Charm Security: RSAC 2026 Innovation Sandbox Profile
This profile was compiled in March 2026 using AI tooling guided by security product strategy guidance from Lenny Zeltser's MCP server. The analysis was performed by AI without direct human validation, to demonstrate the capabilities of AI agents guided by an expert framework. Outside this demo, a human analyst would conduct iterative conversations with the AI agent to arrive at more accurate conclusions.
Executive Summary
Charm Security targets the gap between traditional transaction-based fraud detection and the growing wave of AI-powered social engineering scams that manipulate humans, not systems. The company applies agentic AI combined with behavioral psychology to intervene in real time before victims transfer funds. Backed by Team8 and notable cybersecurity angels including the founders of Wiz and Talon Cyber Security, Charm enters the Innovation Sandbox with early traction in the U.S. credit union market and a differentiated “human layer” approach that most incumbent fraud vendors do not address.
Company Overview
| Field | Detail | Evidence |
|---|---|---|
| Founded | December 2024 (stealth); launched March 2025 | Finovate profile, PR Newswire |
| Headquarters | New York, NY (engineering in Tel Aviv, Israel) | Company website, LinkedIn profiles |
| Funding | $8M seed, led by Team8’s Venture Creation Fund (March 2025) | SecurityWeek, SiliconANGLE |
| Stage | Seed | Calcalist |
| Employees | 10-15 (growing; 11-50 per LinkedIn band) | Company website; workforce breakdown: Israel 7, US 1, France 1, UK 1 |
| Key Investors | Team8 (lead; $1B+ AUM, exits include Talon and Dig Security to Palo Alto for ~$1B combined). Angels: Assaf Rappaport (CEO, Wiz), Yinon Kostika (CPO, Wiz), Ofer Ben-Noon (co-founder Talon/Argus, two exits totaling ~$1.1B), Treasury, Curql, CCL (Cyber Club London) | Finovate, Team8 portfolio page |
Problem Definition and Market Opportunity
Financial fraud has shifted from unauthorized transactions to authorized push payment (APP) scams, where victims willingly transfer money after being psychologically manipulated. Traditional fraud detection systems, built to flag anomalous transactions, miss these cases because the legitimate account holder initiates the payment. According to Team8’s “Fraud Exposed” report, AI-powered scams account for an estimated $1.03 trillion in annual global losses. Generative AI has lowered the cost of running sophisticated social engineering campaigns, enabling convincing deepfake voice calls, phishing messages, and impersonation at scale.
Regulatory pressure is accelerating adoption urgency. The UK now requires banks to reimburse scam victims up to GBP 85,000 for APP fraud, and similar frameworks are emerging in the EU and the U.S. Financial institutions face growing liability exposure for scams that existing tools were not designed to prevent. The problem does not require market education; banks, credit unions, and regulators already recognize the gap. What they lack is tooling that operates at the “human layer” rather than the transaction layer.
The addressable market spans financial institutions, credit unions, fintech platforms, and digital service providers globally. Team8 reports that 60% of UK scams originated on Meta platforms in 2023, indicating the attack surface extends well beyond banking apps into social media and messaging channels.
Product Capabilities
Charm Security’s platform deploys three specialized AI agents, each operating at a different stage of the scam lifecycle.
Fraud Investigation Agent. This agent connects signals across alerts, cases, and customer interactions. It interprets human intent and behavioral psychology to guide prevention, investigation, and resolution decisions. The company claims it reduces Level-1 manual triage by 80% (company claim, unverifiable).
Fraud Frontline Agent. This agent operates alongside customer-facing teams in contact centers, branches, wealth management, and support functions. It delivers real-time insights during high-risk interactions and helps staff identify deception and manipulation patterns as they happen.
Fraud Intelligence Agent. This is Charm’s most distinctive capability. The agent operates beyond the organization’s perimeter, engaging scam infrastructure, impersonators, mule networks, and attacker assets. It collects intelligence through what the company calls its “HoneyBot network,” AI agents that pose as potential victims on dark web forums and open channels to gather scammer tactics and train detection models.
