NeuralTrust raises $20M to give enterprise AI agents a trust layer

NeuralTrust, a Barcelona-based AI security startup, closed a $20 million seed round on Wednesday, the largest cybersecurity seed raised by an EU company to date. The round was led by Munich-based Alstin Capital and included several European backers.

The platform NeuralTrust ships today

Most large companies do not know how many AI agents are running on their networks, and they often cannot tell you what each agent is allowed to do. A customer service agent built by one team on one platform, a back-office automation built by another team on a different system, and a vendor's built-in agent shipped with a SaaS subscription can all be live at the same time, each connecting to internal databases, external tools, and APIs in ways the security team never approved. Gartner now predicts that by 2027, 40 percent of enterprises will shut down or scale back their autonomous AI agents because they only find governance problems after something has already gone wrong in production. By 2028, Fortune 500 companies are expected to run more than 150,000 agents each, and only 13 percent say they feel prepared to manage them.

The point of the $20 million is to make sure NeuralTrust's customers are on the prepared side of that 13 percent. The company, founded in 2022 by Joan Vendrell, Victor Garcia, and Alejandro Domingo, sells a platform that sits between an enterprise and every AI agent it operates, much like an API gateway sits between an enterprise and every external service it calls. The platform has three layers. TrustGate is the policy enforcement layer. It manages every model call, every tool call, and every Model Context Protocol request, and it serves as a single control point for all agent traffic. TrustGuard is the runtime security engine. It detects and stops threats on any platform or device, no matter how the agent was built. TrustLens is the posture management layer. It maps every agent in the company and tracks what it does inside and outside the security perimeter.

NeuralTrust says it inspects millions of agent interactions every day and currently sees an attack rate of 1.2 percent. That works out to roughly one in every 80 interactions involving an attempt to extract data, hijack a tool, or break a policy. Vendrell framed the gap in a recent interview with Tech Funding News. "It is different if your ChatGPT gives you a wrong answer, you can live with that. But if you connect AI to your email system and it sends emails to outside addresses, leaking internal information, that is a disaster. The risk grows quickly as soon as customers connect agents and AI to their tools."

Where the agent trust market is heading

The deal lands at a moment when the agent security market is starting to consolidate around a few clear categories. In April 2025, Palo Alto Networks acquired Protect AI, which had raised $60 million in a Series B round in August 2024, for roughly $500 million. That acquisition is the clearest signal so far that the major enterprise security platforms now see AI agent governance as a core feature, not a bolt-on. AppViewX, Beyond Identity, and the Sumsub MCP launch from earlier this week all point to the same conclusion: the agent layer is where the next decade of identity, access, and runtime security work is going to happen.

What NeuralTrust is selling is essentially the same category of product that Tenet Security, the Cisco AI Defense spinout covered in our recent funding story, sells on the runtime side, with a different design. Tenet focuses on the moment an agent decides to act and tries to predict and block a dangerous step before it lands. NeuralTrust focuses on the traffic between the agent and the tools it uses, the same position a Web Application Firewall holds in the web world. Both are correct bets. Most enterprise security teams are going to want both. For buyers, the practical question in 2026 is not whether to deploy an agent trust layer, but which one, and whether to buy the runtime predictor, the traffic gateway, the posture inventory, or all three from a single vendor.

The European angle matters more than it usually does in a seed round. Vendrell told Tech Funding News that several of NeuralTrust's government and banking customers are actively looking for providers headquartered outside the US, driven by the EU AI Act and a broader push for technological sovereignty in regulated industries. "The main competitors come from the US. There are real issues now regarding technological and defence sovereignty in the EU. Some customers, especially governments, are very sensitive about where the technology they buy comes from." That is a real procurement signal, not a marketing line. The EU AI Act is now in its second year of enforcement, and any vendor that touches regulated data in Europe has to be able to show that the trust layer itself is auditable, sovereign, and not subject to a single foreign government's reach. NeuralTrust's customers include Iberia, AirEuropa, Abanca, and Banc Sabadell, and 92 percent of them do more than $1 billion in annual revenue.

The buying checklist for security teams in 2026

The growth numbers are unusual for a seed-stage company in this market. NeuralTrust doubled its 2025 annual recurring revenue in the first quarter of 2026 alone, a number Vendrell shared with Tech Funding News without specifying the absolute base. Alstin Capital, which led the round, also invests in B2B software companies in Europe and the US, and the lead partner has publicly said that the deal is one of the largest seed checks the firm has ever written. For an industry that has spent the last 18 months talking about agent safety, this is one of the first clear signals that the money is starting to flow into vendors that can actually deliver it.

The category is moving fast enough that the practical checklist for security and platform teams is short and getting shorter. The first question to ask is whether the existing endpoint and identity tools can see what the agents in your environment are doing, and the answer in 2026 is almost always no. The second is whether the trust layer you pick can sit at the same place for every agent framework your teams are using, including the open source ones. The third is whether it can produce an audit trail that a regulator would accept, because the EU AI Act and the equivalent rules now landing in the UK, Canada, and several US states are not going to accept "the agent decided" as a compliance answer. The fourth is whether the vendor can keep up with the model side, which means shipping support for new MCP servers, new agent frameworks, and new attack patterns on a cadence measured in weeks, not quarters. NeuralTrust's bet, like Tenet's, is that the next five years of cybersecurity spend will go to vendors that can answer yes to all four.

For more on the agent security stack, our Enterprise AI Governance Checklist walks through the policy and tooling choices that come up first in regulated industries, and our recent piece on the MCP supply chain shows what a weak point in that supply chain looks like in production. The NeuralTrust round is one more piece of evidence that the agent trust layer is becoming a board-level purchase, not a research project.