vExpertAI

AI-Speed Defence
for AI-Speed Threats

Autonomous SOC & NOC — Custom AI, On-Premise, Fully Compliant

€1.5M
Seed Round
€6M
Pre-Money Val.
20%
Equity Offered

Ed Dulharu — CTO & Founder
Munich, Germany  |  ed@vexpertai.com

The Problem

Human-speed operations cannot defend
against AI-speed threats

Two crises converging — one kills uptime, one kills security

NOC Crisis

  • 70% of alerts are false positives — engineers spend entire shifts triaging noise
  • Real network faults slip through undetected, causing SLA breaches costing €100K+ per incident
  • NOC talent is impossible to hire or retain; the EU faces a 500,000+ cybersecurity skills gap
  • Legacy monitoring tools generate more noise, not less signal
🛡

AI-Generated Attacks

  • AI crafts adaptive exploits in seconds, outpacing any human analyst
  • Automated reconnaissance operates at machine speed across OT/IT convergence points
  • 2026 marks the first large-scale deployment of AI-generated attacks on critical infrastructure
  • Legacy SIEM tools were not built for AI-adversary behaviour patterns
You cannot defend against AI-speed attacks with human-speed operations.
The Solution

6 custom-built AI agents — fine-tuned on
proprietary NOC/SOC data

Not a cloud API. Not a wrapper. A purpose-built, on-premise AI defence platform.

1

Triage Agent

Classifies every alert via 4-track ML engine. Eliminates noise before it reaches humans. Sub-30 second detection.

2

Investigation Agent

Evidence-grounded root cause analysis. Pulls real data from SIEM, EDR, and network flows. Every verdict requires citations.

3

Security Agent

Detects AI-generated threats via behavioural ML, byte-level malware analysis, semantic phishing detection, and TLS fingerprinting.

4

Hunt Agent

Proactive threat hunting across the network graph. Connects dots across hosts, users, and time that no individual alert reveals.

5

Remediation Agent

Executes containment with human approval gate and pre-registered rollback. Every action is reversible. Nothing touches production unvalidated.

On-premise · No data leaves the network · Digital twin validates every action before production
Core Differentiator — Security & Compliance

The only AI SOC/NOC platform architected for
EU AI Act, DORA & NIS2 compliance

On-premise deployment is not a feature — it is the compliance architecture.

EU AI Act
DORA
NIS2
GDPR & Data Sovereignty
🔒

Custom AI Runs Locally — Your Data Never Leaves Your Network

All model weights, training data, and inference run on customer infrastructure. No third-party AI provider dependency. No cloud vendor lock-in. No cross-border data transfer. This is the only architecture that simultaneously satisfies DORA, NIS2, EU AI Act, and GDPR requirements.

EU AI Act

  • Classified as high-risk AI under Annex III — fully meets Article 9 (risk management), Article 13 (transparency), and Article 15 (robustness & cybersecurity)
  • All model weights and training data on customer infrastructure — no third-party AI provider dependency
  • Full audit trail and human oversight gate on every automated action

DORA

  • Mandates ICT risk management, incident reporting within 24 hours, and third-party ICT provider oversight
  • On-premise deployment eliminates third-party cloud AI risk — the single largest DORA compliance gap for cloud-based AI tools
  • Automated incident detection and structured reporting built into the platform workflow

NIS2 Directive

  • Covers 18 critical sectors including energy, telecoms, finance, and health — all primary vExpertAI target verticals
  • Requires proactive risk management, 24-hour breach notification, and supply chain security
  • On-premise model means zero sensitive operational data leaves the regulated perimeter

GDPR & Data Sovereignty

  • All operational data — network logs, threat intelligence, incident records — processed and stored on customer hardware
  • No data residency risk, no cross-border data transfer, no cloud vendor lock-in
  • Purpose-built for European critical infrastructure operators who cannot accept cloud-based AI
Cloud-based AI tools create compliance gaps. vExpertAI closes them.
Defensibility

Five compounding moats — not just a product,
a defensible platform

Each layer compounds the next; no competitor can replicate the full stack

🧠 Domain-Specific Fine-Tuned Models

Not a GPT wrapper. Six specialist models fine-tuned on proprietary NOC/SOC operational data — each optimised for its specific role. Model weights are vExpertAI IP. No generic model achieves this precision.

📚 Proprietary Training Dataset

Domain expertise accumulated over 20+ years at AT&T, Infosys, and Kyndryl — encoded into proprietary fine-tuning datasets no competitor can replicate. 100K+ training entries per domain model.

🏠 On-Premise Deployment Architecture

Zero data leaves the customer network. This is the only reason telcos, energy utilities, and financial institutions will trust an AI system with live critical infrastructure — and it is a structural barrier to cloud-native competitors.

🧮 Digital Twin Pre-Validation

Every remediation action is tested against a Containerlab replica of the live network before touching production. No hallucinated configurations on live networks. Ever.

Why Now

Four forces converging — the window to build a
defensible domain model is 18 months

Miss this window and hyperscalers own the category

AI Attacks Are Here Now

2026 marks the first large-scale deployment of AI-generated cyberattacks against critical infrastructure. Human-speed SOC is already insufficient. Every day without AI defence is measurable risk.

📜

EU Regulatory Deadlines Are Forcing Action

DORA became fully applicable in January 2025. NIS2 enforcement is active across 18 sectors. The EU AI Act high-risk provisions apply now. Regulated entities must act — and cloud AI tools cannot meet these requirements.

Hyperscalers Are Moving In

AWS, Microsoft, and Google all have network management and security AI products in active development. The window to build a defensible, domain-specific model closes in 18 months. First-mover with proprietary data wins.

