Around 1.2% of the AI-agent traffic NeuralTrust inspects every day is actively malicious: attempts to extract data, hijack a connected tool, or push an agent past the rules it is supposed to obey. The company inspects millions of those interactions daily, so 1.2% is not a slide in a threat deck, it is a live attack surface being caught and stopped in real time. The Barcelona company just raised €17.2 million on the strength of it, in a round it describes, plausibly, as the largest cybersecurity seed ever raised by an EU company.

The problem NeuralTrust sells against is one most large enterprises have without quite admitting it. AI agents are now breeding inside companies faster than anyone is tracking them. One team builds a customer-service agent on one model, another automates back-office work on a different one, and the enterprise software the company already pays for quietly ships with agents of its own. Each connects to internal systems, calls external tools, and acts with some autonomy. Ask a security team how many agents are running across the organisation and most genuinely cannot tell you, which is a remarkable thing to say about software that can move money, touch customer data, and take actions on its own.

The shape of the product, and the shape of the fear

NeuralTrust’s platform is built in three parts, and the structure maps neatly onto how the fear actually unfolds. A gateway brokers every model and tool call, so there is a single chokepoint through which agent activity has to pass. A runtime engine inspects that traffic live and stops threats as they happen, which is where the 1.2% gets caught. And a posture layer does the unglamorous discovery work of finding every agent in the building, the precondition for governing any of them, because you cannot secure what you cannot count. Co-founder Joan Vendrell frames it in the standard-but-correct way: “AI agents are now part of enterprise operations, but the controls protecting them are still catching up.”

The timing is doing a lot of work, and the data backs the urgency. Gartner reckons 40% of enterprises will quietly decommission AI agents by 2027 because of governance gaps discovered only after something breaks, the kind of statistic that turns a security budget line from optional to mandatory. NeuralTrust’s entire business is being the thing a company installs before that happens rather than after. This sits in the same anxious territory as the bet Geordie is making on agent security: a cluster of European companies has concluded, more or less simultaneously, that the explosion of enterprise AI agents created an attack surface nobody designed for and everybody now has to defend.

The customers are the proof, the platforms are the risk

The round was led by Alstin Capital, with VentureFriends, Seaya, Kibo Ventures and Banc Sabadell joining, plus public money from the European Innovation Council and Spain’s national research agency, the now-familiar mix of venture capital and strategic European public capital backing a piece of critical-infrastructure software. The customer list is the part that should reassure a skeptic, because it is exactly the buyer base a security pitch needs to survive scrutiny: Iberia, Air Europa, Abanca and Banc Sabadell, regulated, conservative institutions that do not adopt a young security vendor on a whim. The company says it doubled its 2025 revenue in a single quarter, which is the demand signal underneath the headline raise.

The bet is that “secure the agents” becomes a permanent budget line as inevitable as “secure the laptops” or “secure the network” before it, a new layer of enterprise security that simply has to exist because the thing it protects is now everywhere. The risk is the one that stalks every neutral security layer: the giant platforms selling enterprises their AI agents in the first place could decide to bundle the safety controls themselves, and a bundled good-enough control often beats a superior standalone one. NeuralTrust’s answer is to be the neutral layer that works across all of them, which is a genuinely defensible place to stand, right up until the day one of those platforms decides it is not. Whether agent security stays an independent category or gets absorbed into the platforms is the open question. For now, a Barcelona company doubled its revenue in a quarter and raised Europe’s biggest security seed to babysit everyone else’s robots, and the 1.2% keeps coming.