Ex-Meta trust and safety leader builds AI scam defense startup, warns 'all phishing becomes spear phishing'

Summary

Jeremy Philip spent 12 years at Meta in trust and safety before leaving last year to start Charlemagne Labs, a B2B security startup built around a single premise: in an AI-powered world, all phishing becomes spear phishing.

The company's product, Agent Charlie, runs on-device using small language models to monitor employee devices for phishing and social engineering attacks in real time. The on-device architecture is a deliberate constraint — small language models keep latency low enough for real-time detection, even if their capabilities are narrower than cloud-based alternatives. Philip says real-time audio analysis via SLM is still a stretch, but the models are improving fast enough that he sees it as a near-term target.

“The core premise is that in an AI-powered world, all phishing becomes spear phishing. You're not going to get a Nigerian prince email much anymore. You're going to get an extremely realistic, utterly compelling request from your boss or your manager or your friends, and it's going to be catastrophic in consequences. My vision is that every employee of every company would have a watchdog.”

The threat model

The core argument is that AI tooling has handed attackers the same capabilities enterprises are deploying for sales automation and productivity. A threat actor can now generate hyper-personalized, contextually convincing messages at scale — the Nigerian prince email is being replaced by a message that looks and reads exactly like one from your manager. Philip frames this not as incremental improvement but as a category change: social engineering attacks that once required skilled human operators can now be industrialized.

Philip points to a recent attack on Axios as an example — a fake Microsoft Teams call that appeared legitimate until it prompted the target to install a fraudulent update. He argues these attacks succeed not because targets are careless, but because the attacks are designed to exploit universal human vulnerabilities that training alone cannot fix. The response has to be machine-to-machine.

Research arm and Meta's eval work

Charlemagne Labs has a research arm alongside its commercial product, and Philip says the team worked with Meta on its cybersecurity evaluation suite. The methodology uses an "LLM as judge" framework: one model role-plays as an attacker, another as a victim, and a third evaluates whether the attack is succeeding. Comparing different models in the attacker role is how they measure capability uplift — essentially, how much better AI makes adversarial social engineering.

Philip says he's encouraged that Meta's security research has moved beyond infrastructure and code vulnerabilities into the social engineering space, which he views as understudied relative to its risk.

Company status

Charlemagne Labs has raised a seed round from three investors: Kevin Carter of Knight Capital, Chris Howard of Ritual Capital, and Rafael Corrales of Background Capital — who collectively have backed more than 30 unicorns from idea stage. The company is currently in stealth, working with design partners on SLM capabilities, though the real-time phishing defense product is already available for self-serve sign-up on the company's website.

Philip is explicit about the go-to-market constraint: consumer security is a hard sell because people don't improve their security posture until after they've been attacked. The B2B SaaS route sidesteps that problem. His aspiration for a consumer product — giving it away free to AARP cardholders to address elder financial abuse — is real, but he sees no viable path to marketing it directly to individuals.