- Return on Security
- Posts
- 💰 Security, Funded #194 - Did AI Just Free Willy?
💰 Security, Funded #194 - Did AI Just Free Willy?
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of May 12, 2025.

Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Palo Alto Networks and Intruder.
Hey there,
I hope you had a great weekend.
When the Wiz is away, does Free Willy (Orca) come out to play?
Orca, who has been largely in the shadow of Wiz since about 2021, just made its first acquisition since 2022. Orca raised its last round of funding (publicly) in 2021 at the peak of the ZIRP market with a $1.5 billion valuation. Since that time, however, Orca has been in a heated lawsuit with Wiz (who countersued) since 2023.
Both companies accuse each other of copying patented innovations and confidential information, but only one company “won” the market (for now). While Wiz dominated the entire cloud security market for the past four years, Orca was largely silent in comparison. We saw recently how this story played out at the top with Google’s historic acquisition of Wiz, marking the largest cybersecurity acquisition ever at $32 billion.
But did Wiz’s acquisition, combined with the current wave of innovation in the “AI for Security” space, lift the fog of war from its previous competitors? It would appear that way for Orca. With its latest acquisition (below) focused on AI-driven security workflows, strategic AI Security company acquisitions (like we saw last week with Protect AI) are starting to become the norm.
This is just the start, too. Many other companies are amped up to take on what they see as a new playing field, and AI must be a part of it.

PARTNER
Break Security Silos. Accelerate Cloud Defense.
Unified security from code to cloud to SOC.
Tool sprawl and team silos don’t just slow response—they increase risk. This guide dives into how AI, automation, and unified data bring AppSec, CloudSec, and SecOps together to detect threats faster and act with precision. It’s a smart read for security leaders rethinking their architecture.

Table of Contents

😎 Vibe Check
Make sure to click on the options below to vote, whether you’re a practitioner, founder, or investor!
Which area of security is most overdue for reinvention? |
Last issue’s vibe check:
What’s the biggest lie we tell ourselves in cybersecurity?
🟨🟨🟨🟨🟨⬜️ You can measure everything (33)
🟨🟨🟨🟨⬜️⬜️ Users are the weakest link (30)
🟨🟨🟨🟨⬜️⬜️ Our risk model is accurate (31)
🟩🟩🟩🟩🟩🟩 We’re aligned with the business (35)
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (2)
151 Votes (Newsletter + LinkedIn) ← We’re crushing the numbers, thanks to everyone who voted!
Wow, it turns out we really love to tell ourselves a bunch of lies! I don’t think I’ve had a Vibe Check come in this close before. The strongest comments and most heated exchanges were about risk models and bad metrics. Even when we all agree that certain phrases are problematic, it’s clear people define (and defend) them very differently.
In an industry that has a lot of complex outside forces, everyone is trying to put a frame around what they’re doing and what they believe works in different (sometimes contradictory) ways.
Some of the top comments from last week’s vibe check:
Measure Everything - “Bad metrics are far more dangerous than bad intuition”
Other - “The single biggest lie: We understand attacker economics, and can counter accordingly.”
Accurate Risk Model - “Risk modeling is not completely scientific. Therefore, it cannot be "accurate" because it is art, which can only be beautiful, ugly and/or both; aka misunderstood.”
Other - “Biggest lie we tell ourselves: I get paid enough for the headache 😂”

💰 Market Summary
Private Markets
9 companies from 3 countries raised $66.2M across 9 unique product categories
7 companies were acquired or had a merger event across 5 unique product categories
89%of funding went to product-based cybersecurity companies
Public Markets
2 public cyber companies had an earnings report
Public market moves last week

As of markets close on May 16, 2025.

📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

The sound of silence still rings after a big RSA two weeks ago (though not as big as in 2024). Even without the mega round that 2024 saw, 2025 funding is dead even through this same time last year.

M&A activity continued on a strong clip, this time taking more product cyber companies than normal. The same also holds true for M&As as it does for funding - year-to-date acquisitions are equal to last year.

PARTNER
5 Essential Capabilities of an Effective Attack Surface Management Program
Many companies are transitioning from traditional Vulnerability Management (VM) to Attack Surface Management (ASM) - and it’s easy to see why. Traditional VM starts with what you already know, while ASM is built for the unknown.
Whether you're just getting started with ASM or already have a program in place, this Cheat Sheet outlines 5 actionable steps to help you uncover more gaps, improve coverage, and focus on real risk.

