Cimento AI Raises $3M Pre - Seed to Turn Human Error Into a Security Layer

Cimento AI just raised $3M in pre-seed funding to attack one of cybersecurity’s oldest and most expensive problems: people. The Salt Lake City-based startup emerged from stealth with backing from Bowery Capital, Indie.vc, and angels tied to Cloudflare, Palo Alto Networks, Nvidia, Cursor, and Okta. Cimento AI was founded by Zain Rizavi and Eric Liu, and the company is building an AI-native human risk management platform designed to continuously measure how employees behave under attack across email, SMS, voice, and collaboration channels. The platform combines phishing simulations, adaptive security training, and behavioral risk scoring into a single operational layer for enterprise security teams.

The timing matters because AI-generated phishing attacks are getting cheaper, faster, and disturbingly believable. Security awareness programs built around annual compliance videos now look like handing a smoke detector to a wildfire. Investors are starting to recognize that the next cybersecurity arms race may revolve less around infrastructure and more around human behavior.

What Happened

Cimento AI announced a $3M pre-seed round co-led by Bowery Capital and Indie.vc, with participation from operators and angels connected to Cloudflare, Palo Alto Networks, Nvidia, Cursor, and Okta. The company emerged publicly alongside the financing announcement, positioning itself inside the growing human risk management category, a market sitting at the intersection of cybersecurity, behavioral analytics, enterprise AI, and workforce security infrastructure.

Zain Rizavi, Co-founder and CEO of Cimento AI, previously worked in venture investing and cybersecurity infrastructure, while Eric Liu serves as Co-founder and CPO. The broader founding team includes engineers and operators with backgrounds spanning cloud infrastructure, enterprise security, and AI systems. Cimento AI’s core thesis is brutally simple: attackers adapted faster than employee training programs did.

That gap became painfully obvious once generative AI entered the phishing economy. Writing believable scam emails used to require effort, context, and at least one person capable of sounding vaguely human. Now large language models can generate realistic impersonation attempts at industrial scale, cheaply and instantly, while corporate security training failed to evolve at the same pace.

Why This Matters

Cybersecurity spent years obsessing over networks, endpoints, cloud workloads, and identity infrastructure while quietly accepting one uncomfortable reality: employees remained the easiest way into a company. That’s why phishing still works, not because employees are unintelligent, but because modern communication environments are engineered for speed, distraction, urgency, and constant context switching. Slack messages blur into email threads, calendar invites arrive nonstop, and AI-generated communication now mirrors executive tone with alarming accuracy. The modern attack surface looks less like a firewall diagram and more like a corporate group chat.

Cimento AI is betting enterprises finally want systems that continuously measure and influence employee risk behavior instead of simply documenting compliance completion rates for auditors. Traditional awareness platforms often treat security education like mandatory HR paperwork where employees complete the module, pass the quiz, and move on, while attackers operate dynamically by adapting tactics based on human psychology, organizational structure, and timing. Cimento AI’s platform attempts to close that gap using adaptive simulations and behavior-driven scoring models that evolve alongside user behavior.

The interesting part is not the phishing simulation market itself because that category already exists. The real shift is the movement from “security awareness” toward “human risk infrastructure,” which creates an entirely different framing, budget category, and long-term market opportunity.

Market Context

Human risk management has become one of cybersecurity’s fastest-growing strategic categories as enterprises confront the downstream effects of AI-assisted social engineering. Generative AI changed the economics of deception because attackers no longer need polished English skills, deep reconnaissance capabilities, or sophisticated social engineering experience to launch convincing phishing campaigns. AI systems can now mimic communication styles, summarize company structures, generate urgency, and personalize attacks at scale, creating a brutal asymmetry where defenders still rely heavily on periodic training sessions while attackers iterate continuously.

Cimento AI enters a competitive landscape that already includes established security awareness vendors, phishing simulation providers, and emerging behavioral security startups, but the company’s positioning reflects a broader industry shift underway across enterprise cybersecurity. Security teams increasingly want measurable human risk telemetry integrated directly into security operations rather than disconnected compliance workflows. Platforms capable of connecting behavioral signals with operational security systems may become strategically important far beyond awareness training.

The market is slowly acknowledging a reality security practitioners already understood privately for years: the employee is no longer merely a compliance variable. The employee is part of the live security perimeter.

What This Signals

The investor list surrounding Cimento AI says as much about the market as the funding amount itself. Early support from operators tied to Cloudflare, Okta, Palo Alto Networks, Cursor, and Nvidia signals growing institutional belief that AI-native security products will reshape workforce protection over the next several years. The raise also reflects a broader venture trend emerging across cybersecurity infrastructure as investors increasingly favor startups addressing operational bottlenecks created by AI acceleration itself.

AI creates productivity gains, but it also creates new attack vectors, impersonation risks, and entirely new forms of organizational vulnerability. Cimento AI sits directly inside that transition. The company is not trying to eliminate human behavior from security systems; it is trying to operationalize it. That distinction matters because enterprise security historically struggled to quantify behavioral risk with the same rigor applied to networks, endpoints, or cloud assets, but the tooling is finally catching up.

The Bigger Industry Shift

Security awareness used to live inside the compliance department, but human risk management is moving directly into core security operations. That migration changes how budgets get allocated, how platforms integrate into enterprise infrastructure, and how CISOs evaluate workforce security altogether. Cimento AI is entering the market at a moment when AI-generated attacks are accelerating faster than traditional enterprise defenses can comfortably absorb, forcing organizations to rethink whether static awareness programs are enough.

Probably not. Because the uncomfortable truth behind modern cybersecurity is painfully simple: sophisticated infrastructure means very little when somebody in accounting still clicks the wrong link at 4:52 PM on a Friday.

Frequently Asked Questions

What is Cimento AI?

Cimento AI is a Salt Lake City-based cybersecurity startup building an AI-native human risk management platform focused on phishing simulations, behavioral analysis, and adaptive employee security training.

How much funding did Cimento AI raise?

Cimento AI raised $3M in pre-seed funding.

Who invested in Cimento AI?

The round was co-led by Bowery Capital and Indie.vc, with participation from angels tied to Cloudflare, Palo Alto Networks, Nvidia, Cursor, and Okta.

Who founded Cimento AI?

Cimento AI was founded by Zain Rizavi and Eric Liu.

What does Cimento AI’s platform do?

The platform continuously measures employee risk behavior across communication channels including email, SMS, voice, and collaboration tools while delivering adaptive security training.

Why does Cimento AI matter in cybersecurity?

Cimento AI reflects the growing shift from static security awareness programs toward continuous human risk management as AI-generated phishing attacks become more sophisticated and scalable.