Achieving the Sublime in Email Security: Announcing Our $20M Series A Investment

It used to be easy to spot a phishing email. Littered with poor grammar, awkward syntax, and dubious sender details, the average internet user could quickly identify and clear spam from their inbox and move on to “real” emails worthy of their attention.

However, the email security landscape is changing. Now, attackers can input the same email into ChatGPT or Gemini, create sophisticated phishing campaigns that are almost indistinguishable from trustworthy emails, and launch them at an unprecedented scale.

In 2023, according to the FBI’s Internet Crime Report, Business Email Compromise (BEC) accounted for nearly $3 billion in losses. The strength of email — its universal reach and essential role in business communications — makes it a prime target for the most advanced cyber attacks. The barrier to running a phishing campaign is alarmingly low, with open-source tools and malicious AI chatbots at every attacker’s disposal. 75% of cyber attacks start with email, and the types of attacks used by bad actors have evolved beyond malicious links and attachments to include callback scams, QR code phishing, internal systems impersonation, extortion, vendor email compromise, and more.

Index has a long history of investing in this sector, beginning with our Series B in Mimecast back in 2010. Over the years, we’ve watched the threat landscape evolve and security tools struggle to keep pace. Historically, email security has been dominated by secure email gateways whose main focus is detecting spam emails. The next generation of email security tools employed a “black box” approach, where methods for filtering and classifying emails aren’t transparent to users. In today’s rapidly evolving world of email attacks, customers find themselves relying on vendors’ customer support to triage attacks, with no visibility as to why an email went through in the first place. The result is a vendor-detection bottleneck with companies lacking insights or resources to prevent future attacks.

Enter Sublime: an AI-powered cloud email security platform. As the industry’s first open, configurable, and community-led solution, it’s innovating with a bottom-up, security practitioner-led approach.

• Open: Anyone can immediately set up Sublime for free in their own environment. It provides complete visibility on detection logic, allowing practitioners to tweak as necessary. Sublime also provides a free, public, unauthenticated Analyzer for suspicious emails.
• Configurable: Organizations can decide which rules to run, and to modify those rules to suit their unique organizational needs.
• Community-led: Sublime is pioneering a community-driven collaboration model in security. As customers explore new attack techniques, they can share their detections with other community members, combining their collective resources and expertise to combat the common enemy. One of Sublime's core strengths lies in its community model, which offers the most up-to-date detection feed as the community grows.

Kevin Mahaffey, the founder of Lookout, an Index portfolio company, introduced us to Sublime’s founders, Josh Kamdjou and Ian Thiel, a few years ago. We were immediately struck by their passion, authenticity, and fearless approach to challenging the status quo. Josh grew up in Rockville, Maryland, as a second-generation American raised by parents who had escaped the Iranian revolution. He spent 10 years at the U.S. Department of Defense, where he engaged in various offensive cyber initiatives, including red teaming in the private sector. Phishing was always the fastest way for him to gain access to a network. One of his goals in starting Sublime was to build a product he couldn’t bypass.

Ian, whose parents served in the U.S. military, was born in West Germany just before the fall of the Berlin Wall. Early in his career, he ascended through various product and growth roles at companies like Optimizely and Alto Pharmacy. As an advisor to early-stage founders, Josh was the first entrepreneur he met who seemed truly committed to solving a problem versus obsessing over the solution. Ian was impressed by Josh's commitment and drawn in by his infectious vision. They decided to join forces, combining deep technical expertise with operational excellence, and together they built Sublime.

Today, Sublime is used by some of the largest enterprises in the world. Thanks to a unique product-led motion, all of its customers have come as inbound leads, discovering the product via content or word of mouth. Now, the company is on a mission to redefine email security by bringing detection engineering to email, a strategy reminiscent of the way CrowdStrike transformed the EDR market. With this in mind, we introduced the Sublime team to Dmitri Alperovitch, co-founder and former CTO of CrowdStrike. Given his beginnings in email security, Dmitri felt a profound connection with Josh and Ian’s vision and product strategy. His decision to invest in the company and join the board is a powerful endorsement of Sublime’s promising future.

We’re thrilled to be backing Josh, Ian, and the whole Sublime team, alongside our friends Decibel Partners, Kevin Mahaffey, Andrew Peterson, and many others, as they build the future of email security.