Antwerp-based cybersecurity startup XFA has raised a EUR 1.5 million seed round led by ScaleFund and Curiosity, with continued backing from PMV, Seeder Fund and Investee, in a deal that runs against the prevailing logic of endpoint security funding.
Rather than building another device management or agent-based endpoint platform, XFA is scaling a software‑free model that verifies the trustworthiness of every device used for work at login, across platforms, without installing or managing software on the endpoint. In a cybersecurity market dominated by heavy agents, MDM suites and complex roll‑outs, investors are backing a leaner, integration‑first alternative.
A contrarian thesis in endpoint security
The timing and structure of the round underline how unusual this bet is. XFA was founded in 2023 and has secured EUR 1.5 million in seed capital by December 2025, a comparatively rapid raise in a sector where new entrants typically need longer to prove themselves against entrenched vendors.
The company’s core proposition is to identify and verify every device used for work — laptops, tablets, personal machines — without requiring software deployment or device management. Instead of controlling the device, XFA focuses on verifying device trust at the moment of login. That trust signal can then be consumed by identity and compliance stacks.
This runs counter to the dominant endpoint trend of the last decade, where more protection meant more software on the device: EDR agents, MDM profiles, VPN clients and zero‑trust connectors. XFA is effectively arguing that enterprises no longer need to own or fully manage a device to enforce security and compliance, especially in hybrid and BYOD-heavy environments.
Integration-first, not control-first
XFA’s go‑to‑market architecture reinforces that contrarian stance. The platform is built to integrate with compliance and security tools such as Vanta, and it already lists partners like PwC, signalling a strategy anchored in ecosystem hooks rather than a full‑stack land‑grab.
By verifying device trust at login and feeding that information into existing identity and compliance platforms, XFA positions itself as an infrastructure component rather than a monolithic replacement for incumbents. For mid‑market customers in particular, this can reduce deployment friction and avoid the organisational resistance that comes with intrusive device control.
In a mid‑market deal landscape where cybersecurity capital has increasingly concentrated in later‑stage rounds and proven platforms, XFA’s early backing stands out. The EUR 1.5 million ticket is modest in absolute terms, but for a two‑year‑old Belgian startup in a mature category, it is a clear signal that investors see room for a new architectural play.
Experienced backers double down
The round is led by ScaleFund and Curiosity, with PMV and Seeder Fund returning as existing investors. That combination matters in a contrarian deal: ScaleFund and Curiosity bring experience in scaling B2B technology, while the re‑up from PMV and Seeder Fund validates XFA’s early execution.
Investor commentary around the transaction has emphasised two points: a structural shift in how and where people work, and a perceived blind spot in current security stacks around unmanaged and semi‑managed devices. That framing aligns with XFA’s choice to verify rather than manage endpoints, and it helps explain why a relatively young company is attracting capital in a crowded market.
The presence of multiple institutional backers at seed stage also increases XFA’s strategic optionality. With an integration‑centric product and relationships into audit and compliance channels via partners like PwC, the company is well positioned to become an attractive acquisition target for larger identity, compliance or endpoint vendors looking to cover the unmanaged device gap.
Risks and upside in a crowded market
The contrarian nature of XFA’s model comes with clear risks. The endpoint and device security arena is intensely competitive, with established vendors controlling budgets and standards. Winning trust for a non‑intrusive, software‑free approach will require demonstrable efficacy and tight integrations with the tools CISOs already rely on.
There is also the question of category definition. XFA is deliberately stepping outside traditional device management, which can complicate buying decisions and internal ownership. Security, IT and compliance teams will need a clear narrative on how a verification‑only layer complements, rather than replaces, existing controls.
However, the mid‑market focus and integration strategy mitigate some of these challenges. Mid‑sized organisations are under the same regulatory and threat pressures as large enterprises but often lack the capacity to manage complex endpoint stacks. A light‑touch verification layer that plugs into platforms like Vanta offers a pragmatic path to tightening controls on the rapidly growing universe of work devices.
For Belgium’s technology ecosystem, XFA’s seed round underscores that investors are willing to back opinionated, against‑the‑grain plays in mature cybersecurity segments, not just incremental features on established paradigms. If XFA executes, this EUR 1.5 million mid‑market deal could become an early proof point that software‑free endpoint verification has a place alongside — and occasionally instead of — traditional device management.