About Phishaver
We started from a simple question: why do mid-market security teams keep seeing the same spear-phishing campaigns succeed after their gateway vendor claims to have blocked them? The answer was context — or the lack of it.
Built by threat-intelligence specialists who kept watching the same gap appear
Ravi Srinivasan spent six years as a SOC analyst and threat-intelligence lead at an Austin-based managed security service provider before founding Phishaver. The insight came in 2022, when he spent three weeks retrospectively analyzing 47 phishing incidents across client tenants—all of which had bypassed Proofpoint or Mimecast—to find the common thread.
Every successful campaign had crafted its pretext from publicly available LinkedIn profile data about the specific recipient. The attacker knew the recipient’s job title, their manager’s name, the company’s current vendor relationships, and the kinds of financial or operational requests that would appear routine given those facts. None of that context was visible to a rule-based email gateway.
Ravi co-founded Phishaver with Leila Okonkwo, who had spent four years building behavioral email threat models for a leading email security company, and Dmitri Volkov, who had done his PhD on email campaign attribution and spent five years on enterprise threat research. Their first prototype pulled 60 days of Gmail metadata for 12 client mailboxes and ran a GPT-4-based intent classifier on flagged inbound messages. In a 30-day pilot, it caught 4 spear-phishing attempts that rule-based gateways had missed, with zero false positives.
Phishaver today is a production-grade LLM inspection layer built on top of Google Workspace and Microsoft 365 APIs, focused on the mid-market segment where security teams are too small to run full managed email security but large enough to face sophisticated spear-phishing exposure.
Our Mission
Give mid-market security teams the contextual email intelligence that enterprise SOCs take for granted.
Phishaver is an LLM-powered email threat detection layer built specifically for companies with 200–2,500 employees running Google Workspace or Microsoft 365 as their primary communication platform. Most of these teams have one to four dedicated security staff. They don’t have an in-house email threat-intelligence analyst. And they can’t afford the incident costs that come from the 8–14% of spear-phishing emails that slip past rule-based gateways every year.
We built Phishaver to close that gap — not by replacing Proofpoint or Mimecast, but by adding the one layer those tools don’t have: contextual coherence scoring based on each employee’s actual communication history and the public OSINT context surrounding the sender.
The Problem We Solve
Rule-based gateways solved the wrong problem.
In 2022, Ravi Srinivasan spent three weeks retrospectively analyzing 47 phishing incidents across mid-market client tenants at an Austin-based MSSP. Every single one had bypassed Proofpoint or Mimecast. The common thread: each campaign had built its pretext from publicly available LinkedIn data about the specific recipient — their job title, recent employer, name of their direct manager. Rule-based engines had no mechanism to model that kind of contextual targeting.
The vendors had solved the known-bad-indicator problem. URLs, attachment hashes, domain reputation — those signals are well-covered. What remained unsolved was the contextual-coherence question: does this specific email make sense given what this specific person does, who they communicate with, and what their inbox normally looks like? That’s the problem Phishaver addresses.
What we believe about email security.
-
Context over indicators — A phishing email with no malicious URLs and a clean sender domain is invisible to indicator-based detection. Phishaver scores the message against the recipient’s specific communication history, not against a shared threat feed.
-
Analyst time is the constraint — Mid-market security teams have one to four staff covering a broad attack surface. Every Phishaver alert includes a plain-English evidence summary so analysts can assess and decide without re-reading the raw email thread.
-
No black-box scores — show your work — When Phishaver flags a message, it tells you exactly which signals fired: the graph anomaly that triggered, the OSINT indicators that matched, the intent patterns the LLM identified. An analyst should never have to trust a number they can’t audit.
-
False positives destroy trust faster than false negatives — A security tool that cries wolf stops getting taken seriously. We calibrate Phishaver for precision over recall, because the real cost of a false positive is an analyst who starts dismissing alerts without reading them.
-
Meet security teams where they already work — Phishaver alerts route to Splunk, PagerDuty, and the SOC dashboard your team already uses. We don’t require a new workflow or a new tool category — we slot into the detection pipeline you already have.
Phishaver is in early access with mid-market IT and security teams
Phishaver is in early access, working directly with a small number of mid-market IT and security teams to validate the product before broader rollout. If your team runs Google Workspace or Microsoft 365 and wants to know what your gateway is missing, we’d like to talk.
Our current focus is the 200–2,500 employee segment in the US, where organizations face real spear-phishing exposure from sophisticated campaigns but do not have the in-house analyst depth to run a full managed email security engagement. These teams have typically deployed Proofpoint or Mimecast for commodity threat blocking and need a behavioral detection layer that covers the campaigns those tools miss.
We are at the seed stage and selectively onboarding early customers where we can work hands-on through the initial baseline and deployment. Our goal in this phase is to validate detection accuracy and operational fit before scaling the customer base. We are not running a broad sales motion at this stage—each onboarding is treated as a design partnership, with direct access to the founding team through the initial pilot.