💰 Security, Funded #136 - The AI Governance & Trust Puzzle

Insights for the week of March 18, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Prowler and Subsalt.

Hey there,

Happy Monday, and I hope you had a great weekend! In this issue, we’ve got:

  • 🔐 Trust but Verif(AI)

  • 🧑‍⚖️ AI Governance’s Home

  • 🎲 Stochastic vs. deterministic

Onward to this week's issue.

Submit a deal here: [email protected]


Transform Your AWS Security Landscape with Prowler SaaS

Unlock unparalleled visibility and control over your AWS security posture with Prowler SaaS. Our platform goes beyond traditional security measures to provide:

  • In-depth Analysis: Dive deep into your AWS environment to uncover and prioritize vulnerabilities with precision.

  • Actionable Intelligence: Equip your team with the insights needed to fortify your cloud infrastructure against the latest threats.

  • Effortless Compliance: Navigate the complexities of compliance with our automated tools, ensuring your AWS resources meet industry standards.

Join the ranks of organizations that trust Prowler for comprehensive cloud security. Experience the difference with a free trial and take the first step towards a more secure and resilient AWS environment.

😎 Vibe Check

Where should AI Governance, Security, and Safety sit in a company?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Which areas of security stand to lose the most from using AI?
🟨⬜️⬜️⬜️⬜️⬜️ 🏛️ Governance (6)
🟨🟨⬜️⬜️⬜️⬜️ 3️⃣ Third-Party Risk Management (8)
🟩🟩🟩🟩🟩🟩 👩🏽‍💻 Code Reviews (21)
🟨🟨🟨⬜️⬜️⬜️ 😤 None, AI takes everything up and to the right (10)
⬜️⬜️⬜️⬜️⬜️⬜️ 🔮 Other (leave a comment) (0)
45 Votes

The results from last week’s vibe check were interesting to me. At first, I didn’t expect people to pick code reviews as the area to lose the most from using AI, but the more I thought about it, as more votes came in, the more it made sense.

While code is just text, and while AI models are really good at working with text, there is nuance here because the models we see out in the world today are not deterministic ⚖️ , meaning they are not always predictable and consistent with their responses. Instead, they are stochastic 🎲 models that try to infer answers and context, which may not be ideal for code reviews. Humans can be deterministic and bring in their learned experiences, skills, and questions that current AI models have not yet fully captured. Of course, we could all be totally wrong on the weighting here with another model update ¯\_(ツ)_/¯

My favorite comment of the week:

“Trusting hallucinatory text predictors to find vulnerabilities in software strikes me as a great way to miss vulnerabilities in software”

💰 Market Summary

  • 8 companies raised $127.1M across 6 unique product categories in 1 country

  • 4 companies were acquired or had a merger event across 4 unique product categories

  • 100% of funding went to product-based cybersecurity businesses

  • No notable public cyber companies had an earnings call

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

We finally made it through the first 12 weeks of the new year! After this issue, you’ll start to see the week roll forward one at a time (i.e., Week 2 - Week 13, Week 3 - Week 14, etc.).

Funding in week 12 of 2024 was ~42% higher than this same time last year, even with fewer transactions. Zooming back out for the first 12 weeks of the year, the funding total is just shy of $2.8B, which is on par with the first 12 weeks of 2023.

M&A activity for the first 12 weeks of 2024 was almost exactly the same as that of the first 12 weeks of 2023, with 55 transactions in 2024 and 57 in 2023. While the numbers are effectively the same, 2024 has been a breakout year for high-profile M&A activity, specifically in the AppSec and Data Security spaces. M&As have taken less time to happen from company inception to acquisitions in recent years, and I attribute some of this to the down-bad state that the cyber world (and the rest of tech) was in from 2022 up to present date.

🤙 Earnings Reports

Notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies. This section is Powered by Quartr.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

Earnings reports this week: No notable earnings calls.


Defend Against Insider Threats

Cut Down Insider Threat Costs with Anonymization

With insider threats on the rise, costing firms $15M each year, it's time for a strategic shift. Subsalt introduces robust anonymization techniques, marrying privacy with practicality. Embrace synthetic data for a secure, efficient future.

Transform Your Data Security - Learn About Subsalt Now!

🧩 Funding By Product Category

  • $67.0M for Data Access Governance across 2 deals

  • $21.0M for Cyber Risk Management across 1 deal

  • $20.0M for Firmware Security across 1 deal

  • $11.5M for Application Security Posture Management (ASPM) across 1 deal

  • $6.0M for Security Analytics across 2 deals

  • $1.6M for Cloud Native Application Protection Platform (CNAPP) across 1 deal

🏢 Funding By Company

🌎 Funding By Country

I always lol when there is only 1 country in this chart

  • $127.1M for the United States across 8 deals

🤝 Mergers & Acquisitions

  • Intrinsic ID, a United States-based chip and device firmware security platform for IoT devices, was acquired by Synopsys for an undisclosed amount. (more)

  • Oxeye Security, an Israel-based application security scanning and testing platform, was acquired by GitLab for an undisclosed amount. (more)

  • Resmo, a United States-based IT asset management (ITAM) platform, was acquired by JumpCloud for an undisclosed amount. (more)

  • Secure Lake, a United States-based professional services firm focused on IT and security consulting, was acquired by ByteBridge for an undisclosed amount. (more)

📚 Great Reads

  • OpenAI’s chatbot store is filling up with spam - TechCrunch found that the GPT Store, OpenAI’s official marketplace for GPTs, is flooded with bizarre, potentially copyright-infringing GPTs that imply a light touch where it concerns OpenAI’s moderation efforts.

  • What Motivates People to Trust 'AI' Systems? - This study analyzes the motivations behind people's trust in AI systems. It identifies four main rationales for trust: human favoritism, Black box, OPSEC, and 'Wicked world, tame computers,' or a belief in AI's ability to navigate complex issues better than humans.

  • CISO Networks Decoded: What Works, What Doesn't - This post examines the dynamics of CISO networks and what separates effective networks from ineffective ones. It emphasizes the importance of building networks that leverage network effects, foster community engagement, and facilitate meaningful connections among cybersecurity leaders.

*A message from our sponsor.

🧪 Labs

The only ones left are IBM Wind 🌬️ and Oracle Heart ❤️ , and then by your powers combined, you can summon Captain Planet!

How was this week's newsletter?

Login or Subscribe to participate in polls.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. Our goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.

  • Sometimes, the details about deals, like who's in, how much they're giving, or the deal stage, might get updated after we first publish the issue.

  • If you spot any errors, let us know, and we’ll fix them.

Join the conversation

or to participate.