How Trustmi uses AI to make sure every dollar goes where it should

For cybercriminals looking for a quick payday, ransomware used to be the go-to. But as organizations have improved their backup and recovery processes and become better coordinated with law enforcement, it has become harder to get paid.

Although this sounds positive, the reality is that it has motivated many attackers to shift from targeting software to targeting people who move money. Business email compromise (BEC), vendor fraud, and socially engineered payment scams have surged over the past few years, powered by increasingly sophisticated AI tools.

Attackers exploit human psychology and play on human instincts, often impersonating authority figures to bypass security measures, steal data, or redirect funds. In perhaps the most publicized example of this kind of scam, the British engineering firm Arup lost $25M after an employee joined a video call populated by AI-generated deepfakes of the company’s executives.

“The easiest route is going after the people that have access to the funds,” says Shai Gabay, the cofounder and CEO of payment security company Trustmi. “That’s what changed the game.”

Gabay’s perspective is that the issue goes beyond phishing or email security. The problem is how enterprise payments are made. “It’s a very complex process,” he says. “It’s kind of low tech…relying on a lot of manual controls and processes. So there are a lot of loopholes that cybercriminals can attack.”

Trustmi, an AI-powered payment security platform, was built to close those loopholes, protecting B2B payments before money leaves the organization. It connects to the systems involved in the payment lifecycle — enterprise resource planning (ERP) platforms, procurement systems, invoices, emails, banking workflows — and correlates activity across the entire chain to verify each payment.

Marrying safety with ROI

Trustmi’s founders came to the problem after years in cybersecurity. Gabay began hacking at 13 and spent eight years working in cybersecurity for the Israeli military before moving into a defensive role as a bank CISO, working closely on fraud prevention and financial security.

During that time, he repeatedly saw corporate customers lose money through payment fraud schemes and was inspired to build a solution. Although he had spent years working with startups, he wanted to gain firsthand operational experience before running his own, so he decided to spend several years in the high-growth security startup ecosystem.

“I went to three different cybersecurity [startups] to learn how to build my own company. After six years…I knew what I needed to do.”

It was during this period, while working at cybersecurity startup Cynet in 2018, that he met Trustmi Cofounder and CTO Eli Ben Nun. They were both frustrated with the broader cybersecurity industry, which seemed to rely on fearmongering, rather than measurable business outcomes.

From the beginning, the founders saw payments as a broader operational problem that spans fraud prevention, payment accuracy, and workflow automation.

“I was really passionate about doing something…impactful,” Gabay recalls. “It’s very hard to justify business ROI in cybersecurity, and most of the narrative of the sales is about fear and insurance…I wanted to be able to build something that can show you real savings, real ROI, quantified and measurable results.”

$1B in fraud prevented and $5B in mistakes caught

Before building the product, Gabay and Ben Nun spent months validating the problem with finance leaders, interviewing 150 CFOs across the United States. Trustmi was founded in Tel Aviv in 2021 and raised a $4M seed round. A $17M Series A followed in 2023, coinciding with the company’s official global launch from New York.

The company has expanded rapidly, now protecting more than $240B in payments annually. Its customers are large enterprises across manufacturing, pharmaceuticals, hospitality, and insurance, including Fortune 500 companies such as Takeda, Colgate-Palmolive, Mohawk, and monday.com. Trustmi says it has prevented more than $1B in fraud and $5B in payment mistakes, like duplicate invoices and human error.

Those operational savings reflect the company’s long-term goal. While Trustmi started with payment fraud prevention, the company increasingly sees itself as an intelligence and automation layer for enterprise payments more broadly.

“We started with the clear pain of payment security,” says Gabay. “But…there is a lot of opportunity [to] also improve efficiency, automation, and payment mistakes…and provide much more value to our customers.”

Where most security tools stop, Trustmi starts

Most security tools only cover fragments of the payment process. Email security products, for instance, can catch malicious links or attachments, while finance systems manage transactions and approvals. Attackers exploit the gaps between these systems.

“It’s a classic people/process/technology problem,” says Gabay. “A lot of technology, [but] no one connecting the dots.” That’s why Trustmi is designed to insert directly into existing payment workflows, so finance teams can use it without overhauling their operations. “No one’s going to change the way they do business, even for security,” Gabay explains.

“We help organizations make sure their payment goes to the right place, at the right time, [for] the right amount.”

Trustmi acts as an intelligence layer across the payment process, analyzing activity during payment cycles and assigning each transaction a risk score in real time.

“We become their copilot,” says Gabay. The company categorizes risk as green, yellow, or red. “Green [says], go ahead and pay it. Yellow, suspicious payment. And red, that’s a planned payment fraud, and we’re going to block it.”

The new face of payment fraud prevention

The rise of generative AI is accelerating the scale and sophistication of deepfakes and impersonation in payment fraud, says Gabay. At the same time, businesses are increasingly incorporating AI into workflows, experimenting with autonomous Agents and systems for processes like procurement, invoicing, and approvals. That scenario requires a new set of security systems capable of operating at machine speed.

Trustmi’s mission is to shift from a payment fraud platform into the trust layer for increasingly autonomous financial operations. “[The aim is] not only to be able to help organizations do what they do today. We also envision what the future is going to look like, and we’re building for that as well.”

That scenario requires a new set of security systems capable of operating at machine speed. “In four or five years from now, AI is going to do everything,” predicts Gabay. “We won’t see payment as someone sending you an invoice. It will be Agent [to] Agent, speaking by themselves.” We’ll see far more AI used in attacks, he says, requiring a defense system built on AI in kind. “You’re thinking that you know who you’re speaking with. You’re thinking that this invoice is legit, and you are relying on things that you cannot verify anymore.”

*Editor’s note: Insight Partners has invested in Trustmi.