The underlying technology is Charm’s proprietary HVE Model (Human Vulnerabilities and Exploits), which the company describes as analogous to the CVE framework but for human psychological attack vectors. The HVE model analyzes deception patterns, manipulation techniques, and psychological risk signals in real time to generate customer risk profiles and trigger interventions. The company claims a 30% reduction in losses from human-centric fraud and 24/7 real-time intervention capability (company claims, unverifiable without customer data).
Charm demonstrated the platform at FinovateFall 2025 in New York, its first public demo. This confirms demo readiness for the RSAC Sandbox stage. The architecture appears designed for integration with existing banking fraud stacks rather than replacement, with the company listing BioCatch as a collaborator whose behavioral biometrics signals can trigger Charm’s intervention agents.
Competitive Positioning
Charm occupies an emerging category that sits between traditional fraud detection (Feedzai, SEON, NICE Actimize) and social engineering defense platforms (Doppel). The most relevant competitor is Doppel, which raised $70M in Series C at a $600M+ valuation in November 2025, with backing from CrowdStrike CEO George Kurtz and a16z. Doppel focuses on detecting and dismantling external impersonation infrastructure and employee resilience training. Charm differentiates by focusing on real-time intervention during customer interactions and psychological vulnerability modeling, operating closer to the point of financial harm.
Other adjacent players include BioCatch (behavioral biometrics for fraud, positioned as a complement rather than competitor), Resistant AI (document fraud and AML), and IVIX (government-focused financial crime detection). Traditional fraud vendors like Feedzai and NICE Actimize address transaction monitoring but lack the psychological intervention layer Charm emphasizes.
The incumbent threat is real. Large fraud platform vendors like Feedzai or even identity verification providers could add real-time intervention capabilities. However, Charm’s HVE model and HoneyBot intelligence network represent specialized IP that would take time to replicate. The bigger risk may come from Doppel expanding into the financial services real-time intervention space, given its substantial funding advantage ($124M total vs. Charm’s $8M).
Category clarity is a potential challenge. Charm must educate buyers that “scam prevention” is a distinct budget line from “fraud detection.” The company appears to position itself as complementary to existing fraud stacks, which reduces friction but may limit deal sizes. It maps to existing fraud prevention budgets rather than requiring a new line item, which is pragmatic for early sales.
Go-to-Market and Traction
Charm targets financial institutions through a top-down enterprise sales model, with early focus on the U.S. credit union market. The most significant traction signal is the National Member Protection Initiative (NMPI), launched March 3, 2026 with Curql Collective, a strategic investment collective of 160+ U.S. credit unions.
Five credit unions participate in the inaugural NMPI cohort, representing substantial combined assets. InTouch Credit Union ($818M in assets, 71.5K members), Lake Trust Credit Union ($2.8B, 179.5K members), Elements Financial ($2.5B, 99K members), ORNL Federal Credit Union ($4.7B, 226K members), and Altra Federal Credit Union ($3.05B, 158.3K members). These five institutions collectively manage over $13.8 billion in assets and serve 734,000+ members (confirmed, third-party via Morningstar/AccessWire).
Additional go-to-market signals include membership in the ABA (American Bankers Association) Partner Network, which provides access to its bank member directory. The company also partnered with the Global Anti-Scam Alliance (GASA), with CEO Roy Zur serving on its advisory board since January 2026.
Charm presented at FinovateFall 2025 in September 2025, its first major industry demo. The company also announced a partnership with Give an Hour, a mental health nonprofit, to address the psychological impact of fraud on victims, a unique positioning angle that reinforces Charm’s “human layer” narrative.
Revenue figures are not publicly disclosed. Given the company’s March 2025 launch, seed-stage funding, and small team size, revenue is likely well under $5M ARR, consistent with Innovation Sandbox eligibility requirements.