👥

The Talent Crisis Makes Automation Mandatory

The EU faces a 500,000+ cybersecurity professional shortage. Telecom operators cannot hire NOC engineers fast enough. Automation is not a nice-to-have — it is an operational necessity, right now.

Regulatory pressure + AI threat escalation + talent shortage = mandatory adoption cycle already in motion.
Market Opportunity

A €12B addressable market growing at 22% CAGR —
and EU regulation is the accelerant

€40B+
Total Network Operations &
Cybersecurity Market
€12B
NOC/SOC Automation
Addressable Market
€120M
Our 1% Target
= €120M ARR

Growth Drivers

  • Every telco, MSP, and critical infrastructure operator in Europe faces identical NOC staffing crisis
  • DORA, NIS2, and EU AI Act create mandatory upgrade cycles across 18 regulated sectors
  • AI-generated attacks forcing all operators to upgrade SOC capabilities — now, not in 2027
  • Energy grid operators face the same operational challenge — adjacent market already in active discussion
  • Europe AI in cybersecurity market: €9.89B in 2025, growing at 21% CAGR through 2030
  • On-premise AI security is the fastest-growing sub-segment driven by data sovereignty requirements
Traction

Pre-revenue — but validated demand from
regulated-sector enterprises

Every prospect is in a DORA/NIS2-regulated vertical — compliance urgency is the opening

Organisation Sector Stage Est. Value Notes
European Defence & Aerospace Group Defence Engagement in Progress €150K AI Champions training — 192-hour curriculum submitted
Luxembourg Energy Grid Operator Energy / NIS2 Warm Intro TBD Met at STARTUPLAND Köln — follow-up in progress
French IT Consultancy Multinational Telecoms / NIS2 Meeting Confirmed €80–120K AI upskilling program — Paris meeting April
UK IT Infrastructure Consultancy IT Services Early Conversation TBD IT infrastructure consultancy — early stage
Global Energy Technology Group Energy / DORA Inbound Interest TBD Network & cloud ops — senior technical contact engaged
All five prospects operate in NIS2 or DORA-regulated environments — compliance urgency is the primary sales driver.
Business Model

Four revenue streams — platform SaaS anchors
recurring revenue, services accelerate deployment

Target: €600K ARR end-2026 → €3M ARR end-2027 → €12M ARR end-2028

Platform SaaS

€80–150K / yr

Annual platform license per MSP or mid-market operator. Recurring, high-margin. On-premise deployment means no cloud infrastructure cost for vExpertAI.

Enterprise Telco License

€300–600K / yr

Multi-year contracts with Tier-1 telcos and critical infrastructure operators. Per-network deployment. DORA/NIS2 compliance requirement drives multi-year commitment.

Professional Services

€50–150K

Deployment, integration, custom model fine-tuning, and compliance documentation. One-time per customer. Accelerates time-to-compliance for regulated clients.

Model Licensing

€100–300K / yr

License vExpertAI NET domain models to system integrators and security vendors who need on-premise AI inference without building from scratch.

Target: €600K ARR end-2026 → €3M ARR end-2027 → €12M ARR end-2028 → Series A ready Q1 2027
Team

The founder built the infrastructure
he is now automating

Hiring with this round to execute go-to-market and accelerate model development

Ed Dulharu

CTO & Founder, vExpertAI GmbH · Munich, Germany

20+ years network & security architecture at AT&T, Infosys, Kyndryl  |  MSc IT Security, Military Technical Academy Bucharest  |  Lecturer in AI for Networks, Politehnica Bucharest  |  Builds and fine-tunes reasoning models and AI agents from first principles on proprietary NOC/SOC data

20+
Years in Network
Infrastructure
MSc
IT Security
Graduate Degree
6
Proprietary AI
Agents Built
100K+
Training Entries
Per Domain Model

Hiring Plan — Seed Round Team (7.5 FTE)

Role FTE Focus Area
Founder / CTO 1.0 Product, AI architecture, enterprise sales leadership
Business Development / Sales 2.0 Telco, MSP, energy sector — DORA/NIS2 pipeline
Data Scientists 1.5 Model fine-tuning, domain dataset expansion
AI Research Interns 1.5 vExpertAI NET model development, benchmarking
Legal Compliance & IP 0.5 EU AI Act conformity assessment, DORA/NIS2 documentation, IP protection
Marketing & Social 0.5 Thought leadership, conference presence, pipeline support
Penetration Tester Pro 0.5 Red team validation, customer proof-of-value testing
The Ask

€1.5M seed round to close first enterprise contracts
and reach Series A milestone

€1.5M
Raise (Seed Round)
€6M
Pre-Money Valuation
20%
Equity Offered

Use of Funds

👥 Team (salaries & contracts) €720K
💻 On-Premise GPU Infrastructure €200K
🎓 Marketing, Events & Travel €120K
🛡 Pen Testing & Security Validation €80K
⚖ Legal & Compliance €80K
💰 Buffer / Contingency €300K
Total €1,500,000

This round funds the team and infrastructure to close the pipeline already in conversation.

The only AI SOC/NOC platform that is custom-built,
on-premise, and EU-compliant by architecture

🧠

Custom AI, Not a Wrapper

Six specialist models fine-tuned on 20+ years of proprietary NOC/SOC data. No generic LLM achieves this precision. The model weights are vExpertAI IP.

🔒

On-Premise by Design

Zero data leaves the customer network. This is not a feature — it is the architecture that makes vExpertAI the only viable AI security platform for DORA, NIS2, and EU AI Act regulated entities.

The Right Team at the Right Time

The founder built the infrastructure he is now automating. The regulatory window is open. The pipeline is real. The market is mandatory.

Ed Dulharu — CTO & Founder

ed@vexpertai.com  ·  Munich, Germany  ·  vexpertai.com

AI-Speed Defence for AI-Speed Threats — Built in Europe, Compliant by Design.