☎️ Earnings Reports
Earnings reports from last week: $CYBR ( ▲ 2.79% ) and $RPD ( ▲ 1.54% )
Macro Context:
US Consumer sentiment worsened in the latest report from the University of Michigan due to concerns about uncertain trade policies.
Moody’s stripped the U.S. of its last triple-A credit rating, citing large fiscal deficits and rising interest costs (markets are going to have a bad time).
CyberArk - $CYBR ( ▲ 2.79% )
CyberArk kicked off 2025 with an OK first quarter, reporting $317.6 million in revenue, up ~4% from last quarter. This success was driven by a sustained demand for Identity Security solutions and expanded net revenue retention (NRR) with existing customers. CyberArk also mentioned that 60% of its new business was coming through channel partnerships.
Strategic initiatives like the integration of Venafi and Zilla Security and the launching of new identity security for AI agents and Non-Human Identities (just like rival SailPoint) also contributed to a strong quarter. CyberArk mentioned that it was confident in the strong numbers it delivered in the face of uncertain macroeconomic conditions but still gave slightly conservative forward-looking guidance.
CyberArk stock dropped about 2% since the earnings call.
Rapid7 - $RPD ( ▲ 1.54% )
Rapid7 had a mixed first quarter, with revenue up 3% to $210 million, but ARR growth slowed to 4% year-over-year, coming in at $837 million. The Detection and Response (D&R) segment was the standout performer, representing over half of the ARR for this quarter.
The mixed results come from operational shifts meeting customer challenges. Behind the scenes, Rapid7 has been focusing on a few operational things, like upgrading customers to its consolidated exposure management platform and improving cost structures with new operations in India.
At the same time, Rapid7 cited a challenging macro environment, particularly in the North American mid-market segment, with increased uncertainty and lengthening sales cycles. Rapid7 also had 15 fewer customers in this earnings call than the previous earnings call and saw less international growth outside of the U.S.
As a result, Rapid7 adjusted its full-year ARR guidance down to a range of $850-$880 million, a growth of 1% to 5% over the previous year. Its stock dropped about 4% since the earnings call.
Earning reports to watch this coming week: $PANW ( ▲ 2.46% )

🧩 Funding By Product Category

$20.0M for Data Protection across 1 deal
$14.5M for AI Governance across 1 deal
$13.0M for Identity Threat Detection and Response (ITDR) across 1 deal
$8.5M for Application Security across 1 deal
$3.6M for Security and Compliance Automation across 1 deal
$3.6M for Cyber Insurance across 1 deal
$2.9M for Digital Forensics and Incident Response (DFIR) across 1 deal
$16.7K for Continuous Threat Exposure Management (CTEM) across 1 deal
An undisclosed amount for Confidential Computing across 1 deal

🏢 Funding By Company
Product Companies:
Theom, a United States-based cloud data protection platform, raised a $20.0M Series A from Wing Venture Capital. (more)
Openlayer, a United States-based AI application testing, governance, and compliance platform, raised a $14.5M Series A from Race Capital. (more)
ClearVector, a United States-based identity threat remediation platform, raised a $13.0M Series A from Scale Venture Partners. (more)
Arcjet, a United States-based runtime application security as code platform, raised a $8.5M Venture Round. (more)
Kovr.ai, a United States-based security and compliance automation platform focused on the US Federal Sector, raised a $3.6M Seed from IronGate Capital Advisors and Xfund. (more)
Cyacomb, a United Kingdom-based digital forensics and incident response platform, raised a $2.9M Venture Round from the Scottish National Investment Bank. (more)
Nothreat, a United Kingdom-based continuous threat exposure management (CTEM) platform, raised $16.7K in Equity Crowdfunding. (more)
Honeypotz, a United States-based confidential computing platform, raised an undisclosed Pre-Seed.
Service Companies:
Spectra, a Bermuda-based cyber risk insurance service for managed services providers (MSPs), raised a $3.6M Seed.

🌎 Funding By Country

$59.6M for the United States across 6 deals
$3.6M for Bermuda across 1 deal
$3.0Mfor the United Kingdom across 2 deals

🤝 Mergers & Acquisitions
Product Companies:
CipherInsights, a United States-based certificate discovery and management platform, was acquired by Keyfactor for an undisclosed amount. CipherInsights has not publicly disclosed any funding events. (more)
InfoSec Global, a Canada-based cryptographic secrets discovery and management platform, was acquired by Keyfactor for an undisclosed amount. InfoSec Global has not publicly disclosed any funding events. (more)
Olfeo, a France-based secure access service edge (SASE) platform, was acquired by Ekinops for an undisclosed amount. Olfeo has raised funding one time but has not publicly disclosed the funding amount. (more)
Opus Security, an Israel-based threat and risk prioritization platform, was acquired by Orca Security for an undisclosed amount. Opus Security had previously raised $10.0M in funding. (more)
Service Companies:
Hornetsecurity, a United States-based managed email security services company, was acquired by Proofpoint for an undisclosed amount. Hornetsecurity has raised funding nine times, but none of the funding amounts were publicly disclosed. (more)
Tunuva Technologies, a United States-based professional services firm focused on cybersecurity for defense and intelligence operations, was acquired by VT Group for an undisclosed amount. Tunuva Technologies has not publicly disclosed any funding events. (more)
XYPRO Technology, a United States-based professional services firm focused on cyber risk assessments and database security, was acquired by Partner One Capital for an undisclosed amount. XYPRO Technology has not publicly disclosed any funding events. (more)

📚 Great Reads
The AI Stack Everyone is Building Without Realizing It - If you're building in security, investing in AI, or just trying to understand where things are heading, this concept might reframe everything.
🏆 How to Win the Cybersecurity Oscar - Cybersecurity startup competitions like RSAC Innovation Sandbox and the Black Hat Startup Spotlight, are more than just exposure, they’re credibility accelerators. Here's a take on how you can win and what judges are looking for.

🧪 Labs


Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.

Reply