In this episode of the Bright Founders Talk podcast by Temy, we sit down with Cy Khormaee, Founder and CEO of Aegis AI Security, to explore the evolving landscape of artificial intelligence and cybersecurity. Cy is a seasoned technologist and entrepreneur who has spent more than two decades working with AI, long before it became the global phenomenon it is today. Over the course of his career, he has contributed to major technology companies, including Microsoft and Google, where he helped build large-scale systems and core security technologies used by millions of people worldwide. During his time at Google, Cy worked on widely known technologies such as Safe Browsing and reCAPTCHA, helping make the internet a safer place.

Today, he leads Aegis AI Security, a company focused on using artificial intelligence to protect businesses from increasingly sophisticated email threats. In this conversation, Cy shares his journey from early experimentation with natural language processing to building advanced AI-driven security solutions.

He also discusses how the rise of AI has transformed the cybersecurity landscape, enabling attackers to launch more convincing and scalable threats. At the same time, he explains why AI itself may be the most powerful tool to defend against them. This interview offers valuable insights into the future of AI, digital transformation, and the critical role of security in an AI-driven world.

From Google Security to Aegis: Cy Khormaee on the AI Arms Race

Cy’s journey into AI didn’t start with the recent boom — he’s been deep in the field for more than two decades. Long before AI became a daily headline, he was already writing natural language processing code and exploring neural networks. After starting his career at Microsoft building large-scale systems, Cy moved through several entrepreneurial ventures before joining Google, where he helped build core security technologies protecting products used by billions of people. Among them were Safe Browsing and reCAPTCHA — though, as he jokes, not the version that makes you click endless images of traffic lights.

For Cy, the next step felt almost inevitable. Together with former colleagues from Google, he launched Aegis AI Security, a company focused on tackling one of the most persistent digital threats: email attacks. Phishing, malware, and spam are problems every business knows too well — and with AI now helping attackers craft more convincing messages, the threat landscape is evolving faster than ever. What used to require sophisticated nation-state resources can now be done by almost anyone with the right tools.

That’s exactly why Cy believes AI must also be the defense. At Aegis, the team is building an AI-powered layer of email security designed to detect threats that traditional systems miss. The company is still young — just about a year old — but it’s already working with customers like LangChain and other fast-growing tech companies. For Cy and his team, the mission is clear: if AI is making cyberattacks smarter, then security needs to become even smarter.

Why AI Is the Only Way to Stop AI-Powered Phishing

Cy doesn’t sugarcoat the reality of cybersecurity. For companies that think they’re “too small” to be a target, he has heard that story many times before — and it usually ends the same way. Businesses delay investing in basic security, assuming attacks only happen to large enterprises. But sooner or later, a phishing email slips through, malware spreads, and what could have been a minor issue quickly turns into a costly crisis.

That’s exactly the problem Aegis was built to solve. The platform connects directly to tools companies already use, like Microsoft 365 or Google Workspace, and quietly scans every incoming email. Instead of relying on traditional rules or manual configurations, Aegis uses AI agents that analyze messages, links, and attachments automatically. The idea is simple: plug it in, and let it work. According to Cy, one of the biggest surprises customers experience is how quickly the system starts identifying threats — often ones their existing security tools completely missed.

But the real challenge today isn’t just the volume of attacks — it’s how sophisticated they’ve become. Generative AI has dramatically changed the game, allowing attackers to create perfectly written phishing emails in any language. Cy says these AI-generated attacks are already bypassing traditional filters at much higher rates, and their share of total attacks is growing fast. Soon, he believes, the majority of phishing attempts will be powered by AI — and humans alone simply won’t be able to tell the difference anymore.

When Security Tools Become the Problem

One of the most frustrating issues in cybersecurity isn’t the attacks themselves — it’s when the defense tools get in the way of real work. Cy has seen this happen countless times. Traditional email security systems often rely on rigid rules, and when something looks slightly unusual, they block it. The result? Important emails disappear into quarantine folders or trash bins, and nobody realizes it until a deal, a partnership, or a conversation suddenly goes silent.

Cy shared a story that perfectly illustrates the problem. A researcher at a major university was emailing his dean while traveling abroad, but the school’s security system flagged the messages as suspicious simply because they came from a different country. The dean thought he was being ignored. The researcher thought his emails were going through. In reality, the security tool had quietly blocked every single message.

That’s one reason the Aegis team obsesses over false positives, when legitimate emails get blocked by mistake. According to Cy, their system reduces false positives by more than 90% compared to many traditional tools. Instead of relying on rigid rules, Aegis analyzes context and intent, understanding when something unusual is actually legitimate. And while the platform even includes a button that allows users to restore emails that were mistakenly blocked, Cy admits something funny happened — almost nobody ever uses it. At one point, the team even investigated whether the feature was broken. It wasn’t. It just turns out the system rarely gets it wrong.

The Real Secret to Building a Great Company

When the conversation turned to entrepreneurship, Cy’s advice was surprisingly simple: focus on relationships. Over the course of his career — from Microsoft to Google and now Aegis — he has seen how long-term trust between people shapes almost every successful venture. The teams he builds, the investors he works with, even many of the customers he collaborates with today are people he has known for years.

In fact, many of the people behind Aegis aren’t new connections at all. They’re colleagues and collaborators Cy has worked with across multiple companies over more than a decade. When it came time to launch the startup, he didn’t need to search far for talent — he simply called people he already trusted. That kind of shared history, he says, creates a powerful foundation for building something meaningful together.

And beyond business success, there’s a more personal reason Cy values this approach. Building a company is an intense journey, full of challenges and uncertainty. Doing it alongside people you genuinely trust — and enjoy working with — makes the entire experience far more rewarding. For Cy, success isn’t just about securing email or building cutting-edge technology. It’s also about building something meaningful with people who believe in the same mission.