Herd Security raises $3m seed round for AI-powered security training

Herd Security, a San Francisco-based startup that applies generative AI to corporate security-awareness training, has closed a $3 million funding round backed by Aspiron Ventures alongside Team Ignite, ForwardSlash VC, Forum Ventures, Rightside Capital and YPO. The company, founded in 2025, says it will use the capital to expand its product into new training categories spanning HR and AI risk, improve AI-powered video generation, and grow its partner ecosystem.

The platform is positioned by the company as a replacement for the periodic, one-size-fits-all compliance training that currently dominates enterprise security awareness. Rather than issuing annual eLearning modules, Herd allows security and GRC teams to generate micro-training content — in text, video, image, or conversational-AI formats — by prompting the system with organisational context, active-threat data and existing policy documents. The resulting modules can be delivered through tools employees already use, such as Slack, Microsoft Teams and corporate LMS platforms.

"Threats evolve daily and organisations aren't equipping security professionals with the tools to turn what they know into relevant programmes," said Brandon Min, chief executive and co-founder of Herd Security. "Herd removes this barrier so teams can continuously put their knowledge into action without added resources."

Market context

The security-awareness training market is a crowded but largely stagnant category. Established vendors such as KnowBe4, Proofpoint Security Awareness and Mimecast have long dominated on volume; their propositions are built around phishing simulations and annual compliance modules. A wave of AI-native challengers is now targeting the perceived gap between cadence and threat velocity — arguing that once-a-year campaigns are structurally inadequate in an era of AI-generated spear-phishing and deepfake voice attacks.

Gartner projects that by 2028, 40 per cent of social-engineering attacks will target executives and the wider workforce, which the report frames as a broadening of the human-risk surface. Separately, the SANS Institute has noted that shifting employee security behaviour can take three to five years, and shaping an organisation-wide security culture up to a decade. That gap between threat speed and culture change is the core commercial thesis Herd is selling to investors and buyers.

Competitive positioning and regulatory tailwinds

The timing is not incidental. Under NIS2, which came into force across EU member states in late 2024, organisations in critical sectors are obliged to implement regular, demonstrable security-awareness measures — a requirement that is difficult to satisfy with an annual compliance checkbox. UK firms operating under the Cyber Essentials Plus framework face similar expectations around staff training. Continuous, auditable microtraining programmes are a natural fit for both standards, and that compliance pull gives vendors like Herd a procurement hook beyond security effectiveness alone.

Aspiron Ventures partner Oliver Legg cited the company's position as a finalist in the Okta Startup Challenge as an early market signal. Customer OneBrief's director of corporate IT and security, Stefany Pratt, said the platform had enabled her team to replace "long, static lectures with short, timely microtrainings that fit directly into employee workflows." The reference is notable at seed stage, though Herd has not disclosed the number of paying customers or any ARR figures.

At $3 million, the round is a pre-Series A raise; Herd will need to demonstrate repeatable enterprise sales motion and measurable outcomes — reduced phishing click-through rates, improved audit scores — before a meaningful growth round becomes available. The AI-generated training content market is attracting regulatory scrutiny of its own: as AI Act provisions on general-purpose AI systems phase in, platforms that generate workforce-facing content at scale may face obligations around transparency and accuracy that the sector has not yet had to navigate.