Pistachio, a cybersecurity startup based in Norway, just secured $7 million in Series A funding, bringing its total to $10.5 million. What’s interesting here isn’t just the funding—it’s how they’re applying AI to human vulnerability, still one of the biggest gaps in enterprise security.

Founded in 2019, Pistachio has built an automated security training platform that doesn’t rely on traditional classroom-style awareness modules. Instead, it runs in the background, simulates real-world threats, and tailors each session based on how users actually behave. Think phishing simulations, social engineering tests, and threat response drills—delivered through email, Microsoft Teams, or Slack.

The platform tracks user behavior and learning patterns in real time, allowing it to adapt training automatically. For busy security teams managing user risk at scale, that means less overhead and more targeted results.

Right now, over 600 companies across 16 countries are using Pistachio, and the platform is already running more than two million simulations per year.

The new funding round, led by Walter Ventures with backing from Angel Invest, Idékapital, J12 Ventures, and MP Pensjon, will help Pistachio expand further into Europe and North America. The company also plans to open a new office in Valencia this month.

CEO Joe Jones was clear about what’s driving urgency: AI is lowering the barrier for launching social engineering attacks, making it easier and cheaper for threat actors to exploit the human layer. And if training doesn’t keep up, that vulnerability grows.

For teams trying to keep users alert and responsive to dynamic threats without overwhelming them, this kind of behavioral, AI-powered training could be a meaningful evolution—not just a security checkbox.