Team and Credibility
Roy Zur, Co-Founder and CEO. Third-time founder with two prior exits. Founded Cybint, a cybersecurity education company that became ThriveDX, then served as CEO of ThriveDX Enterprise. Also served as Managing Director of LUCY Security and Kontra Application Security Training (acquired by SecurityCompass). Spent 10+ years as a Military Intelligence Officer (Major) in Israel’s Unit 8200. Certified attorney, Wharton Advanced Finance Program alumni. Named to Globes 40 Under 40. Currently sits on the Forbes Business Council and the GASA Advisory Board. His prior companies were in cybersecurity education and training rather than fraud prevention, so Charm represents a pivot into a new domain, though his intelligence background maps to scam detection.
Avichai Ben, Co-Founder and CTO. Led Data Science teams at Transmit Security (2021-2024), where he built AI-driven fraud detection for global banks. Previously spent nearly 3 years at Microsoft as a Data Applied Scientist on Azure Security Center and Adallom (Microsoft’s acquired CASB). Started career as an Algorithm Developer at Mobileye. Holds a Master’s in Computer Science from Tel Aviv University and Bachelor’s from Hebrew University. His direct experience building production fraud detection ML systems at Transmit Security provides strong technical credibility for the CTO role.
Yonatan Krieger, Head of Engineering. Joined June 2025. Previously Senior Director of Engineering at Palo Alto Networks (2022-2025), leading two development groups of 40+ engineers. Before that, served as VP R&D at Cider Security (acquired by Palo Alto Networks). His experience scaling engineering teams at a major cybersecurity vendor and surviving an acquisition adds operational credibility.
The broader team includes hires from Transmit Security, Cognyte (intelligence analytics), and Israeli intelligence units, including Unit 9900. The technical team is heavily concentrated in Israel (7 of ~10 employees), with the CEO based in New York for market-facing activities. Both co-founders joined Team8 as Entrepreneurs in Residence before founding Charm, indicating the company was purpose-built within Team8’s venture creation model.
Trust Readiness
The company website references SOC 2 compliance and ISO certifications (confirmed, company claim from website). Given the company’s age (launched March 2025), these certifications may still be in process rather than fully completed. Financial institution buyers typically require SOC 2 Type II at minimum, which takes 6-12 months to complete. The Team8 venture creation infrastructure likely accelerates compliance readiness, as Team8 has built multiple financial services and cybersecurity companies.
No public references to penetration testing reports, bug bounty programs, or supply chain security certifications (SLSA, SBOM) were found. Not publicly disclosed.
RSAC Judging Criteria
RSAC does not publish an official judging rubric. The five criteria below are extrapolated from press descriptions of what judges evaluate: the problem a company addresses, the originality of its technology, its go-to-market strategy and team, market validation, and product demonstration.
| Criterion | Score (1-5) | Assessment |
|---|---|---|
| Problem/Market | 4 | The shift from transaction fraud to human-targeted social engineering is well-documented ($1T+ losses per GASA). Regulatory tailwinds in UK and EU create buyer urgency. But the specific “scam prevention” sub-segment is still being defined as distinct from fraud detection. |
| IP Originality | 3 | The HVE (Human Vulnerabilities and Exploits) model and HoneyBot intelligence network are distinctive concepts. The psychological vulnerability modeling differs from traditional fraud analytics. However, IP durability against well-funded Doppel ($124M raised) or incumbents adding similar features remains uncertain. |
| GTM/Team | 4 | Roy Zur is a proven serial founder with exits. Angel investors (Wiz founders, Talon founder) signal strong ecosystem endorsement. The Curql credit union channel provides a clear beachhead. Team is small (~10-15 people) and only 12 months past stealth exit. |
| Validation/Revenue | 3 | Five named credit unions in the NMPI program represent real institutional adoption ($13.8B combined assets). ABA Partner Network membership signals industry engagement. Revenue terms and depth of deployment are unknown. |
| Product/Demo | 3 | Product launched March 2025, demoed at FinovateFall September 2025. Three specialized AI agents (Investigation, Frontline, Intelligence) are described. Demo readiness is confirmed, but independent product testing is not available. |
Overall RSAC Fit: 17/25. Charm Security targets an urgent problem with a differentiated “human layer” approach. The Curql credit union channel provides a strong beachhead. The main risks are a substantial funding gap relative to Doppel and limited public validation of the platform’s effectiveness.
