Relationship-aware inbox firewall that stops AI-crafted vendor and payroll scams before finance teams move money.

1. AI now automates spear-phishing research and personalization, which means finance teams can no longer rely on crude language tells to spot fraud in high-stakes inbox workflows.
2. The category is shifting from static filtering toward autonomous investigation grounded in sender, infrastructure, and business context, which directly supports a trust-graph product for high-risk requests.
3. Email remains the most common breach entry path, so CISOs and controllers can justify budget for a product that prevents costly payment fraud before downstream systems are touched.
4. Fortune 500 and large-mailbox deployments show the market already trusts AI-native email defense in production, reducing category-creation risk for a workflow-specific entrant.

Catalyst. Ocean's launch shows that AI-native phishing defense has become a real enterprise category precisely because attackers now personalize at scale and buyers increasingly value autonomous investigation grounded in business context.

The product sits inside Microsoft 365 or Google Workspace shared inboxes used by AP and payroll, where it builds a living graph of approved vendors, historical request patterns, normal approvers, known bank accounts, and trusted communication paths. When an email asks for a bank-detail update, urgent payment, or payroll reroute, it does not just score the message for phishing; it checks whether the business relationship behind the request looks legitimate and freezes action if key context is novel or mismatched. The user gets an investigation summary, specific anomaly reasons, and a guided out-of-band verification workflow such as verified callback or ERP cross-check before funds can move. Security teams gain a post-delivery response layer for the scams that bypass filters, while finance teams keep working inside the inbox tools they already use.

What's different. Most email-security products optimize for detection at the gateway, while AP automation tools assume the inbox is already trustworthy. This company wins in the gap between those layers by understanding the actual vendor relationship and financial workflow behind a request, then gating action when the context does not match prior reality. Over time, the moat becomes a proprietary graph of verified business relationships, anomaly patterns, and resolution outcomes tied to expensive fraud moments rather than generic spam labels.

Jobs to be done

flowchart LR
  Buyer[Controller and CISO] --> Pain[AI-crafted payment and payroll scams]
  Pain --> Product[Relationship-aware inbox firewall]
  Product --> Outcome[Blocked fraud and faster verified approvals]

Executive takeaways

• AI-crafted BEC keeps getting better at looking legitimate, but finance teams still execute the risky moment manually inside shared inboxes.
• The market gap is not another broad email filter; it is workflow-specific action control that remembers trusted vendor, approver, and bank-change patterns before money moves.
• Broad email-security vendors already own security budgets and Trustpair-like vendors own payment validation budgets, so the startup must land as a low-friction bridge between those layers.
• The beachhead is large enough for a meaningful business, but adoption depends on proving low false positives and audit-grade evidence, not just better detection scores.

Market definition

This opportunity sits at the intersection of cloud email security, BEC response, and AP fraud controls: software that watches shared finance inboxes, evaluates whether a request matches an established business relationship, and blocks or slows execution when the sender, approval path, or bank detail looks novel.

Customer and buyer

Primary users are AP leads, payroll operations, and security analysts working inside Microsoft 365 or Google Workspace shared mailboxes. The economic buyer is usually a controller or CFO delegate, while the CISO or security director is the technical sponsor because the problem is simultaneously fraud, email security, and control compliance.

Buying triggers

• A recent or near-miss BEC incident involving bank-detail changes, urgent wires, or executive impersonation creates immediate budget urgency. [4][5][6]
• Security teams drowning in reported-email queues become more willing to buy automation that turns user reports into organization-wide protection. [11][28][38]
• SOX, audit, or insurer scrutiny around manual vendor-master and payment-change controls pushes controllers toward auditable workflow enforcement. [7][60]

Willingness to pay

Comparable cloud-office security already prices in the low single-digit dollars per user per month, while FBI-reported BEC losses sit in the billions annually; that makes a five-figure annual control layer credible if it clearly reduces fraud exposure and audit burden. [5][6][37]

Category dynamics

Growth signal 21.3% CAGR

Validation signals

• Ocean claims live enterprise production scale with hundreds of thousands of protected mailboxes and more than one billion emails processed monthly.
• Adjacent cloud-office security products already publish low-single-digit per-user pricing, proving budget exists for inbox-adjacent controls.
• AP automation remains a fast-growing category, suggesting finance teams are already buying workflow software rather than rejecting change outright.
• Trustpair’s positioning around AP fraud, payment validation, and bank-account verification confirms that finance leaders will pay to reduce change-request fraud risk.

