Portfolio News
For over 15 years, phishing has remained the gateway for approximately 90% of data breaches. Despite billions invested in email security, the fundamental problem not only persists, but is getting worse. Today’s AI-generated attacks are sophisticated. They’re hyper-personalized, high-volume, and built to evade the legacy signature-based detection tools. While CISOs remain dependent on platforms designed for yesterday’s threats, attackers are using AI to craft targeted campaigns that slip through traditional defense mechanisms.
And the numbers tell a sobering story. AI-powered phishing attacks have increased by 1,265% in the past year alone. Meanwhile, the average enterprise uses over 130 SaaS applications, creating a vast minefield of attack surfaces that legacy email security solutions weren’t designed to protect.
That’s why we’re excited to announce Sorenson Capital’s investment in StrongestLayer, the first LLM-native email security platform built specifically to combat AI-powered threats.
The Problem: When Yesterday’s Solutions Meet Tomorrow’s Threats
Every CISO we speak with faces the same frustrating reality. Their legacy email gateway deployments are increasingly ineffective against modern spear-phishing campaigns. These platforms may catch obvious threats, such as misspelled domains and known malicious IP addresses, but struggle with the sophisticated, contextually-aware attacks that AI excels at.
The root cause isn’t just technological, it’s architectural. Legacy email security platforms were designed for a simple threat landscape. They rely on signature-based detection and rule sets that can’t adapt to the rapid evolution of AI-generated attacks. When a threat actor uses AI to craft a perfectly written email that references recent company news, mimics executive communication patterns, or includes legitimate-looking links, these legacy platforms lack a framework to distinguish between legitimate and threat emails.
Worse still, these legacy solutions create operational headaches for security teams. Implementation can require lengthy configuration timelines, generating high false positive rates that can frustrate users, while only providing limited visibility into emerging threats. By the time most organizations realize they’ve been compromised, the damage is already done.
The Solution: Fighting AI with AI
StrongestLayer’s technological breakthrough isn’t just about applying AI to email security, it’s about fundamentally rethinking how email threats should be detected and prevented.
While traditional email security platforms rely on known signatures and patterns, StrongestLayer’s platform functions like a team of 1,000 security analysts, evaluating emails with human-level reasoning, significantly reducing the workload for SOC analysts in email triage. This approach enables the system to identify individual, deceptive emails even without known bad signatures, exactly what’s needed to combat AI-generated attacks that are designed to be unique.
“What impressed us most about StrongestLayer is their focus on understanding the true intent behind communications,” said Ken Elefant. “Their AI-native approach delivers state-of-the-art security without requiring the specialized expertise or large security teams that mid-market companies simply don’t have.”
The platform’s proprietary AI architecture was designed for real-time performance at scale, analyzing threats across multiple vectors simultaneously:
- AI Email Security leverages LLM-native detection to analyze the true intent behind every email. By understanding context and behavioral patterns, it stops AI-generated spear phishing and Business Email Compromise (BEC) attacks before they reach your inbox.
- Inbox Advisor acts as your personal cybersecurity guide, providing real-time, contextual alerts and recommendations directly in your inbox. It empowers users to make informed decisions, reducing the risk of falling for phishing scams.
- Human Risk transforms human risk management with AI-driven insights and adaptive education, empowering your workforce to be an active, informed defense against cyber threats
- TRACE’s six LLM-powered engines are your team of expert security researchers that analyze every email. This is done through the Intent, Malware, User Context, Emotions, Behavioral, and Advisory Training engines.
StrongestLayer’s tightly integrated and comprehensive approach enables security teams to detect and stop threats before they become breaches, building a proactive, evolving defense fence.
Eliminating the Implementation Gap
One of the most compelling aspects of StrongestLayer’s approach is how it addresses the implementation challenge that has long plagued email security.
Traditional solutions require enterprises to have extensive technical knowledge and implementation periods of several days to weeks. StrongestLayer’s platform deploys in minutes with minimal configuration, contrasting sharply with existing offerings that can leave organizations vulnerable.
This simplicity doesn’t compromise protection. Early customers across legal, banking, insurance, manufacturing, and technology are already seeing results, including up to 90% reduction in false positives compared to their previous solutions.
The platform’s effectiveness stems from its AI-native architecture, which was built specifically to understand modern threats rather than retrofitting AI capabilities onto legacy detection engines.
The Market Opportunity
The timing could not be better for StrongestLayer’s technology.
Before the rise of AI-driven attacks, email-based threats were responsible for initiating 90% of breaches. In the AI era, email has become not just a persistent attack vector, but the most important category for CISOs to secure. What was once considered important, but largely handled, is now both the most effective mechanism for cybercriminals and the most powerful tool for CISOs to reduce their organization’s attack surface.
As threat volume, sophistication, and automation accelerate, StrongestLayer’s platform delivers the most effective protection where enterprises are most vulnerable — in email. Its API-native architecture removes the operational overhead traditionally associated with enterprise-grade email security, making powerful protection accessible to organizations that previously couldn’t justify the complexity.
Why This Team & Why Now
We’ve known Alan Lefort, StrongestLayer’s CEO, for many years through his tenure at Proofpoint, where he led the email phishing training division. His deep understanding of both the technology and market dynamics positions him uniquely to solve this challenge.
The founding team brings complementary expertise from the trenches of email security. Muhammad Riz brings extensive engineering experience from FireEye and Trellix, where he architected enterprise-grade security platforms. Joshua Bass combines product leadership experience from Google, FireEye, and Proofpoint with a deep technical understanding of email security challenges.
StrongestLayer isn’t a team of outsiders trying to disrupt an industry they don’t understand. These are insiders who lived through the limitations of current solutions and identified an opportunity to build something better.
What’s Next
As AI continues to democratize sophisticated attack capabilities, organizations need security solutions that can evolve at the same pace. StrongestLayer’s approach provides a platform that gets smarter as threats become more sophisticated.
For CISOs still relying on legacy email security platforms, the question isn’t whether you’ll need to upgrade, it’s whether you’ll do so proactively or reactively after a breach. Both answers will be StrongestLayer’s product and platform.
The email security arms race is accelerating, and the defenders finally have a weapon built for the fight ahead.
Download Article
