Breaking
$10.35M Series A led by Bright Pixel Capital, Nov 2024 Founded 2020 in Palo Alto, California Built by Phillip Liu, co-founder of SignalFx ($1B Splunk exit) Patent-pending Trust Graph answers security questions in seconds Framework-agnostic: SOC 2 · ISO 27001 · FedRAMP · PCI · SOX · DORA ~$18.35M total raised across seed and Series A AI agents collect evidence, test controls, answer questionnaires $10.35M Series A led by Bright Pixel Capital, Nov 2024 Founded 2020 in Palo Alto, California Built by Phillip Liu, co-founder of SignalFx ($1B Splunk exit) Patent-pending Trust Graph answers security questions in seconds Framework-agnostic: SOC 2 · ISO 27001 · FedRAMP · PCI · SOX · DORA ~$18.35M total raised across seed and Series A AI agents collect evidence, test controls, answer questionnaires
Company Profile AI · GRC · Enterprise SaaS Palo Alto, CA

Trustero

Turning compliance from a spreadsheet marathon into something you can simply ask. An AI layer for the security paperwork nobody wants to do.

2020
Founded
$18.35M
Raised
~25
Employees
Series A
Stage
Trustero logo - the wordmark with a gradient magnifying-glass Trust Graph mark
THE MARK. Look closely: the "o" in trustero is a magnifying glass sitting inside a gradient ring. It's a compliance company telling you, in one glyph, that it would like to make trust something you can inspect.
By YesPress Staff · Business Desk Filed from Silicon Valley · Est. 8 min read

Here is a fact about selling software to large companies that almost nobody puts on a slide: before the deal closes, someone on the buyer's side is going to email you a spreadsheet with 300 questions about your security posture, and you are going to have to answer all of them. Then they will ask for a SOC 2 report. Then, if you are lucky enough to be growing, another buyer will send a slightly different spreadsheet, and you will answer many of the same questions again, slightly differently, forever. This is governance, risk and compliance - GRC - and it is one of the least glamorous and most reliably lucrative bottlenecks in the entire economy.

Trustero, a roughly 25-person company in Palo Alto, has decided that this is the perfect problem for artificial intelligence. Not the write-me-a-poem kind of AI, and not the drive-a-car kind. The read-this-mountain-of-documents-and-tell-me-if-we-are-compliant kind. Founded in 2020, the company describes itself, plainly, as "advanced AI for security and compliance teams," which is refreshingly free of the usual promises to change the world.

The person who started it is worth pausing on, because the résumé does a lot of the pitching. Phillip Liu previously co-founded SignalFx, a cloud-monitoring company that Splunk acquired for more than a billion dollars. Before that he was at Facebook and Opsware, which are the kind of places you list when you want people to assume you know how to build infrastructure that other companies depend on. So when Liu says his next act is compliance software, the interesting thing is not that he is optimistic - founders are always optimistic - but that a person who has already won once looked at the GRC category and thought: this, again, is where the work is.

"You can build a trust graph of not only how you operate internally, but the connections between companies - what tools they use and what risks they pose to a buyer." Phillip Liu · Founder & CEO, Trustero

The Core IdeaTrust, but as a data structure

The centerpiece of Trustero's technology is something it calls the Trust Graph, which is patent-pending and does the thing that all good product names do, which is smuggle the entire thesis into two words. Trust is normally a feeling. It is the vibe you get from a vendor, the reassurance of a logo on a compliance page, the gut sense that these people probably won't leak your customer data. Trustero's bet is that trust can instead be modeled as a graph - a structured map of how a company operates, which controls it has, what tools it uses, and therefore what risks it carries - and that once you have that structure, you can query it.

Query it in seconds, the company says, rather than assembling the answer by hand over weeks. Ask whether you meet a given FedRAMP control, and the system reads across your evidence and tells you where the gaps are. This is a meaningful reframing. Most incumbent compliance tools give you a checklist and a place to upload screenshots. Trustero is trying to give you an answer. The difference between a checklist and an answer is roughly the difference between a filing cabinet and a colleague, and it is the entire reason the company thinks a generative-AI-native product can dislodge tools that were designed in the checklist era.

What It Actually DoesAgents for the back office

In practice, Trustero is a collection of AI agents pointed at the specific chores that make compliance miserable. There is Evidence Management, where agents collect the artifacts that prove a control is working and map them to the right framework. There is Continuous Control Monitoring, which tests controls using natural language and flags problems as they appear, rather than the day before an audit. There is Questionnaire Automation, which points AI at those dreaded security spreadsheets and RFPs. And there is Trustero Intelligence, a question-answering layer with "playbooks" that let a team describe a compliance workflow in plain English and then hand it off.

There is also a Trust Portal, which flips the whole thing outward: instead of a static page of badges, a prospective buyer can ask your compliance posture a question and get an answer. If you have ever been on either end of a vendor security review, you understand immediately why someone would build this, and why the incumbents should be a little nervous.

Crucially, Trustero is framework-agnostic. It is designed to map controls across SOC 2, ISO 27001, FedRAMP, PCI, SOX, DORA and the rest of the alphabet, so that a team maintaining several standards at once writes evidence once instead of five times. This is less exciting than a Trust Graph but arguably more important to a buyer, because duplicate work is where compliance budgets actually go to die.