Regulatory & technical constraints

• Microsoft shared mailboxes support only up to 25 concurrent users before reliability can degrade, so complex finance teams may need careful segmentation.
• Delegate permissions such as Full Access and Send As must be configured correctly, or mailbox visibility and action controls will be incomplete.
• Google delegated Gmail access is limited to same-organization delegates and has practical concurrency constraints, which shapes how Google deployments should be designed.
• SOX-oriented buyers will expect auditable evidence around vendor master data, payment controls, and exception handling rather than opaque black-box verdicts.

Competition is split across three layers. Broad email-security vendors such as Abnormal, Material, IRONSCALES, and Mimecast try to detect or remediate suspicious emails at scale. Finance-fraud vendors such as Trustpair validate bank accounts and payment files later in the process. The proposed startup wins only if it becomes the relationship-aware action gate in between: close enough to the inbox to understand social engineering, but close enough to AP workflow to stop risky changes before they are executed.

Why incumbents do not win by default

• Broad email security platforms. They baseline behavior and stop BEC broadly, but they are optimized for message detection and remediation rather than finance-specific approval logic or bank-change gating.
• Cloud-office security platforms. They secure email, files, and accounts across Microsoft 365 and Google Workspace, but their center of gravity is posture and incident response, not AP workflow memory.
• Payment validation vendors. They validate payees and bank data well, but they usually engage after the request enters treasury or ERP flow rather than at the first social-engineered email touchpoint.
• Native Microsoft and Google controls. Delegation, mailbox permissions, and mail rules exist, but they are admin primitives rather than opinionated workflow controls for vendor and payroll fraud.
• AP automation suites. They streamline invoice handling and approvals, but they generally assume the inbox request entering the workflow is already trustworthy.

This company should start as a relationship-aware action-control layer for AP shared inboxes, not as another broad email-security suite. The first customer is a U.S.-based 700-2,000 employee multi-entity software, professional services, or healthcare-services company that processes more than 150 monthly vendor bank-change or urgent payment requests through a Microsoft 365 shared inbox. The buying trigger is usually a recent vendor-spoofing near miss, cyber-insurance renewal, or audit finding that exposes weak controls around emailed payment changes. Research supports a focused but credible beachhead with an estimated $467.3M TAM, $183.8M SAM, and a modeled $3.6M year-3 SOM if the company can reach about 120 customers at roughly $30k ACV. The product should deploy into one shared inbox first, build a trust graph from vendor, approver, and bank-detail history, and require documented out-of-band verification only for novel or mismatched requests. The deliberate tradeoff is to win the moment before money moves faster than gateway vendors or AP suites, even if that means deferring broad employee inbox protection and full AP automation. The biggest disconfirming risks are that controllers will not tolerate the added workflow friction or that incumbents already solve enough of the problem through bundled email-security and payment-validation features. Exact acceptable false-positive thresholds and real-world monthly request volume per target inbox are not pinned down in the inputs, so the plan must validate those assumptions early.

Problem

• AP and payroll teams still make high-risk decisions from shared inboxes where one convincing email can trigger a bank-detail change, urgent wire, or payroll reroute.
• Secure email gateways and AP systems cover parts of the flow, but neither owns the exact moment when finance staff decide whether an emailed request is safe to execute.
• Manual callback checklists create control theater unless they are triggered consistently under deadline pressure and preserved as audit evidence.

Solution

• Insert a control layer into Microsoft 365 or Google Workspace shared inboxes that builds a trust graph of approved vendors, historic approvers, known bank accounts, and normal request patterns.
• When a message requests a bank-detail update, urgent payment, or payroll reroute, gate the action only if the sender, workflow, or requested outcome is novel, then guide the user through verified callback or ERP cross-check before release.
• Produce explainable anomaly reasons and an auditable verification record so controllers, CISOs, and auditors can review why a request was held or cleared.

