News

Oran Moyal
|
|
Reading Time:
5
min

Intelligence exchange and integrated defense deliver a new class of protection against AI-powered, social engineering-led attacks.
Ocean Security, the agentic email security platform, announced the extension of its collaboration with Google Cloud on Google Threat Intelligence. The expanded relationship combines Ocean's agentic email security platform with Google Threat Intelligence — including Mandiant frontline expertise and the VirusTotal malware corpus — to deliver in-line protection against the next generation of AI-scaled, targeted email attacks.
This phase deepens technical integration with intelligence sharing, integrated protection against social engineering attacks such as business email compromise (BEC), vendor fraud, and identity impersonation. Ocean customers gain enriched, infrastructure-level context from Google Threat Intelligence.
A Structural Shift in the Threat Landscape
Email remains one of the top attack vectors for enterprises, contributing to a substantial share of all security incidents. But the nature of those attacks has fundamentally changed. Modern campaigns increasingly rely on legitimate infrastructure and AI-generated content rather than a single malicious domain or a recognizable file hash. They are powered by autonomous agents that scrape data, profile victims, and generate high-fidelity phishing emails seconds before delivery.
Campaigns like UTA0388 exemplify this shift. The attackers do not write the emails; they engineer the systems that write them. Each message is unique, contextually plausible, and crafted to exploit trust rather than infrastructure. Traditional filters that look for known-bad signatures were never built for this.
This evolution exposes a structural limitation in even the most advanced threat intelligence systems: They excel at identifying malicious infrastructure and known threats at scale, but they are less effective against attacks that exploit trust, relationships, and organizational context.
A new category of defense is required - one that combines global intelligence with organization-specific intelligence.
"AI is collapsing the distance between intent and execution for attackers, and stopping that requires defenders that reason in the same medium," said Oran Moyal, CTO, Ocean Security. "Our collaboration with Google Cloud on Google Threat Intelligence brings together agentic context on what's happening inside the inbox, and global visibility on what's happening across the internet."
The Defense: Agentic Investigation Meets Global Intelligence
AI has made the human side of attacks almost trivial to scale. Attackers can scrape a target's public footprint in seconds, profile relationships and tone, and generate a perfectly tailored message faster than any human could read it. The hardest part of a social engineering attack to do well is now the easy part.
The one thing AI cannot automate at the same pace is infrastructure. Attackers still need somewhere to send from, somewhere to land payloads, and somewhere to host the next stage. Infrastructure leaves fingerprints, and those fingerprints persist long after a single message is sent. This is the seam in the modern attack lifecycle, and it is exactly where the collaboration between Ocean and Google Cloud becomes especially powerful.
Ocean's AI agents investigate every email the way a senior analyst would, at machine speed and across every mailbox simultaneously. They go beyond surface signals to examine intent, context, and business logic, asking whether a message makes sense given who the sender is, who they communicate with, and what is being asked. The agents enrich each investigation with sender history, relationship graphs, language patterns, and business workflows to surface the mismatches that AI-generated attacks are specifically designed to hide.
Google Threat Intelligence brings unmatched global visibility across attacker infrastructure, frontline incident response intelligence from Mandiant, and one of the broadest malware corpus in the industry through VirusTotal. Pairing Ocean's ability to flag the contextual mismatch inside the inbox with a global view of the infrastructure behind it helps close the gap that AI-scaled attackers rely on.
The operating principle behind the joint defense is simple: hunt the attacker where they cannot scale.
What the Collaboration Delivers
Customers and the broader security community can benefit from Ocean’s integration with Google Threat Intelligence in the following ways:
Shared intelligence across campaigns, IOCs, and infrastructure, pairing Ocean's in-inbox campaign detection with Google Threat Intelligence global infrastructure visibility, Mandiant intelligence, and the VirusTotal corpus.
Proactive joint hunting that identifies and remediates emerging campaigns earlier in their lifecycle, before they scale across customers and sectors.
Joint research into how AI and agentic attacker techniques are reshaping the modern threat landscape.
"Defending against today's AI-generated attacks requires an intelligence advantage", said Miton Adhikari, Head of Security OEM Partnerships, Google Cloud. "By combining our dynamic, global threat intelligence with Ocean Security’s deep organizational and inbox context, we can disrupt the modern attack lifecycle and deliver a powerful new layer of defense against AI-scaled email threats."