Fraud prevention and cybersecurity startup: Cleafy from the garage to Latin America
- Marc Griffith
- Mar 24
- 4 min read
Summary Cleafy went from a garage in 2014 to over 100 employees, with offices in Milan, London, Barcelona, and Bogotá; it raised €12 million and is targeting Latin America, leveraging agent-based fraud protection technologies and its experience in transaction monitoring for banks. Key takeaways
|
Fraud prevention and cybersecurity startup: Cleafy was born in 2014 and turned a technical problem on web pages into a solution sellable to banks. From a garage and a team of five, the company expanded its international footprint to today count about one hundred employees.
Fraud prevention and cybersecurity startup: origin and first deployment
The genesis is concrete: in 2014 two young people presented to an employee the need to bypass a security problem, which then kicked off the entrepreneurial idea. Matteo Bogana recalls that the first prototypes were built in Nicolò Pastore's garage during Christmas holidays, and that the seed-round investment enabled the first deployment at one of the country’s five largest banks.
Identifying an ongoing attack and blocking it in the field was the factor that allowed Cleafy to build credibility with major banks.
Fraud prevention and cybersecurity startup: technology, transaction monitoring, and PSD2
Cleafy developed a technology focused on detecting attacks on web pages before frauds materialize, solving a problem that had been deemed unsolvable. The initial approach then evolved with the entry into force of PSD2: the new regulation pushed banks to rethink their programs and increase investments in cybersecurity, opening a direct channel for solutions like theirs.
Techniques and positioning
The core is transaction monitoring combined with tools capable of detecting anomalies on the application layer of web pages. The technical strategy has prioritized attack prevention and visibility into the techniques used by attackers, elements that have created a strong competitive edge over reactive solutions.
PSD2 and the digitization of banking services have increased demand for proactive fraud solutions.
Fraud prevention and cybersecurity startup: go-to-market, growth and internationalization
The combination of an initial success story with a large bank and the time invested in finding the right commercial driver allowed Cleafy to scale and open offices in Milan, London, Barcelona, and Bogotá. Go-to-market in fintech was challenging: startups and banks often don't mix easily, so success came from product-customer alignment and concrete deployments that demonstrated field effectiveness.
Funding and recent numbers
Two weeks ago the company closed a €12 million round, funds that will finance commercial expansion and the development of new solutions. This capital comes after years of organic growth that grew the team from 5 to around 100 people.
The investment aims to support entry into markets such as Latin America, considered attractive for size and similarities to the North American market.
AI, agent-based solutions and product roadmap
In recent months, Cleafy has experimented with AI and launched an anti-fraud agent-based system designed to optimize the management of fraud teams. The goal is to achieve higher levels of automation to respond symmetrically to rising attack volumes and to improve the operational performance of clients' internal teams.
Events and technical visibility
Regular attendance at conferences like the RSA Conference in San Francisco helps test technologies and gather direct feedback from the global market. These events also serve to evaluate technology partnerships and position themselves with respect to emerging trends in cybersecurity.
Discussion: strengths, limits and strategic scenarios
For a founder, it's crucial to assess how to balance technological development, go-to-market and regulatory compliance when scaling in fintech. On the strengths side, Cleafy shows several key assets: a proven product-market fit based on real-world cases with major institutions, technology focused on the application layer that intercepts often overlooked attacks, and the ability to turn an operational incident (stopping a prolonged attack) into a commercial lever. However, there are also limits and risks that every startup in the sector should consider. First, regulatory pressure and compliance requirements in finance can raise implementation and certification costs; second, the difference between markets (EU vs Latin America) requires operational and service adaptations — you can't simply transfer the business model without localization. Third, competitiveness in cybersecurity is growing rapidly: AI-based solutions attract both large vendors and specialized startups, making technical differentiation and intellectual property strategic assets. Finally, trust is central: entering banks means proving reliability at scale and over the long term, with SLAs, integrations, and proper governance. To mitigate these risks, recommended operating strategies include rapid validation with a few key customers, targeted investments in automation to control operational costs, and local partnerships to accelerate entry into markets with different regulations and usage patterns. The trade-offs between rapid growth and operational solidity must be managed with clear metrics (time to deployment, actual detection rate, false positives) and proven product-market fit roadmaps in verticals.
Next steps and takeaways for founders
If you're building a deep-tech startup in fintech or cybersecurity, first focus on deployments that demonstrate your operational effectiveness, then scale with strategic partners in the banking sector. Cleafy shows how a solid technical core, repeatable success cases, and positioning in regulated markets can transform a small company into a global provider.
In short, Cleafy has leveraged a real technical problem to build a sellable product, capitalized on regulatory changes and external scenarios like the pandemic, and now aims to expand with agent-based technologies and AI.