Why we win

• The wedge is narrower than broad email security and maps directly to the expensive fraud moment where buyer pain, budget urgency, and measurable ROI are clearest.
• A verified cross-request trust graph tied to vendor history, approver behavior, and resolution outcomes is harder to copy than another phishing classifier because it improves with each reviewed high-risk workflow.
• The product complements existing gateways and AP tools instead of trying to replace them, which lowers deployment friction and fits how controllers already buy controls.

Milestones

flowchart LR
  Wedge[AP shared inbox wedge] --> MVP[Trust graph and action gating MVP]
  MVP --> Proof[Blocked fraud and audit evidence]
  Proof --> Expansion[More inboxes integrations and workflows]

Founding team

Experiment roadmap

Risk assessment

What must be true

• At least half of qualified target accounts must treat AP shared-inbox fraud control as a funded problem after a near miss, insurer review, or audit trigger.
• A Microsoft 365-first deployment must deliver useful trust-graph decisions in under 30 days without heavy services work.
• Controllers must tolerate a gated workflow if unnecessary holds stay below about 10% of covered legitimate requests.
• One AP inbox wedge must convert to at least $30k annual ACV before customers demand a broader email-security platform replacement.
• Broad email-security and payment-validation incumbents must fail to offer enough finance-specific action gating in live evaluations.

Open diligence questions

• How many high-risk bank-change, urgent-wire, and payroll-reroute requests hit a target AP inbox each month in practice?
• Which buyer signs first in real deals after a near miss or audit finding: controller, treasury lead, or CISO?
• What false-positive rate and added approval latency will finance teams accept before they bypass the product?
• Which integration matters most in the first production deployment: ERP vendor master, bank-account validation, or identity-based approver mapping?
• In side-by-side evaluations, where do Abnormal, Material, Ocean, and Trustpair still fail the finance workflow?

Model sanity

• Revenue engine. Base-case revenue is driven by growing from 15 to 96 paying customers at a $45K blended ACV, not by assuming outsized services or one-time fees.
• Must go right. Pilot-to-production conversion needs to stay at or above the business-plan 50% target so the Y2-to-Y3 logo ramp actually materializes.
• Model breaks if. If sales cycles stretch to 120 days or gross margin drops toward 65%, cash turns negative before the model reaches Q4Y3 breakeven.
• Next-round proof. A credible seed story comes from 15+ production customers, two active partners, sub-30-day deployment, and visible progress toward monthly EBITDA breakeven.

Scenarios

Sensitivity

flowchart LR
  TargetAccounts --> QualifiedPilots
  QualifiedPilots --> PayingCustomers
  PayingCustomers --> Revenue
  Revenue --> GrossProfit
  GrossProfit --> Cash

Flags: Base case exits Y3 at 96 customers, below the business-plan SOM case of roughly 120 logos. · More than half of Y3 net adds arrive in the back half of the year, so any conversion slip compresses cash quickly. · The 70% gross-margin target assumes bank-validation and ERP evidence integrations stay partner-led rather than services-heavy. · The company reaches monthly EBITDA breakeven only in Q4Y3, so it still needs disciplined hiring and likely a seed round before aggressive expansion.

• Incumbent bundling. Gateway vendors or ERP suites could add lighter-weight workflow checks and use distribution to slow adoption. Mitigation: Focus on post-delivery action control, verified relationship memory, and cross-inbox workflow coverage that neither gateway nor ERP systems own well.
• Finance workflow friction. If verification steps add too much latency, AP teams may bypass the product during quarter-end or urgent payment windows. Mitigation: Start with only the highest-risk request types, keep normal flows untouched, and prove lower fraud loss with minimal added approval time.
• Sparse early training data. New customers may not have enough labeled fraud history for accurate relationship and anomaly modeling on day one. Mitigation: Seed the model with deterministic vendor, bank-account, and approval-path checks, then learn from verification outcomes and analyst feedback over time.