
Memcyco raises $37M for agentless fraud defense.
Memcyco secured $37M Series A to expand agentless, preemptive fraud protection globally. See why ATO scams are surging in 2026.
TL;DR
Memcyco raised a $37M oversubscribed Series A (total funding $47M) to scale an agentless, cloud platform that jumps in when customers hit phishing pages or brand lookalikes, exposing attackers and stopping account takeovers before the login stage. Led by NAventures and others, the round fuels global growth with a big push into Latin America, where impersonation scams are rising.
Memcyco’s new $37M Series A is a timely signal that fraud prevention is shifting “left” toward stopping impersonation and account takeover attempts before customers ever reach a login page. As the ai world organisation tracks real-world AI adoption and risk trends through ai world organisation events and ai conferences by ai world, this round is also a strong indicator of where digital trust and security priorities are headed ahead of the ai world summit and ai world summit 2025 / 2026 conversations.
Memcyco’s $37M Series A and the market signal
Memcyco, a Boston-based cybersecurity company focused on real-time digital risk protection, announced a $37M oversubscribed Series A, bringing its total funding to $47M. The round was led by NAventures (National Bank of Canada’s corporate venture arm), E. León Jimenes, and PagsGroup (the family office of Steve Pagliuca), with participation from existing investors Capri Ventures and Venture Guides. Beyond the headline number, the oversubscription matters because it suggests buyers and investors are aligning around a specific thesis: the most expensive fraud isn’t always what happens after login, but what happens before a customer even realizes they are being manipulated.
This is the heart of why the story is relevant to the ai world organisation and to the broader agenda of the ai world summit, where practitioners increasingly talk about AI not just as a productivity unlock, but also as an accelerant for threat actors. In many organizations, fraud tooling has historically been built around detection at the point of authentication or transaction approval, while brand and phishing defenses often sit in another silo. Memcyco’s pitch—and what this funding round effectively validates—is that impersonation, phishing, and account takeover need to be treated as one continuous attack timeline, not separate categories owned by different teams.
Memcyco also positions this as a “preemptive” approach, where intervention happens while the attack is unfolding rather than after the damage is done. That framing resonates today because the economics of fraud are expanding, with Juniper Research estimating cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion. In other words, this isn’t a niche security feature request—it’s a board-level problem, and the market is rewarding teams that can reduce losses without degrading the customer experience.
For readers following ai conferences by ai world, this funding round is also a useful case study in “security as customer experience.” If the only way to reduce fraud is to add friction, many digital businesses end up trading conversion for safety, and the tradeoff becomes painful at scale. Memcyco is explicitly arguing that the next wave of fraud prevention should avoid that tradeoff by remaining agentless for end users while still delivering real-time protection.
Why fraudsters now target customers first
A key shift in the fraud landscape is that attackers increasingly bypass hardened enterprise perimeters and instead focus on customers as the easiest entry point. This is visible in the growth of AI-powered phishing, high-quality brand impersonation, and website clones that look legitimate long enough to harvest credentials or convince a user to authorize a payment. As more customer journeys move to mobile and web-first flows, the “attack surface” becomes the entire digital experience—ads, search results, social links, customer support lookalikes, and not just the login page.
In the coverage around Memcyco’s raise, account takeover (ATO) activity is described as having surged dramatically, with one report citing a 250% jump in ATO incidents across 2024–2025. Whether the exact number varies by segment, the strategic insight stays the same: impersonation-led attacks scale because they exploit human trust, and AI tools make it faster to create convincing lures at low cost. When a user believes they are on a real brand site, traditional controls can be late to the party—because the deception has already shaped the user’s behavior before any authentication signal is even generated.
That timing problem is central to why Memcyco is emphasizing “before login” disruption. Multi-factor authentication can be effective, but it typically activates at or near the login step, after the user is already interacting with a fraudulent flow or has been nudged into risky actions. The same is true for many monitoring and response systems: they provide value, but they often operate after suspicious activity is detected within the organization’s environment rather than at the moment the customer is being deceived outside it. The result is a growing gap between where fraud begins (in the customer’s reality) and where defenses often start (inside the enterprise stack).
