Startups > Sublime Security

Sublime Security

Sublime Security uses AI agents to autonomously stop email attacks and reduce security team busywork.
Series C $243.8M total Founded 2019 Washington, District of Columbia 203 employees
Sublime Security is an AI-powered email security platform that deploys autonomous agents to detect, triage, and stop targeted email attacks in real time. Built on Message Query Language (MQL), a domain-specific language for email behavior detection, it enables security teams to write and deploy custom defenses without MX record changes across Microsoft 365 or Google Workspace. The platform combines transparency and flexibility with autonomous threat investigation, reducing manual review work by 62% while catching significantly more threats than traditional blackbox solutions.
Problem solved
Security teams spend excessive time manually investigating and triaging email threats while traditional email security misses sophisticated attacks.
Target customer
Enterprise security teams and mid-market companies using Microsoft 365 or Google Workspace who need advanced email threat detection with control and transparency.
Website LinkedIn Crunchbase Twitter / X
Founders
J
Josh Kamdjou
Founder & CEO
13+ years in cybersecurity including 10 years in offensive cyber and red teaming at DoD and private sector; VP of Penetration Testing at Pervade Security; B.Sc. Computer Science from University of Maryland.
I
Ian Thiel
Co-founder
Early product and growth leader at Optimizely managing global go-to-market; ran growth, marketing, and partnerships at Alto; M.Sc. Management from Babson College.
C
Colin Jones
President
Chief Revenue Officer at Wiz, driving growth from $0 to $250M; 10+ years in cybersecurity; prior roles at BigFix and Duo Security.
Funding history
Series A $33.8M April 2024 Led by Index Ventures · Decibel Partners, Slow Ventures
Series B $60M December 2024 Led by IVP · Citi Ventures, Index Ventures, Decibel Partners, Slow Ventures
Series C $150M October 2025 Led by Georgian · Avenir, 01A, Index Ventures, IVP, Citi Ventures, Slow Ventures
Total raised: $243.8M
Industries
Artificial Intelligence (AI) Cyber Security Network Security SaaS Security
Pricing
Core platform self-hosted for free at any scale; first 100 inboxes free in SaaS environment. Enterprise deployments available but pricing not publicly disclosed; product-led growth model.
Notable customers
Spotify, Snowflake, Zscaler, SentinelOne, British Gas, Elastic, US Signal, Brex, Cribl, Snyk
Integrations
Microsoft 365, Google Workspace, API-based deployment (no MX record changes required)
Tech stack
jQuery (JavaScript libraries) core-js (JavaScript libraries) AOS (JavaScript libraries) Tippy.js (JavaScript libraries) Popper Open Graph LottieFiles (CMS) Plausible (Analytics) reCAPTCHA (Security) Google Workspace (Email) jsDelivr (CDN) Unpkg (CDN) Webflow (Page builders)
Website
sublime.security/
Competitors
Proofpoint
Larger legacy vendor with broader security portfolio but less AI-driven autonomous response and less transparent/flexible detection rules.
Mimecast
Established email security provider with strong compliance features but lacks autonomous agent-based investigation and custom Detections-as-Code approach.
Microsoft Defender for Office 365
Native to Microsoft 365 with basic detection but lacks Sublime's specialized AI agents, autonomous triage, and transparent Detection-as-Code paradigm.
Why this matters: Sublime raised $150M in Series C at a $1B+ valuation in October 2025, bringing total funding to $243.8M in less than 18 months—reflecting strong investor confidence in its AI-driven approach to email security. The company has quadrupled its customer base since Series A and demonstrates measurable impact (62% reduction in investigations, 2000+ additional threats detected), positioning it as a category leader in autonomous, transparent email threat detection.
Best for: Enterprise security teams that need to reduce email security investigation workload, detect sophisticated targeted attacks, and maintain transparency and control over detection logic without traditional blackbox constraints.
Use cases
Detecting Advanced Targeted Attacks
Security teams use Sublime's Autonomous Security Analyst to investigate sophisticated phishing and BEC attacks in seconds, freeing analysts from manual triage. For example, Elastic detected over 2,000 additional email attacks in the first month that bypassed their email provider, with investigation workload dropping 62% in the first quarter.
Rapid Defense Deployment Against New Threats
When zero-day email threats emerge, Sublime's Autonomous Detection Engineer (ADÉ) deploys new, tailored defenses within hours using custom MQL rules. Security teams can write, test, and share detections without engineering bottlenecks.
Consolidating Email Security Infrastructure
Organizations simplify their security stack by replacing multiple point solutions with Sublime plus their email provider. US Signal reduced from three tools down to Microsoft 365 plus Sublime, dramatically cutting complexity and tool sprawl.
Alternatives
Proofpoint Choose Proofpoint for broader integrated threat protection across email, cloud, and endpoints if you prefer vendor consolidation over specialized email AI agents.
Mimecast Choose Mimecast if compliance-first features and archiving are critical priorities alongside email security.
Microsoft Defender for Office 365 Choose native Microsoft Defender if you want zero additional integration overhead and are willing to accept standard detection capabilities without autonomous agents or custom rule transparency.
FAQ
What does Sublime Security do? +
Sublime Security is an AI-powered email security platform that deploys autonomous agents to detect, investigate, and stop email threats in real time. It uses Message Query Language (MQL) to enable security teams to write transparent, custom detection rules (Detections-as-Code) without MX record changes, integrating seamlessly with Microsoft 365 or Google Workspace.
How much does Sublime Security cost? +
Sublime's core platform is free to self-host at any scale, and the first 100 inboxes are free in their hosted SaaS environment. Enterprise deployments require custom pricing; contact their sales team for quotes.
What are alternatives to Sublime Security? +
Proofpoint is a larger vendor with broader security capabilities; Mimecast focuses on compliance and archiving alongside threat protection; Microsoft Defender for Office 365 is native to Microsoft 365 but lacks autonomous AI agents and transparent detection logic.
Who uses Sublime Security? +
Enterprise and mid-market companies with sophisticated security teams use Sublime, including Spotify, Snowflake, Zscaler, SentinelOne, British Gas, Elastic, and Brex. Target customers are organizations that need advanced email threat detection with transparency and control over detection rules.
How does Sublime Security compare to Proofpoint? +
Sublime focuses specifically on email security with transparent, customizable AI-driven detection rules (Detections-as-Code) and autonomous agent-based investigation, while Proofpoint is a broader legacy platform offering integrated security across email, cloud, and endpoints. Sublime appeals to teams wanting flexibility and visibility; Proofpoint appeals to organizations seeking vendor consolidation.
Tags
email security AI agents autonomous threat detection Detections-as-Code threat investigation cloud email security zero-trust email