Compliance software is a market that already exists, full of people who already pay for it and mostly dislike what they're paying for. Trustero's job is to make the incumbents feel slow. YesPress · Business Desk

The MoneyA $10.35M vote of confidence

In November 2024, Trustero closed a $10.35 million Series A led by Bright Pixel Capital, the investor formerly known as Sonae IM, with participation from existing backers Engineering Capital, Zetta Venture Partners and Vertex Ventures US. That brought total funding to roughly $18.35 million. These are not enormous numbers by the standards of AI companies raising on vibes, and that is somewhat the point: Trustero is selling to buyers who already have budget lines for compliance tooling, which is a healthier place to be than inventing demand from scratch.

The competitive set here is real and awake. Vanta and Drata have built large businesses automating SOC 2 and other frameworks; ZenGRC, MetricStream and Archer serve the more enterprise end. Trustero's wager is that all of these were built before generative AI was good enough to read and reason over compliance evidence, and that being AI-native from the graph up is a structural advantage rather than a feature you bolt on. Whether that's true is one of the more genuinely interesting open questions in enterprise software right now, and it will be settled by renewals, not press releases.

Who It's ForThe people drowning in evidence

It helps to be concrete about who actually opens this software on a Tuesday morning. Trustero points at enterprise and mid-market security and compliance teams, plus managed security service providers - the firms that run compliance on behalf of many clients at once and therefore feel the duplicate-work problem most acutely. These are not people who want a demo of a dancing robot. They are people with an audit in six weeks, a questionnaire due Friday, and a shared drive full of screenshots that may or may not still be accurate. The promise Trustero makes to them is unglamorous and specific: hundreds of hours a month, handed back. Whether the product delivers that consistently is exactly the kind of claim that gets tested in renewal conversations, which is the only review that ultimately counts in enterprise software.

The company itself is small and senior - roughly 25 people, remote-friendly, built around a founder who has done this before and a cap table of investors who specialize in enterprise and AI. That size is worth noting because it cuts both ways. A lean team moving fast against slower incumbents is the classic startup advantage; a lean team selling to risk-averse compliance buyers who value stability is also the classic startup vulnerability. Trustero is threading that needle by leaning on the one thing enterprise buyers can't easily discount: a founder whose last infrastructure company they may already be running in production.

The Bottom LineWhy this one is worth watching

What makes Trustero worth a reader's attention is not that it promises to reinvent trust - lots of companies say things like that. It is the specificity of the target. Audits, evidence, questionnaires, third-party risk: this is the unsexy frontier of AI, the back-office work that is expensive precisely because it is tedious and can't be skipped. A founder with a billion-dollar exit chose to point his experience at it, several serious investors wrote checks, and the product is aimed at a line item that every software company over a certain size already grudgingly pays. That combination - real problem, real budget, a plausible reason the timing is now - is rarer than it sounds, and it is why Trustero is one to keep an eye on.

One Evidence Set, Every Audit

Framework-agnostic by design

SOC 2 ISO 27001 FedRAMP PCI DSS SOX DORA CMMC SOC 1

What You Can Do With It

The Product Lineup

Intelligence
Trustero Intelligence (TI)

Ask GRC questions in plain language and get answers. TI Playbooks let you define whole compliance workflows in natural language and automate them.

Evidence
Evidence Management

AI agents collect the artifacts that prove a control works and map them to the right framework - audit-ready, kept current.

Monitoring
Continuous Control Monitoring

Tests controls using natural language and flags gaps as they appear, so an audit becomes a background process, not an event.

Sales Unblock
Questionnaire Automation

AI agents answer the security questionnaires and RFPs that gate enterprise deals - the worst part of B2B sales, handled.

Assessment
Policy & Control Assessment

Evaluates your policies and controls against frameworks and surfaces where you fall short before an auditor does.

Buyer-facing
Trust Portal

Let prospective customers ask your compliance posture a question and get a real answer - instead of a static wall of badges.

The Story So Far

Milestones · 2020 → Today

2020

Trustero is founded

Fresh off SignalFx's $1B sale to Splunk, Phillip Liu starts Trustero in Palo Alto to attack GRC with AI.

2022

Exits stealth with Compliance-as-a-Service

The company launches its first platform, initially focused on SOC 2 compliance.

2023

Builds AI evidence & monitoring

Adds AI-driven evidence collection, continuous control monitoring and policy assessment across multiple frameworks.

2024

Ships Trustero Intelligence & closes Series A

Launches TI, TI Playbooks, questionnaire automation and the Trust Portal, then raises a $10.35M Series A led by Bright Pixel Capital.

Questions, Answered

The FAQ

What does Trustero do?

Trustero builds AI software that automates governance, risk and compliance work - gap analysis, evidence collection, control testing, security questionnaires, third-party risk and audit prep - across frameworks like SOC 2, ISO 27001 and FedRAMP.

Who founded Trustero?

Phillip Liu, who previously co-founded SignalFx (acquired by Splunk for over $1 billion) and worked at Facebook and Opsware. He founded Trustero in 2020 and serves as CEO.

What is the Trust Graph?

Trustero's patent-pending engine that models how a company operates and connects to others, letting users answer complex security and compliance questions in seconds rather than assembling answers by hand.

How much has Trustero raised?

Roughly $18.35M total, including a $10.35M Series A in November 2024 led by Bright Pixel Capital, with Engineering Capital, Zetta Venture Partners and Vertex Ventures US participating.

Who are Trustero's competitors?

Compliance and GRC automation vendors such as Vanta, Drata, ZenGRC, MetricStream and Archer (RSA) GRC. Trustero differentiates by being AI-first and framework-agnostic.

Connect & Explore

Links · Social · Watch

Sources & Further Reading