Insider Insight: Who Guards the AI Guards?
Company Spotlight: Gray Swan

Welcome back to The Trident Radar!

This week the money followed the machines. Gray Swan raised $40 million to stop AI models misbehaving and counts OpenAI, Anthropic, and Meta as customers. Snowflake bought Natoma to govern how AI agents touch enterprise systems. RevEng.ai pulled in $15 million from the NATO Innovation Fund to let AI read binaries. Even quantum had a moment, with Terra Quantum heading to public markets via a $3.5 billion reverse merger.

The pattern is clear: as AI moves from pilot projects to production infrastructure, the security layer around it is becoming a real market. Securing the models, governing the agents, and verifying the code they touch are no longer research problems. They're line items in enterprise budgets.

Let's dive in!!

Here's a number that says a lot about where we sit in the market: Over 15% of our placements this year were founding go-to-market hires.

That's founding account executives, founding sales leaders, founding channel heads. The first commercial hire a cybersecurity startup makes after the founders themselves.

It's the highest-stakes hire on the early-stage org chart, and it's the one founders agonise over most. Here's why.

Until you hire your founding AE, the founder is the salesperson. They close the first ten customers on conviction, relationships, and the sheer force of caring more than anyone else ever will. That doesn't scale, and it doesn't prove anything. A founder can always sell their own vision. The question every investor is really asking is: can anyone else sell it?

The founding AE answers that question. They're the experiment that tests whether the sales motion is repeatable, or whether the company is just a charismatic founder with a deck. Get it right and you've got the first data point in a scalable GTM engine, the playbook the next ten reps will run. Get it wrong and you've burned twelve to eighteen months of runway, a meaningful slice of the Series A, and the confidence of a board that's now watching the next hire very closely.

So when an early-stage founder hands that search to us, it isn't a transaction. It's trust at the riskiest moment in the company's life. And the signal we pay closest attention to is the founder who comes back for the second founding hire, and the third. When the first bet pays off, they don't shop around.

This is also why specialist beats generalist at the early stage. A founding cyber AE isn't just someone who can sell. They need to speak the language of CISOs, understand a technical product deeply enough to earn credibility in the first meeting, and operate with almost no marketing support, no brand recognition, and no inbound. That's a narrow profile. You don't find it by spraying a generic sales-hire net. You find it by knowing the cybersecurity GTM community well enough to know who's ready to bet on a Series A and who only looks good at a company with a tailwind behind them.

If you're a founder making your first GTM hire, weight the search accordingly. It matters more than your next three hires combined. And if you're a commercial operator wondering whether to join something early, the founding seat is where careers get made provided you pick a rocket, not a runway-burner.

Gray Swan
Series A, $40M (Wing Venture Capital, Madrona Venture Group)
Developer of an AI security platform that automatically assesses how AI models and agents can behave in unintended ways, then provides the protection to prevent it. Capabilities include automated jailbreak detection, runtime protection, and adversarial red-teaming. Embedded in the pre-release safety processes of frontier labs including OpenAI, Anthropic, and Meta. Born from Carnegie Mellon's AI safety research. Other investors: Snowflake Ventures, Hudson River Trading, Samsung NEXT, Obvious Ventures.

Category: AI Security / Model Safety
HQ: Pittsburgh, PA

Lastwall
Venture Funding, $16M (Business Development Bank of Canada)
Developer of a public key infrastructure-based identity platform that sits between an organisation's users and their cloud applications, offering low-attack-surface authentication. Funds will be used to bring its US-proven platform home to protect Canada's critical infrastructure. Other investors: 18 West, Blue Bear Capital, BlueWing Ventures, Frostbite Capital.

Category: Identity / Authentication
HQ: Honolulu, HI

MokN
Series A, $15M (GV)
Developer of a SaaS deception platform that captures stolen credentials and detects phishing attacks early using realistic decoy portals. Recovers compromised identities before misuse and generates actionable threat intelligence. Funds will strengthen its US presence and develop its phish-back solution. Other investors: Datadog, OVNI Capital, Moonfire.

Category: Deception / Identity Threat Detection
HQ: Paris, France

RevEng.ai
Series A, $15M (NATO Innovation Fund)
Developer of an AI framework that analyses binary computer programs to help organisations understand their software supply chain. Identifies the components of closed-source binaries and generates vector embeddings, enabling AI tooling that inherently understands compiled code. Funds will support deployment as demand grows from enterprise and defence. Other investors: Sands Capital, IQ Capital, Episode 1 Ventures, In-Q-Tel.

