Gray Swan, an AI security company emerging from Carnegie Mellon University’s AI safety research programme, has raised $40m in a Series A funding round to expand its mission of delivering advanced security solutions for enterprise AI deployments.
The funding round was co-led by Wing Venture Capital and Madrona, with participation from Obvious Ventures, Snowflake Ventures, Hudson River Trading, Samsung Next, and existing investor Magarac Venture Partners. The company plans to use the new capital to accelerate go-to-market initiatives, strengthen partnerships with leading AI laboratories, and expand its team to support organisations adopting AI at scale while maintaining robust security standards.
Gray Swan has established itself as a prominent security evaluation provider for advanced AI models. The company has been referenced in 11 recent frontier-model system cards, including those released by Anthropic, OpenAI, and Meta. Its benchmarking capabilities are integrated into safety assessment processes used before public deployment of these models, reflecting a level of trust and access that the company says is unmatched across multiple frontier AI labs.
The company was founded on the belief that every AI deployment should be treated as a potential attack surface until proven secure. As AI agents increasingly move from experimental environments into production systems—where they access enterprise data, automate workflows, and make autonomous decisions—security risks such as prompt injection, jailbreak attempts, and data exfiltration have become practical operational challenges. At the same time, evolving global regulations have increased the importance of implementing strong AI security controls before deployment.
Gray Swan was founded by Matt Fredrikson and Zico Kolter, researchers who have spent more than a decade studying adversarial AI failures and methods for preventing them. As AI adoption expanded from academic research into enterprise infrastructure, they identified a significant gap between existing security research and commercially available solutions. Gray Swan was created to bridge that divide.
Today, the company serves more than 20 customers, including frontier AI laboratories and global enterprises, and has formed a strategic partnership with Snowflake. Through this collaboration, Gray Swan’s runtime AI protection capabilities are natively integrated into Snowflake’s AI ecosystem, allowing organisations to incorporate security measures directly into the environments where they develop and scale AI applications.
The Gray Swan platform consists of three core offerings. Cygnal delivers real-time monitoring and protection by enforcing organisation-specific security policies with minimal latency. Shade functions as an automated red-teaming solution, conducting adversarial testing across AI models and agents throughout pre-deployment and CI/CD workflows to identify vulnerabilities before production release. Arena, meanwhile, operates as a continuous global competition involving more than 15,000 researchers and security professionals who probe AI systems for weaknesses.
Collectively, the platform generates over one million real-world attack trajectories, providing valuable training data that enhances the effectiveness of both Cygnal and Shade in detecting and mitigating emerging AI security threats.
