Why Georgian Invested in Sublime Security

We are pleased to announce that Georgian has led Sublime Security’s $150 million Series C alongside new investors Avenir, 01A, and existing investors Index Ventures, IVP, Citi Ventures and Slow Ventures. 

An Inflection Point for Email Security; Generative AI is reshaping the email-based threat landscape

At Georgian, we track the evolving priorities of CISOs and the technologies that security teams deploy to defend against emerging cyber threats. Since the rise of large language models, generative AI has become a powerful tool in the hands of malicious actors. Email security is one of the markets that Georgian has observed to be drastically impacted by the new AI paradigm. 

We believe that we’re at an important turning point for innovation in email security. Our market thesis can be distilled into three key observations: 

• Email remains a primary attack vector. Phishing continues to be the leading entry point for enterprise data breaches, accounting for approximately 16% of all incidents and costing organizations an average of $4.4 million per breach. Recent incidents, such as the widespread npm supply-chain attack, which began with a single phishing email masquerading as a two-factor authentication reset, underscore the persistent vulnerabilities of email as an attack vector.
• Business Email Compromise (BEC) poses a multi-billion-dollar threat. According to the FBI, global losses from BEC attacks totaled approximately $55 billion between 2013 and 2023. Without meaningful advances in prevention, we believe this figure will continue to rise.
• Adversaries are leveraging AI to scale their attacks. Generative AI enables attackers to produce fluent, personalized and context-aware messages at scale, with unique variants generated in seconds. McKinsey estimates phishing volumes have increased by more than 1,000% since the proliferation of generative AI in 2022.

From Static Detection to Agentic Defense; Sublime’s agentic email security platform deploys a team of specialized AI agents built to provide proactive and autonomous layers of defense

Despite the evolving email threat landscape, we see many organizations relying on legacy secure email gateways or opaque ‘black-box’ solutions as the foundation of their email security programs. Legacy tools often depend on static detection rule sets that may be susceptible to emerging attacks and opaque detection logic that can be difficult to audit. 

In our view, Sublime is redefining email security technology with its agentic platform. Built on an open architecture, Sublime leverages a purpose-built domain-specific language (MQL) and a detection engine tailored to each customer’s environment. 

The platform’s architecture has enabled the launch of two AI agents in the last six months that work alongside security teams to help combat the rise of AI-enabled attacks.

• ASA (Autonomous Security Analyst): ASA is a multi-model agent that automates the end-to-end investigation of user-reported emails. ASA replicates the task of analyzing user-reported messages, providing detailed investigation verdicts and conducting remediation actions, such as quarantining messages that it determines to be malicious. ASA can operate in passive mode with analyst assistance or active autonomous mode with 24/7 operation.
• ADÉ (Autonomous Detection Engineer): ADÉ extends Sublime’s agentic capabilities a step further by working alongside ASA in a multi-agent system. When ASA detects a malicious attack that has bypassed existing detection coverage, ADÉ autonomously generates new detection rules that are iteratively backtested across historical email data. ADÉ produces transparent, auditable detection rules that security teams can review and verify before deploying. ADÉ’s approach enables organizations to respond rapidly to novel threats without sacrificing clarity or control.

At Georgian, we believe the future of email security will rely on agentic tooling that increases the efficacy and speed at which organizations can identify, isolate, and prevent email-based threats. Sublime is well-positioned to lead the transition away from legacy approaches with its transparent, programmatic platform and team of AI agents. Leading enterprises like Spotify, Snowflake, Ramp, Anduril, British Gas, SentinelOne, Benteler and Elastic leverage Sublime to protect their employees. We’re thrilled to be partnering with Josh Kamdjou, Ian Thiel and the entire Sublime team.