He hacked his first network at thirteen. He now spends his days making sure your accounts payable department doesn't wire two million dollars to a stranger.
There is a version of the cybersecurity founder story that goes: firewall, breach, headline, IPO. Shai Gabay's is a different one. His origin story starts inside a bank, where he watched real wire transfers go to the wrong people, and the person who got fired was the junior clerk who pressed send.
Gabay runs Trustmi, a company he started in 2021 with Eli Ben-Nun after leaving a run of executive jobs across Israeli cyber. The pitch is narrow and, if you have ever worked in a finance department, immediately recognizable: business-to-business payments are secured mostly by bank account validations, a few emails, and the assumption that the vendor asking to update their routing number is the vendor who used to have that routing number. This is a bad assumption. Trustmi uses behavioral AI to correlate the vendor, the invoice, the amount, the process, the timing, and the person clicking approve, and it flags the parts that look wrong before the money leaves.
The company says it now monitors around $185 billion in transactions and has prevented roughly $5 billion in errors and fraud. Its customers include Deloitte, Colgate-Palmolive and Chipotle. In July 2023 it closed a $17 million Series A led by Cyberstarts and Oren Zeev, taking its total funding to $25 million. The company is headquartered in New York, engineered largely from Tel Aviv, and staffed by about 64 people.
Over the years I have been exposed to many fraud events involving millions of dollars where I had to deal with real-time hacks. There I deeply understood the problem of securing payments, and discovered that in many cases the blame falls on the junior employee who carries out the transfer, even though they do not have the tools to deal with it. — Shai Gabay, on the reason Trustmi exists
One of the more useful things Trustmi discovered by watching enterprise ledgers is that fraud is not the biggest bleed. Errors are. Duplicate invoices, overpayments, wrong accounts, taxes miscoded, wires sent twice by two different people who did not know the other was doing it. Add it up and companies quietly lose one to three percent of their annual budget to nothing more sinister than process rot. Gabay likes to point this out because it makes the sale easier: even if you are not being defrauded, you are almost certainly being sloppy, and sloppiness at scale is expensive.
The consequence is that Trustmi is technically a security product but sells like a finance product. Its buyer is the CFO. Its threat model is not quite the perimeter and not quite the SOC. It is the moment your vendor sends an email that says "please update our account for the July payment."
Gabay describes his childhood the way a lot of Israeli cyber founders do, but the detail is real: he was picking at things he was not supposed to pick at, on machines that were not his, at an age when most of us were negotiating bedtimes. That curiosity got serious later.
He served roughly eight years in the Israel Defense Forces, split across Unit 8200 - the signals intelligence unit that has produced most of Israeli cybersecurity - and Sayeret Matkal, the general staff reconnaissance unit. The mix is unusual.
Before Trustmi, Gabay was Chief Information Security Officer at Israel Discount Bank. From there he moved to CIO at Cyberbit, VP of Product & Services at Cynet, and General Manager at Opera. The banking job is the one he tends to cite as formative.
Trustmi sells to CFOs. Gabay has a twin brother who happens to be a CFO. He has said, more than once, that his brother is his informal design partner - if a proposed feature or pitch does not survive contact with the twin's Excel-shaped worldview, it usually gets cut before customers see it. It is the kind of unfair advantage founders rarely admit to and rarely paper over. Gabay does not paper over it. He describes it as one of the more useful accidents of his life.
Focus on creating indispensable solutions that bring value rather than telling horror stories. — Shai Gabay, on how to sell cybersecurity without selling fear
Gabay's pitch has evolved. In 2021 he was pointing at process. In 2025 he is pointing at generative AI, which has quietly turned vendor impersonation from a labor-intensive art into a scalable production. Deepfaked voices for wire authorization. Emails that read exactly like your CFO's emails, because they were trained on your CFO's emails. Domains registered a week before a phishing campaign. The defenders' problem is that most of these attacks do not look like attacks. They look like Tuesday.
Trustmi's argument, and Gabay's argument on his podcast tour, is that the counter to AI-scaled fraud is behavioral AI - the boring, correlational kind, that watches how vendors, employees and processes actually behave, and flags what is out of shape. It is not a glamorous pitch. It has the advantage of being true to what the data shows.
Trustmi's stated capability set, as summarized from public materials.
His brother is a CFO. Trustmi sells to CFOs. Read that sentence twice.
Gabay describes his career as a slow migration from breaking things to keeping them intact. Not many founders admit the direction of that arrow.
In an industry addicted to fear-selling, he built a company that pitches value, and closed a $17M round doing it.
Gabay wants payment security to become a category the way endpoint security became a category - a thing every serious CFO expects, budgets for, and can name three vendors in. Right now he can name one. He is fine with that.
Profile compiled from public interviews, podcasts and press. Facts and quotes attributed to their original sources above.