Investing In Anti-Phishing Startups
The Art of the Phish: A Comedic Primer and Investment Strategy for Fighting Phishing in 2025
In this week’s video from Gula Tech Adventures, we dive into one of cybersecurity’s oldest and most persistent threats: phishing. But before diving into the serious business of how attackers deceive users and how startups are working to stop them, we start with a laugh—our animated short, The Art of the Phish. This comedy skit showcases an employee trying (and failing) to train coworkers on phishing threats like whaling, spear phishing, smishing, vishing, and watering hole attacks—with hilarious misunderstandings along the way.
While the video brings levity to the topic, the second half of this episode gets serious. Ron Gula breaks down the investment landscape for phishing prevention and analyzes the current market, emerging opportunities, and where innovation is truly making an impact. Here's the full breakdown.
🎣 Why Phishing Still Matters in 2025
Despite years of progress in endpoint detection, browser isolation, and cloud security, phishing remains one of the top ways attackers compromise users. From business email compromise (BEC) to smishing campaigns impersonating Netflix or FedEx, phishing attacks continue to evolve.
Why is phishing still so effective? Because it targets the human layer—exploiting trust, urgency, and curiosity more effectively than almost any malware or exploit. And with generative AI making it easier than ever to craft convincing messages, the phishing landscape is only growing more dangerous.
📧 Email Phishing: Still the Biggest Target
Major providers like Microsoft, Google, and Proofpoint dominate the email filtering market. Yet, there’s still plenty of room for innovation—especially for startups focusing on SMBs and managed service providers (MSPs). One standout investment in this space is INKY.
INKY uses AI to detect phishing attempts by embedding real-time banners into emails across both thick and web-based clients. This not only improves detection but also turns each phishing attempt into a training opportunity. When users report suspicious messages, it counts as cybersecurity awareness training. It’s a seamless, effective model that improves security without burdening users.
🔍 Beyond Email: The Browser as the New Battleground
Phishing doesn’t just arrive via email. Attackers also use fake websites, malicious ads, and text messages with malicious links. That’s where Pixm comes in—a browser plugin that uses AI to scan rendered websites for phishing patterns.
Pixm flags impersonation sites in real time and logs threats, screenshots, and telemetry to your SIEM. It even works on Safari for iPhones, bringing phishing defense to the mobile realm where users are increasingly targeted.
The value of browser-level detection became clear during a live test: a Baltimore-based bowling alley website had unknowingly been compromised with JavaScript malware. While a traditional antivirus might miss this, Pixm and Trinity Cyber (more on them below) flagged it immediately.
🧠 Smishing, Vishing, and Deepfakes
The rise of mobile-first attacks means defenders must look beyond email. Smishing (SMS phishing) is rising due to the ease of sending mass messages cheaply. While carriers are hesitant to block texts—even known scams—companies like Cape (an MVNO focused on mobile security) are using AI to block malicious texts and prevent SIM swapping.
Then there's vishing—voice phishing and video-based deception. Deepfake audio and video are becoming viable attack vectors. Startups have pitched tools to detect video fakes and impersonation attempts using AI, but as of now, Ron Gula notes that these tools face real deployment and privacy hurdles. For most organizations, strong two-factor authentication and secure meeting tools remain the best defense.
🧑💼 Spear Phishing and Whaling
When attackers go after specific individuals, such as employees with access to sensitive systems or C-suite executives, it’s called spear phishing or whaling. While awareness training helps, we’re seeing exciting innovations around deception technology.
Some startups are creating fake LinkedIn profiles, email accounts, and social personas to detect attacker interest. Others offer executive protection tools that monitor breach databases for personal emails or create segmented out-of-band communications networks—building on Gula Tech’s previous work with crypto-gapped systems and enclave-style architectures.
🧪 When Phishing Leads to Exploits
Not all phishing ends with a user entering a password. In some cases, phishing leads to exploitation—malware hosted on a trusted site or served via malicious ads. This is where full content inspection becomes critical.
Trinity Cyber, another Gula Tech investment, operates a VPN-based inspection system that removes malicious content from web traffic before it reaches the user’s machine. Ron demonstrates how Trinity removed malware (Sign1 JavaScript) from a legitimate Baltimore website, while Conceal, another investment, flagged the same attack through browser inspection.
These two tools together—Trinity inspecting traffic in the tunnel, Conceal inspecting content in the browser—create a powerful layered defense model.
📈 Market Trends and Investment Strategy
Here’s how Gula Tech Adventures approaches phishing investments:
Effectiveness and Efficiency: Tools must not only block attacks but do so affordably. INKY excels here by combining detection and training.
Layered Defense: Pixm and Trinity each operate at different levels of the attack chain—together, they provide defense in depth.
User Coverage: Corporate tools like Proofpoint miss personal email and browser activity. Tools that work on personal devices (Pixm, Cape) expand coverage.
Enterprise Flexibility: Conceal’s plugin-based architecture allows secure browsing without needing to replace the browser or desktop, ideal for contractors and BYOD scenarios.
Real-World Proof: Case studies and live threat detection (e.g., Mustang Alley malware) demonstrate real-world impact.
🧠 Final Thoughts: AI, Automation, and the Future
Generative AI makes phishing more dangerous by enabling the creation of highly personalized attacks at scale. But it also gives defenders tools to fight back—automated logo detection, AI-based impersonation alerts, smart filtering, and more.
As Ron Gula notes, phishing will only get more sophisticated. Defending against it requires multiple lines of defense—secure communications, email filtering, browser plugins, full content inspection, and user training.
Whether you're a security leader, investor, or entrepreneur, now’s the time to think creatively about defending users from the next wave of phishing. If you’re building something in this space—or want to get feedback from an experienced investor—reach out to Gula Tech Adventures.