoft 365 and Google Workspace by API and cross references identities across external sources, but the integration surface is focused on the email channel, Ocean docs 2026-07-07 Partial
Workflow OrchestrationA network of AI agents runs autonomous multi step investigation and response, from analysis to quarantine and out of band verification, Ocean docs 2026-07-07 Full
Knowledge Grounding & RAGJudgments are grounded in organizational and business context and sender history, though no document knowledge base or retrieval surface is described, Ocean docs 2026-07-07 Partial
Human Oversight & GuardrailsThe system can alert users and escalate for review, but configurable oversight and approval controls are not documented in detail, Ocean docs 2026-07-07 Partial
Security, Identity & GovernanceAs an email security product it protects sensitive mail, but its own compliance certifications, access controls, and governance features are not documented, Ocean docs 2026-07-07 Partial
Observability & AuditabilityEvery email investigation produces a record and plain language explanation with retrospective analysis, though a full audit and observability suite is not described, Ocean docs 2026-07-07 Partial
Memory & State PersistenceThe platform builds organizational context over time, but a first class persistent memory store is not documented, Ocean docs 2026-07-07 Partial
Deployment & Data ResidencyDelivered only as a cloud API service with no self hosted, on premise, or documented regional residency option, Ocean docs 2026-07-07 Unable to verify
Prebuilt Agents, Templates & PacksShips a purpose built set of prebuilt investigation agents, but not a library of templates or packs for customization, Ocean docs 2026-07-07 Partial
Triggers & Channel CoverageTriggers on every inbound email in real time, but coverage is limited to the single email channel, Ocean docs 2026-07-07 Partial
Model Flexibility & RoutingRuns on a proprietary purpose built small language model with no customer model choice or routing, Ocean docs 2026-07-07 Unable to verify
APIs, SDKs & MCP ExtensibilityNo customer facing API, SDK, or MCP surface for extensibility is documented, Ocean docs 2026-07-07 Unable to verify
Testing, Debugging & OptimizationThe system simulates attacker techniques and tunes for false positive reduction, a domain testing surface rather than a general agent evaluation harness, Ocean docs 2026-07-07 Partial
Browser & Computer UseNo browser or computer use capability is described, Ocean docs 2026-07-07 Unable to verify

Recent platform changes

No recent material changes tracked yet.

Pricing

Not public; quoted through enterprise sales, believed priced per protected mailbox

enterprise subscription, believed per protected mailbox

Contact onlyLow variable costTrial available

What is public

No list prices, per mailbox rates, or entry point are published.

Billing mechanics

Presumed enterprise contracts negotiated with sales, believed to key off the number of protected mailboxes.

Cost watchouts

Migrating off an existing email security vendor may carry overlap or transition cost during the switch.

Variable cost rationale

Believed priced on protected mailbox count under an enterprise agreement, so cost is predictable per seat rather than exposed to unpredictable usage metering.

Additional watchouts

Positioned as a replacement rather than an add on, so evaluate against the cost of the incumbent it displaces.

Sales call required

Yes — required for paid access

Free / trial

Proof of value deployments; no public free tier

Key ambiguities

No public per mailbox anchor or minimum commitment is disclosed.

Verified 2026-07-07

Contact us

Found a vendor we missed? Have feedback on the index? We'd love to hear from you.