![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 372 101" xmlns="http://www.w3.org/2000/svg"><path d="M 50.542 0 C 78.455 0 101.083 22.61 101.083 50.5 C 101.083 78.39 78.455 101 50.542 101 C 48.515 101 46.517 100.879 44.552 100.648 C 36.91 85.583 32.603 68.544 32.603 50.499 C 32.603 32.455 36.909 15.416 44.551 0.352 C 46.516 0.12 48.515 0 50.542 0 Z M 15.546 14.064 C 24.108 23.784 29.301 36.536 29.301 50.501 C 29.301 64.465 24.108 77.217 15.547 86.936 C 5.965 77.745 0 64.819 0 50.5 C 0 36.181 5.965 23.254 15.546 14.064 Z M 357.842 47.812 C 357.842 42.857 356.039 38.892 350.087 38.892 C 345.308 38.892 340.98 42.226 340.98 49.254 L 340.98 74.663 L 326.822 74.663 L 326.822 27.81 L 340.619 27.81 L 340.619 34.117 C 343.865 29.882 348.734 26.729 355.317 26.729 C 365.327 26.729 372 33.036 372 46.1 L 372 74.663 L 357.842 74.663 Z M 308.559 74.663 L 308.559 69.707 C 304.591 74.212 299.812 75.744 293.77 75.744 C 283.761 75.744 276.547 70.698 276.547 61.327 C 276.547 52.948 282.048 49.074 295.394 46.821 L 308.199 44.659 L 308.199 42.766 C 308.199 39.523 306.665 37.09 300.985 37.09 C 296.115 37.09 293.139 39.433 293.049 43.127 L 278.982 43.127 C 279.162 32.135 288.54 26.729 300.804 26.729 C 315.052 26.729 321.996 32.225 321.996 41.055 L 321.996 74.663 Z M 297.828 66.013 C 303.239 66.013 308.199 63.4 308.199 56.823 L 308.199 53.308 L 298.279 55.291 C 293.41 56.192 290.975 57.363 290.975 60.787 C 290.975 64.031 293.32 66.013 297.828 66.013 Z M 250.679 75.744 C 235.258 75.744 226.602 65.202 226.602 51.236 C 226.602 37.27 235.258 26.729 250.679 26.729 C 266.189 26.729 274.846 36.64 274.846 52.768 L 274.846 55.471 L 240.308 55.471 C 241.39 61.598 244.998 65.202 250.679 65.202 C 255.729 65.202 258.704 63.49 260.507 60.246 L 274.034 60.246 C 270.968 69.527 262.762 75.744 250.679 75.744 Z M 240.398 46.37 L 261.049 46.37 C 259.786 40.604 256.179 37.27 250.679 37.27 C 245.268 37.27 241.661 40.604 240.398 46.37 Z M 202.218 75.744 C 186.978 75.744 178.321 65.202 178.321 51.236 C 178.321 37.27 186.978 26.729 202.218 26.729 C 216.105 26.729 223.77 34.297 225.212 45.199 L 211.145 45.199 C 210.243 40.694 206.997 38.081 202.218 38.081 C 195.545 38.081 192.569 43.217 192.569 51.236 C 192.569 59.255 195.545 64.391 202.218 64.391 C 207.267 64.391 210.333 61.417 211.145 56.372 L 225.212 56.372 C 223.77 67.725 216.195 75.744 202.218 75.744 Z M 151.568 75.744 C 135.787 75.744 127.13 65.202 127.13 51.236 C 127.13 37.27 135.787 26.729 151.568 26.729 C 167.439 26.729 176.096 37.271 176.096 51.236 C 176.096 65.202 167.439 75.744 151.568 75.744 Z M 151.568 64.391 C 158.872 64.391 161.848 59.255 161.848 51.236 C 161.848 43.217 158.872 38.081 151.568 38.081 C 144.354 38.081 141.378 43.217 141.378 51.236 C 141.378 59.255 144.354 64.391 151.568 64.391 Z" fill="rgb(0, 34, 49)" height="101px" id="nbwo4Zi91" width="372.00001062700176px"/></svg>)
News
Oran Moyal
|
|
Reading Time:
5
min
Operating inside one of Israel’s most elite cyber units, Shay Shwartz and Oran Moyal worked on the offensive side of cyber operations, pushing systems to their limits, finding the cracks, and exploiting them before anyone else could. “We’d go three, sometimes four days straight,” Shay recalls. “High pressure, no margin for error.” What they were building in those moments went beyond technical skill. It was a test of endurance, judgment, and, most importantly, partnership.
Years earlier, the two had met as teenagers in Magshimim, a prestigious cyber program in Israel. A successful Capture the Flag competition sparked a friendship that would carry through years of collaboration, from sharing knowledge as students to eventually working side by side in high-stakes military operations. Those years did more than sharpen their abilities. They built a deep level of trust, the kind forged under pressure, where you learn how someone thinks, reacts, and solves problems when the stakes are high. That would ultimately become the foundation for Ocean.
The Problem They Couldn’t Ignore
After their military service, Shay and Oran moved into roles across the security ecosystem, including Microsoft, Axis Security (acquired by HPE Aruba Networking), and Bitsight (following its acquisition of VisibleRisk), where they built enterprise security solutions at scale.
Over years on the offensive side of security, they developed a deep understanding of how attacks actually unfold in practice. Email was consistently at the center. It remained the primary entry point, the channel where trust is exploited and where small signals carry outsized impact.
