News

Liel Strauch
|
|
Reading Time:
3
min

Catch What Looks Normal. Now, Together with Ray.
Ocean is opening Ray to customers directly. The autonomous investigation engine that catches what looks normal, now a co-worker your team can question in the moment.
When we built Ray, the goal was to catch the attacks that look normal. The AI-era threats that slip past pattern-matching and anomaly tools because nothing about them seems out of place. The only way to catch them is to investigate: to read the message, weigh the sender's history, check infrastructure, reason about intent, and render a verdict backed by evidence. That engine runs autonomously across every inbox today.
But investigation was never only about the mail that arrives. Security teams investigate all day: chasing a report a user flagged, answering whether the attack in today's headlines has touched them, making sense of their own risk. Until now, that work ran quietly in the background. Now security teams can trigger it directly, and Ray runs the full investigation alongside them.
Ready the Moment You Ask
By the time you bring Ray a question, it has already done the work. Ocean's platform is an agentic system: Ray orchestrates a swarm of specialized agents across content, communication history, infrastructure, and threat intelligence, and assembles their findings into a coherent picture of what an email is doing and why. The context is already in place. Direct access means reaching the investigation itself, ready to go deeper.
Take a real question: A vendor notifies your team that their email account may have been compromised, and that suspicious messages may have been received over the last few days. An analyst brings that report to Ray.
Ray searches recent mail from that vendor and finds five messages. Four are quarterly invoices, consistent with eighteen months of established communication. The fifth is a request-for-proposal document, a content type never seen from this vendor, sent from a different IP. Ray traces the sending infrastructure: the invoices came from the vendor's usual US-based relay, but the RFP was routed through infrastructure the vendor has never used before. Ray renders a verdict: one malicious message, four clean, with the full chain of evidence attached: the unexpected sender location, a lookalike domain registered days before the email, and a link leading to a live credential-harvesting page.
Ray compiles the whole investigation into a PDF the team can share internally: what was reported, what was found, and the evidence behind it. What would otherwise be a manual scramble becomes one clear, evidence-backed report.
Every Question Gets Its Own Answer
Not every question starts with a suspicious email. A team also needs to understand its own environment: who its most targeted people are, how phishing is trending this quarter, which vendors generate the most flagged mail. Ask Ray, and it returns the answer as Insights: a ranked view, a trend line, a breakdown, built for the question rather than pulled from a fixed dashboard.
The same holds for investigation. Ask about a sender and Ray produces a behavioral history; ask about an attack and it produces the full chain of events with evidence at each step. Because Ray is agentic, it decides what to surface based on the question in front of it and customers aren't limited to the views Ocean anticipated in advance.
You Don’t Have to Choose
Nothing about Ray's autonomous work changes. It still investigates, catches, and remediates across every inbox without anyone having to ask. What's new is a co-worker for the investigations that fill a security team's day: expanding indicators, tracing an actor, reconstructing an attack, answering the question a stakeholder just asked. Ray does the heavy investigative lifting at machine speed and lays out the evidence; the analyst brings the judgment and the context only they have.
It's not another tool to check. It's the investigator that already understands your environment, now working alongside the team - with more ways to meet them in their day-to-day work on the way.
Pattern-matching can't catch the attacks that look normal. Investigation can - reasoning about intent and context to see what they're really doing. That's how Ray works autonomously across every inbox. Now it does it alongside you, too.
Book a demo to see Ray investigate email threats in a live environment.