Category: Supply Chain Security / Binary Analysis
HQ: London, United Kingdom

Quantum Cyber
PIPE, $15M
Publicly listed company (NAS: QUCY) building a platform at the intersection of quantum computing and cybersecurity, aimed at securing critical infrastructure and data against emerging quantum threats. Capital will fund R&D, a commercialisation team, and a strategic acquisition pipeline.

Category: Quantum Security
HQ: West Palm Beach, FL

Sempre
Convertible Debt, $10M
Provider of a hardened, decentralised digital infrastructure platform protecting national security and critical operations. Offers air-gapped control, decentralised cellular connectivity, hybrid edge cloud processing, satellite gateways, and tamper detection for defence, energy, healthcare, and emergency response.

Category: Resilient Infrastructure / National Security
HQ: Colorado Springs, CO

Orbik
Early Stage VC, €2M (~$2.3M) (IKERLAN, Mondragon, Basque Tek Ventures)
Provider of cybersecurity evaluation and assessment services for manufacturers of capital goods with electronic equipment. Specialises in security verification, validation testing, and security management to meet safety, reliability, and cybersecurity requirements.

Category: OT Security / Product Testing
HQ: Gipuzkoa, Spain

Nvisionx
Venture Funding, $1.58M
Developer of a data risk intelligence platform that fuses business data and cyber intel analytics. Provides enterprise data inventory and classification through visual analytics, enabling businesses to reduce risk, shrink compliance scope, and defensibly purge data with no business value.

Category: Data Security Posture / Governance
HQ: Santa Monica, CA

Voxmind
Pre-Seed, £552K (~$700K) (Ascension Ventures)
Developer of an AI-powered voice authentication system offering language-agnostic, text-independent voice biometrics with claimed 99.8% accuracy across mobile, web, and IoT. Funds will go toward optimising edge deployment.

Category: Voice Biometrics / Identity Verification
HQ: London, United Kingdom

Natoma → Acquired by Snowflake (NYS: SNOW)
Deal Type: Merger / Acquisition
Deal Date: May 27, 2026
Deal Size: Undisclosed

Developer of an enterprise Model Context Protocol (MCP) platform that securely connects AI agents to enterprise systems through a single governed layer. Offers centralised MCP server management, role-based tool profiles, identity-aware access policies, and full audit trails. Snowflake will use it to establish a native governance and identity layer for AI agents, extending its trust perimeter from data to AI-driven actions. Announced the same day Snowflake beat Q1 earnings and committed $6B to AWS.

Government Acquisitions → Acquired by Computacenter (LON: CCC)
Deal Type: Merger / Acquisition
Deal Date: May 28, 2026
Deal Size: ~$92M (estimated)

Provider of IT services to the US federal government, including big data analytics, threat-prevention cybersecurity, cloud, and network modernisation. Gives Computacenter access to the US federal market. Consideration includes up to $29M in performance-based payments through end of 2027.

RevEng.ai's defence backing is worth pausing on, the NATO Innovation Fund and In-Q-Tel (the CIA's strategic investor) both participating in the same round is a strong signal of where Western governments see supply chain risk heading.

Terra Quantum → Reverse Merger with Mountain Lake Acquisition II (NAS: MLAA)
Deal Type: Reverse Merger
Deal Date: May 26, 2026
Deal Size: ~$3.5B

Swiss developer of hybrid quantum algorithms heading to public markets via SPAC. Not a pure-play security company, but a notable signal of capital flowing into quantum, the technology that will eventually break, and rebuild, modern cryptography.

A quieter week for shutdowns, but the shakeout continues:

GuardHash - Blockchain-based security platform for data protection and authentication. Formerly VC-backed. (Berkeley, CA)

P2PVideo.Chat - Secure video calling and data exchange platform. (Mari El, Russia)

wGuard - Website monitoring and IT technical consulting. (Mora, Portugal)

Two of this week's biggest stories were about the same problem from opposite ends. Gray Swan raised $40 million to stop AI models from behaving badly. Snowflake bought Natoma to control what AI agents are allowed to do once they're loose inside an enterprise. Together they map the shape of an entirely new security discipline.

For years, "AI security" meant using AI to do security, better detection, faster triage, smarter alerts. That's last week's story. This week's story is the inverse: securing the AI itself. And it splits into two distinct problems that are spawning two distinct hiring markets.

The first is model security. Can the model be jailbroken? Will it leak training data? Can a cleverly worded prompt make it ignore its guardrails and do something it shouldn't? This is Gray Swan's world… red-teaming, adversarial testing, runtime guardrails. It's a deeply technical discipline that didn't exist as a job five years ago and now has frontier labs and Fortune 500s competing for the same tiny pool of people who understand it.

