💰 Security, Funded #147 - AI Hype or Hope?

Hey there,

I hope you had a great weekend!

Last week’s macroeconomic news was somewhat exciting and confusing (but if you’re familiar with macroeconomics, it’s always confusing). The European Central Bank lowered interest rates for the first time since before COVID, and the US jobs report came in better than expected. The US added more jobs, with higher wage growth, while at the same time, unemployment also rose (remember how I said it was confusing?). This new data has all but squashed expectations of a US Fed rate cut in July. In turn, the public markets freaked out, and there was red across the board.

Remember, when rates and inflation are high, it means putting money to work is more expensive. Sustained high interest rates and inflation can lead investors to deploy capital a bit more slowly. That being said, bets are still being made in certain sectors, like cyber and AI.

Speaking of bets, I’m officially saying that we are in a bubble with AI revolutionizing the Security Operations Center (SOC). 🫧 

We have hit peak hype when companies can emerge from stealth, be valued at $100M+, and have no discernible product from the other AI x SOC players. I do believe there is some genuine innovation in this space, but right now, it’s heavy on ideas and low on evidence.

We need a sea change in how SOCs operate to prevent this bubble from bursting. If you’ve got real examples of how this has changed your security program, please reply; I’d love to hear about them!

Onward to this week's issue.

😎 Vibe Check

Last issue’s vibe check:
Does your cyber budget for the rest of 2024 have a carve-out for securing the use of AI?
🟨🟨🟨🟨🟨⬜️ ✅ Yes (share what you can) (12)
🟩🟩🟩🟩🟩🟩 ❌ No (tell me why not) (14)
26 Votes

Things were pretty evenly split last week on the vibe check, which was a bit of a surprise to me. Most people I have spoken with have stated that their cyber programs prioritize securing the use of AI, but they aren’t adjusting budgets as a result. They apply what they already know and do to AI use cases. I think that makes a lot of sense unless you are building AI into your products or launching an AI service like a chatbot.

Top comments this week:

“AI is within risk appetite, we deal with it as a standard new SaaS provider.”

“The market is hot but also frothy with SaaS companies pretending to be AI companies.”

💰 Market Summary

📸 YoY Snapshot

Cyber funding is back on track this week at a normal clip, just like this time last year. Unlike last year, however, the rolling 12-week average for 2024 as of this week is 21% higher than in 2023.

And another DSPM company got snapped up. The DSPM category might be the fastest growing, raising just over $900 million across 23 companies, and maybe the fastest to be folded in with all the M&A activities.

🤙 Earnings Reports

🧩 Funding By Product Category

• $60.0M for Application Security across 1 deal

• $36.0M for Security Operations across 1 deal

• $35.0M for Threat Intelligence across 1 deal

• $30.0M for Passwordless Authentication across 1 deal

• $14.5M for Cloud Security Posture Management (CSPM) across 1 deal

• $10.0M for Blockchain Security across 1 deal

• $7.4M for Artificial Intelligence (AI) Governance across 2 deals

• $5.0M for Managed Detection and Response (MDR) across 1 deal

• $740.0K for Operational Technology (OT) Security across 2 deals

• An undisclosed amount for Security Awareness across 1 deal

• An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal

• An undisclosed amount for Fraud and Financial Crime Protection across 1 deal

🏢 Funding By Company

• ThreatModeler, a United States-based threat modeling platform, raised a $60.0M Private Equity Round from Invictus Growth Partners. (more)

• Seven AI, a United States-based AI-agent-enabled security operations platform, raised a $36.0M Seed from Greylock. (more)

• SpyCloud, a United States-based cybercrime and threat intelligence platform, raised a $35.0M Venture Round from CIBC Innovation Banking. (more)

• HYPR, a United States-based passwordless authentication company, raised a $30.0M Venture Round from Silver Lake Waterman. (more)

• Stacklet, a United States-based cloud posture and governance platform, raised a $14.5M Series B from SineWave Ventures. (more)

• GoPlus Security, a Singapore-based blockchain security platform, raised a $10.0M Venture Round from Animoca Brands, Fenbushi Capital, HashKey Capital, and various others. (more)

• AirMDR, a United States-based managed detection and response (MDR) platform, raised a $5.0M Venture Round from Foundation Capital. (more)

• Liminal, a United States-based generative AI governance platform, raised a $5.0M Seed from Fin Capital. (more)

• Alinia AI, a Spain-based generative AI governance, safety, and compliance platform, raised a $2.4M Pre-Seed from Speedinvest and Precursor Ventures. (more)

• ioAire, a United States-based operational technology (OT) network management and security platform, raised a $740.0K Seed. (more)

• Almanax, a United States-based cryptocurrency and smart contract auditing and security platform, raised an undisclosed Pre-Seed from Defy.vc. (more)

• Brightside AI, a Switzerland-based personalized security awareness training platform using AI, raised an undisclosed Grant from the Tech4Trust acceleration program. (more)

• Claroty, a United States-based operational technology (OT) security platform, raised an undisclosed Venture Round from Bosch Ventures, Chevron Technology Ventures, Delta-v Capital, and Princeville Capital. (more)

• Quorum Cyber, a United States-based managed security services provider (MSSP), raised an undisclosed Private Equity Round from Charlesbank Capital Partners. (more)

🌎 Funding By Country

• $186.2M for the United States across 11 deals

• $10.0M for Singapore across 1 deal

• $2.4M for Spain across 1 deal

• An undisclosed amount for Switzerland across 1 deal

🤝 Mergers & Acquisitions

• Eureka Security, an Israel-based data security posture management (DSPM) platform, was acquired by Tenable for an undisclosed amount. (more)

• MindPoint Group, a United States-based managed security services provider (MSSP), was acquired by Tyto Athene for an undisclosed amount. (more)

• Staging Labs, a United States-based cryptocurrency and smart contract auditing and security platform, was acquired by Merkle Science for an undisclosed amount. (more)

• Vestige Digital Investigations, a United States-based professional services firm focused on digital forensics and incident response (DFIR), was acquired by ArcherHall for an undisclosed amount. (more)

📚 Great Reads

• A world after Wiz: Emerging opportunities in cloud security - Scale Venture Partners discusses the evolution and future opportunities in cloud security, highlighting the success of companies like Rubrik and Wiz.

• *Debunking the “stupid user” myth - How do employee perceptions of security interventions influence their likelihood to comply, and your security posture? Research conducted in consultation with leading Duke University psychologies explores the connection.

• Getting Started with eBPF for Security - In this video, James Berthoty covers the emerging technology of eBPF (extended Berkeley Packet Filter) and explains its significance in differentiating cloud security vendors.

• AI is making the internet worse - A topic that is near and dear to many hearts on generative AI and the increasingly poor state of content on the Internet. Jack Raines discusses the impact of generative AI, particularly OpenAI's deals with publishers and long-form journalism.

_{*A message from our sponsor}

🧪 Labs

A SANS class? In this economy?!