It is a Tuesday morning at a 40-person accounting firm, and an email lands that looks exactly like a note from the managing partner. Same name, same sign-off, a request to move a wire before lunch. A year ago, someone clicks. Today, the message never reaches a human - Trustifi's engine read it, weighed it, and quietly set it aside. Nobody notices. That, more or less, is the whole point.
Who they are nowA button where a security team used to be
Trustifi is a cloud-based email security company. That sentence does the business no favors, because "email security" sounds like the most tedious corner of an already tedious industry. But strip away the jargon and the company is doing something specific and stubborn: it is trying to take the kind of inbox defense that used to require a dedicated security team and a six-figure budget, and compress it into something a small business can switch on with a click.
The platform sits inside Microsoft 365 and Google Workspace - the two places where most of the world's work email already lives. It scans what comes in, encrypts what goes out, and checks both against a stack of compliance rules. The company is small, around 34 people, headquartered in New York after starting life in Las Vegas. In June 2025 it raised a $25 million Series A. None of that is the interesting part.
Email never stopped being the front door
For all the money poured into firewalls and endpoint tools, the breach almost always starts the same way: a message. Phishing. Business email compromise. A vendor account quietly taken over, then used to send an invoice that is wrong in exactly one digit. The attacks work not because they are sophisticated but because they are boring - they look like the hundred legitimate emails around them.
The companies most exposed to this are, inconveniently, the ones least equipped to defend against it. A hospital billing office, a regional law firm, a manufacturer with one overworked IT person. They have the same regulatory obligations and the same attackers as the Fortune 500, and roughly none of the staff. The enterprise security vendors were never really built for them.
A marketer and a security man walk into Las Vegas
Trustifi's origin is not the usual two-engineers-in-a-garage story. Rom Hendler, the CEO and co-founder, spent years in hospitality and gaming - he was Chief Marketing Officer and a senior vice president at Las Vegas Sands Corp before he was a cybersecurity founder. His co-founder, Idan Udi Edry, was a career security executive who had moved to Las Vegas while running another firm. A single phone call from Hendler pulled him in, and roughly a year and a half of building followed.
The bet they made was less about technology than about packaging. Strong encryption already existed. AI threat detection was becoming table stakes. What did not exist was a version simple enough that the recipient of an encrypted email did not have to fumble with passwords and portals - they could just open it. And simple enough that a managed service provider could run it across dozens of clients from one screen.
It is worth noting, with the gentle irony the story deserves, that the company began by trying to disrupt certified mail - postmarked email, timestamping, the digital equivalent of a return receipt. The pivot to full AI email security came later. The early idea was not wrong; it was just smaller than the problem.
How a certified-mail idea became a security platform
Three shields and a single verb
The platform is easier to understand than to market. There is an inbound layer, an outbound layer, and a compliance layer, and the company keeps trying to describe all of it with the same word: click.
Inbound Shield
AI and dynamic engines read every incoming message for phishing, spoofing, impersonation, spear-phishing and business email compromise - plus malicious links and files - and block what doesn't belong.
Outbound Shield
End-to-end AES 256-bit encryption that the recipient opens with one click - no portal gymnastics - alongside data-leak prevention on the way out.
One-Click Compliance
Screen outbound email against 10+ regulatory frameworks - HIPAA, GDPR and more - toggled on and off from one console.
Account Takeover + Training
Real-time blocking of compromised-account activity, plus security awareness training aimed at the human end of the problem.
Who's actually using it
The customers are the tell. Trustifi sells to small and mid-sized enterprises and, heavily, through managed service providers and MSSPs - the firms that quietly run IT for thousands of businesses that will never hire a security engineer. Healthcare, finance and the public sector show up often, because those are the places where a leaked email is also a regulatory event.
The numbers are modest by hype-cycle standards and honest because of it: roughly $5 million in revenue, about 34 employees, $25 million in fresh funding on top of earlier rounds. This is not a company pretending to be a unicorn. It is a company that found a real, unglamorous problem and is grinding at it.
The shape of a focused company
A lot of capital, a lean team, a narrow target. The interesting ratio here is dollars raised per employee - this is a company betting that a small crew plus a sharp platform beats a big one.
There is outside validation too. CEO Rom Hendler keeps landing on CRN's Channel Chiefs list, which is the partner-channel world's way of saying a vendor is serious about the resellers who carry it. For a channel-first company, that recognition is less vanity than strategy working.
The missionMake the boring thing easy enough to actually use
Strip the marketing language and the mission is plain: take advanced email security - the kind reserved for organizations with money and headcount - and make it simple, affordable and reachable for everyone else. Protect the data, prevent the breach, satisfy the regulator, and do it inside the email tools people already open every morning without thinking.
The attacks get better at sounding human
Generative AI did not invent email fraud, but it made it cheaper and far more convincing. The clumsy phishing message with the broken grammar is going extinct. What replaces it reads like a real colleague, references real projects, and arrives at exactly the right moment. Defending against that requires the same kind of pattern-reading intelligence on the other side - which is precisely the bet Trustifi is doubling down on with its funding.
The competitors are larger and louder - Proofpoint, Mimecast, Abnormal, Barracuda, Microsoft's own defenses. Trustifi's answer is not to outspend them but to out-simplify them, and to keep its arms around the channel that reaches the unglamorous middle of the market.
Back to that Tuesday morning. The fake wire request arrives at the 40-person accounting firm, dressed up as the managing partner. It does not reach the bookkeeper's eyes, does not start a frantic phone call, does not become a bad afternoon and a worse quarter. It simply doesn't happen. The firm goes on having an ordinary day, never knowing how close it came. Trustifi is the company betting that the highest form of security is the kind nobody ever notices - and that the click you don't have to think about is worth quite a lot.