Cleafy raises €12M to stop bank fraud before it starts

You are currently viewing Cleafy raises €12M to stop bank fraud before it starts <span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix=""></span> <span class="bsf-rt-display-time" reading_time="2"></span> <span class="bsf-rt-display-postfix" postfix="min read"></span></span><!-- .bsf-rt-reading-time -->

The Milan cybersecurity firm’s Series B bets that predictive defence, not reactive detection, is how banks survive the AI fraud wave

For more than a decade, Cleafy has been telling banks that waiting for fraud to happen before responding to it is a losing strategy. The Milan-based cybersecurity firm has now raised €12 million in a Series B round, bringing total funding to €22 million, to prove the point at scale.

The round is co-led by United Ventures and Germany’s eCAPITAL, both returning investors. The capital will go towards accelerating Cleafy’s predictive security capabilities, expanding global threat intelligence, and deepening its footprint in banking markets across Europe and Latin America.

Founded in 2014 by Matteo Bogana, Niccolò Pastore, and Carmine Giangregorio, all alumni of Milan’s Politecnico, Cleafy was built around a specific frustration: conventional fraud tools operate in silos, analysing isolated transactions against static rules. By the time a bank’s fraud team gets an alert, the money is often already gone.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Cleafy’s platform takes a different approach. It ingests signals from web, mobile, back-end, and network channels simultaneously, combining them with real-time threat intelligence to reconstruct how attacks form and travel across a bank’s infrastructure.

The goal is to identify malicious intent, the attacker’s tools, methods, and infrastructure, days or weeks before any transaction is flagged.

The company says it now protects more than 250 million users across over 150 financial institutions, including ING, Illimity, and BPS Suisse. It claims zero customer churn across its history, which Bogana has used as the centrepiece of its pitch to investors.

“While fraudsters weaponize AI to scale attacks at machine speed, European banks are fighting back with outdated, reactive tools,” Bogana said. “We built Cleafy to change this equation fundamentally, reconstructing how attacks form and stopping them weeks before they can cause damage.”

This round also marks the expansion of Cleafy’s scope. A new product line called Cleafy for Workforce extends the platform’s logic inward, detecting insider threats and compromised accounts within corporate environments, not just attacks arriving from outside.

The timing is deliberate. Two major pieces of European regulation, the Digital Operational Resilience Act (DORA) and the updated Network and Information Security directive (NIS2), are raising the floor on what financial institutions must demonstrate in terms of cyber resilience.

Cleafy is positioning its platform as the infrastructure on which compliance is built, not just an add-on to existing tools.

Backed by 85-plus international patents, Cleafy’s engine combines real-time data streams with AI-driven threat analysis across a team of more than 90 people spread across Milan, London, Barcelona, and Bogotá.

The question for this next phase is whether the platform’s core insight, that fraud is best stopped at the infrastructure layer, not the transaction layer, can travel as readily to Latin America as it has within Europe.

Tags: , ,

Leave a Reply