This is also the moment where the ai world organisation’s community lens becomes relevant. The AI ecosystem is increasingly cross-functional: product teams, growth teams, compliance leaders, and security leaders are forced to collaborate because fraud is no longer purely a security issue—it touches trust, brand equity, customer retention, and regulatory exposure. Those are exactly the types of intersectional problems that show up repeatedly at ai world organisation events and at ai conferences by ai world, where “AI in the real world” includes both the upside and the risk surface.
For the ai world summit audience, another important takeaway is that “AI vs AI” is becoming normal. AI helps fraudsters generate more convincing impersonation assets, and AI also helps defenders analyze sessions, patterns, and anomalies faster—yet the real differentiator becomes when and where the defense intervenes. If intervention arrives too late, high detection accuracy can still translate into poor customer outcomes, because the customer has already been manipulated into giving away sensitive details or authorizing something they never intended.
What “agentless” preemption means in practice
Memcyco describes its platform as agentless and cloud-based, designed to disrupt impersonation and phishing-driven fraud in real time without requiring end-user installation. In practical terms, the “agentless” promise matters because the highest-risk users often include people who will never install an extra security app or extension, and any requirement like that reduces adoption and leaves gaps. A defense model that works without adding steps to the customer journey has a clearer path to scale across large populations, especially in consumer-facing sectors.
The company also reports that its platform has mapped more than half a billion device identities and has prevented over 3.5 million account takeover attempts, positioning these figures as proof that it can scale while avoiding user friction. Scale is a big claim in fraud prevention, because many approaches work in pilots but struggle when deployed across multiple geographies, products, and customer segments. Memcyco’s narrative is that by focusing on live attack disruption—rather than only post-event cleanup—it can deliver measurable ROI for compliance and risk teams while keeping legitimate customers moving.
One of the most interesting elements in the disclosed description is the idea of using deception as a defensive strategy. Memcyco says it can feed attackers “marked decoy credentials” when they attempt to harvest real user credentials, then use those decoys to expose attacker workflows when the decoys are used. It also describes proactive deception techniques that divert attackers into controlled dead ends, aiming to reduce scam effectiveness while the attack is still in progress. This is important because modern fraud operations behave like businesses: they optimize for throughput, reuse infrastructure, and refine scripts based on what works, so anything that increases attacker cost or reduces attacker confidence can have compounding benefits.
For enterprises evaluating solutions, it’s also worth noting how Memcyco positions itself relative to familiar categories. It contrasts its approach with tools that primarily respond after a breach or that focus on the login moment, arguing that the critical intervention window is earlier in the attack timeline. Even if a company already uses multiple layers—brand monitoring, takedown services, endpoint controls, MFA, behavioral analytics—there can still be a missing layer: real-time visibility into what’s happening to customers when they are interacting with a scam. Memcyco is essentially selling that missing layer as a single platform that makes the brand-customer boundary a defendable space, not a blind spot.
This is also why the story fits naturally into ai world summit 2025 / 2026 content programming. The most useful discussions in AI and cybersecurity today aren’t only about “better detection models,” but about operational design: how to instrument customer journeys, how to align legal/compliance/security without slowing product shipping, and how to quantify trust as a business metric. Those themes consistently show up at ai conferences by ai world because they’re the problems leaders actually face when scaling digital products across regions and regulatory environments.
Why Latin America is a priority for global scale
Memcyco says it will use the new funding to expand globally, with a strong focus on Latin America, where digital fraud rates are climbing and impersonation scams are becoming more intense. The LATAM emphasis is meaningful because it reflects how fraud tends to concentrate where digital adoption is accelerating quickly across payments, banking, ecommerce, and super-app ecosystems. Rapid growth creates opportunity for legitimate businesses, but it also creates a “target-rich” environment where attackers can run high-volume campaigns across many brands and customers.