The second is agent governance. Once an AI agent can take actions, query your database, send an email, move money, touch your CRM, the question stops being "is the model safe?" and becomes "what is this agent allowed to do, who approved it, and can we see what it did?" That's Natoma's world, and Snowflake just paid for it. The phrase that keeps recurring in these announcements is telling: agents don't just need access to data, they need context, permissions, and policy guardrails to operate safely. That's identity and access management, rebuilt for software that acts on its own.

Here's why this matters for anyone hiring or building a career in security. A new layer of the stack is forming in real time, and the talent to staff it barely exists yet. Companies are looking for people who sit at the intersection of security, machine learning, and identity, and almost nobody has all three on their CV, because the combination wasn't a job until recently.

The candidates who'll command the biggest premiums over the next two years are the ones who can credibly speak to all three. The AppSec engineer who's learned how transformers actually work. The IAM specialist who understands what an MCP server is and why agent permissions are different from human ones. The ML engineer who can think like an attacker. If you're in security and looking for where the leverage is, this intersection is it.

And if you're a founder in this space, the hiring is going to be brutal. The people you need are being courted by the frontier labs themselves. Move early, pay up, and be honest that you're hiring for a category that's still being invented. The upside is that the operators who plant their flag here now will define the playbook everyone else copies.

The machines are getting their own security industry. The humans who understand both sides are about to become very, very valuable.

Website - grayswan.ai

When the company securing OpenAI, Anthropic, and Meta's models raises $40 million, it tells you AI security has graduated from research curiosity to enterprise infrastructure.

The Founders

Matt Fredrikson (CEO), Zico Kolter (Chief Scientist), and Andy Zou founded Gray Swan, spun out of Carnegie Mellon's AI safety research. Fredrikson and Kolter are CMU computer science faculty who spent over a decade studying how AI systems fail under adversarial conditions, publishing some of the most-cited research on jailbreaks and adversarial machine learning. Kolter also sits on OpenAI's board. As they put it, they were publishing the research that proved these threats were inevitable before the industry had a name for them.

The Thesis

AI is moving faster than any technology before it, and security hasn't kept pace. Models can be jailbroken, manipulated through prompt injection, and coaxed into leaking data or taking unintended actions. As AI moved from research tools to enterprise infrastructure, and now to autonomous agents that take actions on your behalf, the gap between what the research uncovered and what was commercially available to address it became dangerous. Gray Swan was built to close that gap.

The Product

Gray Swan runs a three-part ecosystem. Cygnal provides real-time protection, monitoring and filtering AI interactions as they happen. Shade handles automated adversarial testing, systematically attacking models to surface vulnerabilities before they reach production. And Arena is the world's largest AI red-teaming network, a continuous global competition where more than 15,000 researchers attack frontier models to uncover weaknesses. Arena generates over a million real-world attack trajectories, which train the models powering Cygnal and Shade, keeping defences current with the bleeding edge of AI research.

The Funding Journey

Gray Swan raised roughly $5.5 million in seed capital (led by Pillar VC) before this round. The $40 million Series A was co-led by Wing Venture Capital and Madrona, with participation from Obvious Ventures, Snowflake Ventures, Hudson River Trading, Samsung NEXT, and existing investor Magarac Venture Partners. The raise coincided with a technology partnership with Snowflake, bringing frontier-lab-grade security to the platform where enterprises already build on their data.

The Traction

Over 20 global enterprises as customers. Embedded in the pre-release safety evaluation processes of OpenAI, Anthropic, Meta and named in their published system cards. AI safety is increasingly a procurement requirement in enterprises and a regulatory one in jurisdictions including the EU, which gives Gray Swan a structural tailwind.

The Takeaway

This is what category creation looks like. The founders did the academic work that defined adversarial ML, then built the commercial products to defend against the very failures they discovered. When the frontier labs themselves, the most sophisticated AI buyers on earth, embed your product in their safety process, every enterprise CISO eventually applies the same bar. Gray Swan already sets it. The open question is whether AI security stays a standalone category or gets absorbed into the cloud platforms; the Snowflake partnership suggests the lines are already blurring.

Ready to make your next move? These roles won't stay open long.

One prediction per month.

May 2026 Prediction: Torq will acquire at least one more company before the end of 2026.

The Logic: They just raised $140M at a $1.2B valuation and immediately spent ~$70M on Jit. That leaves significant capital for continued M&A. The AI SOC space is fragmenting across detection, investigation, response, and context. Torq is clearly building a platform through acquisition. Likely targets: a threat intelligence company for enrichment, or a cloud security posture tool to expand their context graph.

Confidence: Medium-High

Prediction Tracker

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

Email: [email protected]
All sources protected. We verify before we publish.