CYBRET AI is raising money to remove humans from the cyber defence loop – not to assist them. That is a deliberate break from the market’s current obsession with “AI copilots” and human‑in‑the‑loop security operations.
The Nordic cybersecurity start-up has secured undisclosed pre-seed equity funding from a group of regional and pan-European investors including Skyfall Ventures, Inception Fund, Visionaries Club, Wave Ventures and FR8, alongside backing from the a16z Scout programme. The rounds, completed in November and December 2025, position CYBRET AI as one of the few early-stage European players explicitly committed to fully autonomous cyber response rather than augmented SOC tooling.
A contrarian bet in a human-centric market
While most security vendors are packaging AI as an assistant for analysts, CYBRET AI is building autonomous systems that detect and respond to threats at machine speed. Its technology is designed to challenge human-driven security operations centres (SOCs), which are increasingly mismatched to the scale, speed and complexity of modern attacks.
The company describes itself as an autonomous security research and development laboratory operating at the intersection of AI, threat research and security operations. The goal is not another managed detection and response (MDR) layer, but a redefinition of MDR itself: shifting from human-led triage to self-directing systems that can identify, prioritise and contain attacks without waiting for analyst decisions.
In a market where buyers still expect a named analyst on the other end of the phone, that is a clear against‑trend stance. It raises familiar concerns around over‑automation, false positives and loss of human oversight – but also addresses a structural issue: there simply are not enough skilled cybersecurity professionals to staff traditional SOC models, particularly in the European mid-market.
Why investors are leaning into full autonomy
The investor line-up matters here. Skyfall Ventures, Wave Ventures and Inception Fund have all built track records backing Nordic deep tech plays at pre-seed. Visionaries Club brings a network of European B2B operators and buyers, while FR8’s participation and the a16z Scout cheque add signalling power beyond the region.
Backing an autonomy-first approach at this stage suggests investors are prepared to front‑run, rather than follow, enterprise comfort levels with AI taking direct control of security actions. The logic is straightforward:
- Attack velocity is outpacing human response. Ransomware and automated exploitation campaigns now move faster than human ticketing and escalation workflows. Machine-speed threats require machine-speed countermeasures.
- Talent scarcity is structural. European mid-market organisations cannot hire their way out of the skills gap. Human‑heavy MDR models do not scale economically for EUR 10–500m revenue businesses.
- Nordic talent is a defensible asset. CYBRET AI operates a distributed team across Finland, Sweden and Norway, tapping into regional strengths in security research, software engineering and AI. For a company positioned as a security R&D lab as much as a product firm, this concentration of specialist talent is a core part of the investment case.
In this context, the absence of a disclosed round size is less critical than the quality of the cap table. For an early-stage cyber business, alignment with deep tech and B2B specialists can matter more than headline valuation.
Strategic implications for Europe’s mid-market
For European mid-market enterprises, CYBRET AI’s model points to a different future for outsourced security. Instead of paying for access to shared human SOC capacity, buyers would effectively subscribe to continuously evolving autonomous defence systems.
If CYBRET AI executes, that has three clear implications:
- Cost structure shift: Autonomous response could compress the marginal cost of protecting additional endpoints or business units, making robust defence more accessible to smaller organisations.
- Vendor landscape shake-up: Traditional MDR providers built on large analyst teams face margin pressure if autonomy-first models prove both safe and effective. The Nordic mid-market could become an early proving ground for this transition.
- Regulatory and trust hurdles: Handing containment decisions to AI systems will attract scrutiny from regulators, insurers and boards. CYBRET AI will need rigorous auditability, fail-safes and clear accountability frameworks to win enterprise-grade mandates.
Risks and what to watch
The strategy is not without material risk. Enterprise security teams are conservative for good reason, and any high-profile failure of an autonomous system – whether through missed detection or overzealous shutdowns – would slow adoption.
However, the direction of travel in attack sophistication and labour economics favours more, not less, automation. CYBRET AI’s bet is that the market will move faster than incumbent MDR providers are structurally able to adapt, and that a focused Nordic R&D hub can set the pace.
For now, the company remains an early-stage, privately held player led by founder Adrian De Gendt. The real test will be how quickly it can turn its lab positioning into referenceable deployments across the European mid-market. In backing this autonomy-first thesis at pre-seed, Nordic investors are signalling they expect that shift to come sooner rather than later.