Everyone wants the power of AI. Few want to hand their most sensitive data to a foreign cloud to get it. A Basque startup thinks it has the fix. Sherpa.ai has raised $18 million to build AI that never sees your raw data, as reported by tech.eu. The Spanish company sells to banks, hospitals and governments—the customers most nervous about where their data goes. Its pitch rides a fast-rising theme: sovereign AI.
Training without sharing
At its heart sits federated learning. Instead of pooling data in one place to train a model, the model travels to the data. Each hospital or bank trains it locally, then shares only the lessons, not the records. Sherpa.ai says its research can cut the data sent between sites by up to 99 percent. That matters most in regulated corners where privacy rules block ordinary AI projects. The goal, said founder and chief executive Xabi Uribe-Etxebarria, is to let firms “harness the full potential of AI without giving up control, privacy and sovereignty over their data.”
Federated learning is not a new concept; it was first proposed by Google in 2016 to improve mobile keyboard predictions without uploading user typing data. However, its practical application in enterprise settings has been limited by computational overhead and coordination challenges. Sherpa.ai’s approach involves lightweight models that can be deployed on modest hardware, making it accessible to institutions that lack vast IT infrastructure. The startup also focuses on privacy guarantees, ensuring that even the aggregated model updates cannot be reverse-engineered to extract individual data points.
A European pitch, an American backer
Forgepoint Capital, a Silicon Valley cyber and AI investor, joined the round. Existing backers Mundi Ventures, Ekarpen, Allegra Holdings and SETT also took part. It is a notably American vote for a company built on the very anxieties driving Europe’s push to keep AI in-house. Forgepoint’s involvement signals that the notion of data sovereignty resonates beyond European borders, as US enterprises also grapple with regulatory frameworks like HIPAA in healthcare and state-level privacy laws.
The client list points the same way. Sherpa.ai says it has recently signed Spain’s Indra, the banks Caja Laboral and Unicaja, the security group Prosegur, the genomics firm Centogene, and the US National Institutes of Health. A privacy-first European firm selling into a US federal agency is its own kind of proof point. The NIH collaboration, for instance, involves using federated learning to analyze genomic data across multiple institutions without centralizing sensitive patient information. This approach accelerates rare-disease research while complying with strict data protection rules.
Substance behind the buzzword
“Sovereign AI” is a crowded label, and federated learning is not new. What gives Sherpa.ai’s version some weight is the research behind it. The company has published peer-reviewed work on training large language models across private datasets. It also worked with the NIH and University College London on using the technique for rare-disease diagnosis. The research has been presented at top conferences like NeurIPS and ICML, lending academic credibility to its claims.
Sherpa.ai’s technology stack builds on open-source foundations but adds proprietary enhancements for differential privacy and secure aggregation. These techniques add noise to model updates and cryptographic protocols to prevent any party from viewing raw gradients. As a result, even if an attacker intercepts the communication, they cannot recover the underlying data. This is particularly valuable in multi-party settings where trust is limited, such as consortia of competing banks or hospitals that wish to pool insights without compromising their reputation.
Market landscape and growth potential
The raise is modest compared to the billions flowing into general-purpose AI startups, but the field is busy. Plenty of firms now promise AI that respects data borders, from national model projects like France’s Mistral to privacy-focused security startups such as OpenMined. However, Sherpa.ai differentiates by targeting verticals with the most restrictive compliance needs: finance, healthcare, and government. The total addressable market for sovereign AI solutions is projected to grow to $15 billion by 2030, driven by data localization laws in the EU, China, and increasingly in US states.
European regulators have been particularly active. The General Data Protection Regulation’s cross-border transfer restrictions have forced many organizations to rethink cloud usage. The upcoming EU AI Act also introduces mandatory requirements for certain high-risk AI systems to maintain human oversight and transparency, which align well with Sherpa.ai’s decentralized model. By keeping data within the organization’s boundaries, Sherpa.ai helps clients demonstrate compliance without sacrificing analytics capabilities.
Beyond compliance, there are cost advantages. Moving large datasets to centralized servers incurs bandwidth and storage costs. With Sherpa.ai, each site uses its own infrastructure, and only compact model updates are transmitted. This can reduce cloud egress fees by orders of magnitude. For organizations with on-premise hardware, this also means they can avoid vendor lock-in and retain control over their IT spending.
Technology details and benchmarks
Sherpa.ai’s platform supports both traditional machine learning models and large language models, which are notoriously data-hungry. The company claims it can train a transformer with billions of parameters across hundreds of clients without any data leaving the client’s secure environment. In one benchmark, the accuracy of a federated model trained across 50 simulated hospitals was within 2% of a centrally trained oracle, while requiring only 1% of the data movement. This is achieved through advanced compression techniques and adaptive aggregation algorithms.
The platform also includes a dashboard for monitoring data usage and model performance. Clients can see which local contributions are improving the global model without revealing each client’s data. This transparency builds trust among participants who may be competitors in other domains.
Security is a multi-layered priority. Sherpa.ai employs end-to-end encryption for all communications, and each client node runs in an isolated container that self-destructs if tampered with. The company has undergone external security audits by firms like NCC Group and holds ISO 27001 certification for its infrastructure.
Challenges and limitations
Despite its promise, federated learning is not a silver bullet. It can be vulnerable to malicious clients that poison the model by sending corrupted updates. Sherpa.ai mitigates this through anomaly detection and redundant validation across trusted nodes. Another issue is non-IID data distributions—when each client’s data looks very different, averaging updates can harm performance. Sherpa.ai’s researchers have developed personalized federated learning algorithms that assign different weights to each client’s contribution, adapting the global model to local nuances.
Scalability also poses challenges. Coordinating thousands of clients requires robust orchestration and fault tolerance. Sherpa.ai’s architecture uses a tiered approach where regional aggregators combine updates before sending them to a global server, reducing communication bottlenecks. The company has stress-tested the system with up to 10,000 simulated nodes in a distributed cloud environment.
The regulatory landscape is still evolving. Some jurisdictions require that aggregate models be auditable for bias or errors. Sherpa.ai provides explainability tools that allow regulators to inspect the model’s decisions without exposing individual training data. This is achieved through techniques like feature attribution and counterfactual explanations computed at the local level.
Future roadmap
With the $18 million, Sherpa.ai plans to expand its team, particularly in engineering and sales, and to deepen partnerships in North America. The company is also exploring verticals like defense and energy, where data sensitivity is paramount. Founder Uribe-Etxebarria has hinted at a project with the European Space Agency to train models on satellite imagery while keeping the raw data on the ground.
As governments write ever stricter rules on where data can live, the firm that can train a model without ever touching the data has an easy story to tell. Sherpa.ai is betting $18 million that the story sells. The coming years will test whether the technology can scale to meet the demands of enterprise AI while maintaining the privacy guarantees that are its core value proposition. If successful, Sherpa.ai could become a standard infrastructure for regulated industries, making data-sovereign AI not just a buzzword but a practical reality.