From an operational standpoint, LATAM expansion is also a test of product flexibility. Different markets have different authentication norms, different consumer expectations, and different friction tolerance. A model that depends on heavy user prompts or repeated step-ups can backfire in regions where conversion and engagement are sensitive to even small delays. That makes Memcyco’s agentless approach central to its regional strategy: the company is arguing that adoption is easier when protection is delivered without requiring customers to change behavior.
The investor mix also reinforces the “cross-region scaling” story. NAventures is described as the corporate venture arm of National Bank of Canada, suggesting a financial-services lens on risk and adoption. E. León Jimenes and PagsGroup add a long-term, diversified investment profile, and the participation of existing investors implies continued confidence as the company moves from product validation to broader deployment. In many fraud startups, the hardest step is proving enterprise-grade scale and consistent results across different customer bases; Memcyco is using this round to publicly claim it has crossed that threshold.
For the ai world organisation, this regional dimension also connects to how global AI ecosystems are evolving. AI deployment patterns differ across regions, and so do threat patterns; events and communities that take a global view can help practitioners compare what’s working in one geography and adapt it to another. That’s one reason ai world organisation events are positioned as ecosystem builders rather than one-off conferences: they create continuity across regions, industries, and stakeholder groups.
What enterprises should learn—and how AI World will frame it
If there’s one big lesson in this news, it’s that “digital trust” is now a real-time operational discipline, not a compliance afterthought. Memcyco’s raise is a bet that the next generation of fraud defense will be judged by how quickly it can intervene in a live scam, how clearly it can identify both the victim and attacker context, and how well it preserves customer experience while doing so. That is exactly the kind of shift that business leaders need to internalize, because customer-facing fraud isn’t just a security incident; it becomes a brand incident the moment a user shares their experience publicly.
This is also where the ai world summit and ai conferences by ai world can add value: by translating technical innovation into operational playbooks for leaders who have to deploy these systems at scale. In 2026, the conversation is no longer “Should we use AI?” but “How do we safely operate in an environment where AI speeds up both growth and attacks?” The Memcyco story offers a practical narrative to anchor that discussion: agentless deployment, deception-based disruption, real-time session intelligence, and a focus on stopping scams while they are still in motion.
For the ai world organisation, tying this story to event programming is straightforward because the organization explicitly positions itself around global summits that connect business and technology leaders. The AI World Organisation’s upcoming events page lists multiple 2026 gatherings, including a GCC Conclave on 14 March 2026 in Hyderabad, a Talent, Tech & GCC Summit on 17 April 2026 in Delhi, and AI World Summit 2026 Asia on 28 May 2026 in Singapore, alongside other announced 2026 summits where attendees can explore themes like trust, security, governance, and AI adoption. These forums create a natural stage for fraud prevention leaders, CISOs, risk heads, and product owners to debate the “timing advantage” idea—how earlier intervention changes outcomes—even when everyone already has a stack full of tools.
It’s also useful context that The AI World Summit 2025 was positioned as a gathering of AI visionaries and leaders, showing that the ai world summit brand is already centered on practical insight and real-world implementation rather than hype. As the ai world organisation builds momentum into ai world summit 2025 / 2026 cycles, stories like Memcyco’s can help sharpen the agenda around secure digital transformation: not only deploying AI, but defending AI-enabled customer journeys from AI-enabled threats.
Finally, Memcyco’s stated ambition—making agentless preemption a global standard—should be read as a broader industry direction, even beyond one company. Fraud is becoming faster, more personalized, and more scalable; defenses that rely on after-the-fact cleanup will remain necessary, but they won’t be sufficient on their own. In 2026, the most competitive digital businesses will be the ones that treat fraud prevention as part of product design and customer trust engineering, which is a theme that fits cleanly into ai world organisation events and the broader “AI for impact” narrative that leaders come to ai conferences by ai world to explore.