Email remains the primary attack vector for enterprise compromise. xorlab AG, an ETH Zurich spin-off founded in 2015, builds its defense on behavioral AI rather than signature-based detection. The platform analyzes organizational communication patterns at scale, processing millions of emails to identify anomalies that signal phishing, business email compromise, and ransomware attempts - threats that bypass traditional filters because they've never been seen before.
The company positions itself as a European alternative to American email security providers, serving enterprises and research institutions across the continent. A Series A round of over CHF 6.1 million backs the operation. The current deployment protects over 18,000 users. The team runs lean - approximately 30 security professionals - working across AI, machine learning, and email infrastructure domains.
Technical work centers on building models that learn from legitimate communication flows rather than cataloguing known bad patterns. The core challenge is reducing false positives while catching zero-hour threats in real time, which demands continuous model refinement against the actual communication graph of each protected organization. For engineers, the stack involves behavioral modeling at scale on live production email traffic.