At the same time, a major shift was underway. Advances in AI were opening up a fundamentally new way to approach the problem. For the first time, systems could begin to understand communication through context and intent, not just patterns.
That shift was happening on both sides. The same technology that could help defenders understand email was also making attackers significantly more effective. AI was lowering the barrier to highly targeted, convincing phishing, giving even low-resourced actors the ability to operate with a level of precision that previously required nation-state capabilities.
Email had been the number one attack vector for years. Now, it was becoming even more dangerous.
That combination made the opportunity clear. The problem was massive, the timing was right, and the technology had finally caught up. Shay and Oran had the domain expertise from years of offensive work, and they knew exactly what it would take to build a new kind of email security platform. One that could understand email at the same level as a security analyst.
Ocean was built from that insight.
A Different Bet
The idea for Ocean began with a simple but ambitious question: What would email security look like if it truly understood each message and its intent?
At the time, that was a risky premise to build a company around. Large language models (LLMs) were still early and inconsistent, and most of the industry remained focused on traditional machine learning approaches built on rules, retraining cycles, and historical patterns.
Ocean made a deliberate bet: email security shouldn’t just detect anomalies and patterns, it should understand context. While the market doubled down on rules, ML retraining cycles, and pattern analysis, Ocean built on LLMs from day one.
“All the existing solutions were built on models that need constant retraining, rules, and tuning,” Shay explains. “They don’t actually understand the message.” Ocean’s approach centers on understanding email the same way humans do, interpreting language, context, and intent. This depth allows the platform to surface risks that traditional systems miss and adapt quickly as attacks evolve—before they hit.
The First “Wow” Moment
That conviction began to pay off when Ocean deployed its first AI agent into production within real email environments. It was instantly achieving results comparable to legacy email security platforms that had been in the market for years.
For the founders, this was a turning point. “That’s when we realized this isn’t incremental,” Oran says. “This is a significantly different way of solving the problem.” What stood out even more was the trajectory. The system was continuously improving, uncovering new insights and identifying threats that had previously gone unnoticed.
Customers began to see a level of visibility into their email environment that they had not experienced before. The platform was not just catching known threats; it was revealing entirely new categories of risk.
Then Came the Second
A second breakthrough followed, expanding what the platform could do at scale. Ocean’s agents began learning from each other and creating feedback loops that operate directly within the email security workflow.
“One agent would identify something, another would validate or correct it, and suddenly you are closing the loop without a human,” Oran explains.
This created a system where detection, investigation, and validation could happen continuously and autonomously across large volumes of email communications. As a result, Ocean can respond to threats at the same pace they emerge, staying ahead of attackers who are constantly adapting their tactics.
Why Now
For Shay and Oran, the decision to come out of stealth reflects a clear moment of readiness. The underlying technology has matured, the platform has been proven in production, and Ocean has accumulated extensive real-world experience operating in live email environments.
After more than a year and a half running proprietary AI agents and processing billions of emails, the company has built a compounding advantage. While much of the market is only beginning to explore AI-driven approaches to email security, Ocean has already been iterating, learning, and refining its system in enterprise customer environments.
Building More Than a Product
Ocean is building both an email security platform and a team designed to approach the problem from multiple angles. The company brings together AI researchers, social engineering specialists, fraud detection experts, and engineers who have built large-scale infrastructure for some of the world’s biggest organizations.
Many of these individuals have worked together before, creating a strong foundation of trust from day one. At the same time, the founders intentionally built a team with diverse perspectives. “Not everyone thinks the same, and that’s intentional,” they say. “We want the debates. That’s how you get to the best decisions.”
This focus on people extends beyond team composition. “People are the core and heart of the company,” they both emphasize. “We spend a lot of time making sure this is a place where people can grow.” That mindset carries into the product itself, where understanding human behavior is central to how Ocean approaches email security.
Why “Ocean”
The name Ocean reflects how the founders see the email security landscape.
“About 80 percent of the ocean is still undiscovered,” Shay says. That is where the unknown lives, where the most important signals are hidden beneath the surface. It is also where modern email threats exist — subtle, contextual, and often invisible to traditional systems.
Most email security tools operate at the surface level, focusing on patterns, rules, and anomalies. Ocean is built to go deeper into every message. By leveraging AI to understand intent and enrich context, it uncovers layers of meaning within emails that were previously out of reach.
The name is a reflection of that approach. Email security is not about scanning what is visible. It is about exploring what is not, and bringing clarity to the vast, uncharted space where real risk exists.
Getting Close to the Problem
As the company evolved, one strategic decision became clear. To build a world-class email security platform, they needed to be close to the organizations they serve. For Shay, that meant relocating to the United States.
Being on the ground enables Ocean to have real conversations with security teams, understanding their pain points, experiencing their frustrations, and observing their day-to-day operations. Feeding those insights directly back to the product team from the early days reverses the typical model: instead of technology outpacing adoption, adoption outpaces technology. The platform evolves in real environments, shaped by real needs, with a full feedback loop made possible by early adopters and believers who let us into their SOCs to tackle the hardest problem they've been trying to solve for their entire careers.
What Comes Next
Ocean was built on a simple but hard-earned insight. Attackers have long understood how to exploit human communication through email.
For years, Shay and Oran operated within that reality, learning how attacks move through inboxes, how trust is manipulated, and where systems fall short. Now, they are applying that knowledge to build a platform that understands email at the same level.
By bringing context, intent, and human understanding into email security, Ocean is closing a gap that has persisted for far too long.
For the first time, defenders can adapt and operate at the same depth as attackers.