Startup Readiness Assessment
This eight-dimension assessment appears in the comparison matrix on the main page. It evaluates broader startup readiness using dimensions from the security product analysis framework. Five dimensions overlap with the RSAC criteria above. Three are added: funding efficiency, category clarity, and incumbent defensibility.
| Dimension | Score (1-5) | Assessment |
|---|---|---|
| Problem Clarity | 4 | APP scam losses quantified at $1T+ globally. UK reimbursement mandates create regulatory urgency. The problem is well-documented, but Charm’s specific framing as “human layer” security requires buyer education to distinguish from existing fraud detection. |
| Capability Depth | 3 | Three AI agents (Investigation, Frontline, Intelligence) and the HVE model are described conceptually. The HoneyBot intelligence network is distinctive. No independent testing or technical documentation validates the claims. |
| Market Timing | 4 | AI-powered scams are accelerating and regulatory pressure (UK APP reimbursement, EU framework) creates urgency. The specific “scam prevention” budget category is still emerging in financial institutions. |
| Team Credibility | 4 | Roy Zur is a serial founder with two prior exits. CTO Avichai Ben has production fraud detection ML experience from Transmit Security. Team8 venture creation model provides structured support. Angel investors include the Wiz CEO and Talon co-founder. |
| GTM Proof | 3 | Five named credit unions through the Curql NMPI program. ABA Partner Network membership. FinovateFall demo. No revenue disclosed, credit unions are price-sensitive, and no large bank customers are named. |
| Funding Efficiency | 3 | $8M seed for approximately 10-15 employees. Team8 venture creation provides infrastructure, but $8M is thin against Doppel’s $124M war chest. |
| Category Clarity | 2 | ”Scam prevention” sits between fraud detection and social engineering defense. Buyers may not see it as a distinct budget line. Charm positions as complementary to existing fraud stacks, which reduces friction but limits perceived standalone value. |
| Incumbent Defensibility | 2 | Feedzai, BioCatch, and NICE Actimize serve the same financial institution buyers and could add real-time intervention capabilities. Doppel expanding from external social engineering defense into financial services is a direct threat. |
Overall: 25/40.
Key Risks
Funding gap relative to direct competitors. Doppel has raised $124M at a $600M+ valuation and serves dozens of Fortune 500 companies. Charm has $8M in seed funding and approximately 10 employees. If Doppel expands from external social engineering defense into real-time customer intervention for financial services, Charm could face a heavily capitalized competitor on its home turf. Charm will likely need to raise a Series A quickly to keep pace.
Narrow initial market focus. The credit union beachhead through Curql is smart for early traction, but credit unions are price-sensitive and relatively small institutions. Scaling from credit unions to large banks requires a different sales motion, longer cycles, and deeper compliance infrastructure. The ABA Partner Network membership suggests intent to expand, but no large bank customers have been disclosed.
Incumbent absorption risk. Established fraud platforms like Feedzai, BioCatch, and NICE Actimize serve the same financial institution buyers. These vendors could add real-time psychological intervention capabilities as a feature rather than a standalone product. Charm’s positioning as complementary (e.g., integrating with BioCatch signals) mitigates displacement risk but increases the chance of being perceived as a feature rather than a platform. The company must demonstrate standalone value to justify a separate procurement decision.
Sources
Company Sources
- Charm Security website
- PR Newswire launch announcement (March 2025)
- Team8 investment thesis
- FinovateFall 2025 demo
- Curql NMPI launch (March 2026)
- Give an Hour partnership (September 2025)
- ABA Partner Network listing
Third-Party Coverage
- SecurityWeek funding coverage
- SiliconANGLE funding coverage
- Calcalist (Ctech) funding coverage
- CybersecurityIntelligence company profile
- Finopotamus FinovateFall coverage
- RSAC Innovation Sandbox finalist announcement
- Morningstar/AccessWire NMPI coverage
- Doppel Series C (competitor context)