- Return on Security
- Posts
- 💰 Security, Funded #202 - The Calm Between Storms
💰 Security, Funded #202 - The Calm Between Storms
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of July 7, 2025.

Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Intruder, Nudge Security, and 1Password.
Hey there,
Hope you had a great weekend!
I’ll keep it short and sweet today. It’s almost summer time here in the UK, and I’m looking forward to some upcoming work and vacation travel.
Also, looking forward to seeing everyone in a few weeks at Hacker Summer Camp!

PARTNER
Doomscrolling To Catch Vulns? There’s A Better Way
Zach, CTO at Yembo, used to catch vulns while scrolling on X between meetings – and hoping he didn’t miss the big one.
Now, he starts his day with cvemon – Intruder’s free vulnerability intelligence platform.
It cuts through the noise and tracks the hype around the latest CVEs so you can see what matters and act quickly when things are getting Log4Shell-loud.
If it’s blowing up, Zach’s already on it.

Table of Contents

😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Which security tradeoff is most underappreciated today? |
Last issue’s vibe check:
Which problem in security will never be “solved”?
🟩🟩🟩🟩🟩🟩 Phishing & social engineering (116)
🟨🟨⬜️⬜️⬜️⬜️ Shadow IT / AI (37)
🟨🟨🟨⬜️⬜️⬜️ Third-party risk (54)
🟨⬜️⬜️⬜️⬜️⬜️ Full log visibility (14)
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (7)
228 Votes
Well, no surprises here. Phishing and social engineering lead the way in the “unsolvable” problem space in the cyber industry. What was interesting to me was that third-party risk outpaced Shadow IT / AI.
Given how so many people across all business units are rushing to do anything they can with AI-enabled software and services, I would have expected this one to be a (distant) second place from phishing.
Some of the top comments from last week’s vibe check:
💬 Phishing - “Since there are no defined boundaries for social interaction, I think its an eternal problem.”
💬 Shadow IT / AI - “Phishing and social engineering can be eliminated with password-less authentication, but getting to that point may never be viable. Shadow IT will never go away because people are opinionated and greedy.”
💬 Other - “All of the above obviously. And don’t forget the new risk of someone phishing your developers’ third-party, shadow IT AI copilot, which you will never get logs from.“

💰 Market Summary
Private Markets
10 companies from 5 countries raised $88.0M across 10 unique product categories
100% of funding went to product-based cybersecurity companies
5 companies were acquired or had a merger event across 5 unique product categories
Public Markets
No public cyber companies had an earnings report.
Public markets down bad (again) after the re-introduction of the on-again, off-again ‘reciprocal’ tariffs (again)

As of market close on July 11, 2025.

📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

A much quieter, but seasonally slow week last week on the funding front.

M&A is still rolling strong, though. This will be a landmark year for M&A in the industry.

PARTNER
How KarmaCheck made SaaS security pay for itself
Within six months, KarmaCheck recouped 150% of its annual investment in Nudge Security by chipping away at runaway SaaS use, along with benefits like:
Gaining full visibility into shadow SaaS and AI use
Completing user access reviews in 1/3 the time
Speeding up security reviews for new SaaS and AI vendors
Ensuring complete offboarding
See why they call Nudge a “Swiss Army Knife of Utility”.

☎️ Earnings Reports
Earnings reports from last week: None
Earning reports to watch this coming week: None

❌ Layoffs
🧩 Funding By Product Category

$50.0M for Data Protection across 1 deal
$15.5M for Managed Detection and Response (MDR) across 1 deal
$6.5M for Security and Compliance Automation across 1 deal
$5.3M for Operational Technology (OT) Security across 1 deal
$5.0M for Data Privacy across 1 deal
$4.9M for Secure File Sharing across 1 deal
$837.7K for Continuous Automated Red Teaming (CART) across 1 deal
$5.0K for Secure Networking across 1 deal
$5.0K for Cloud Security Posture Management (CSPM) across 1 deal
An undisclosed amount for API Security across 1 deal

🏢 Funding By Company
Product Companies:
Virtru, a United States-based encryption and data privacy platform, raised a $50.0M Series D from ICONIQ Capital. (more)
AirMDR, a United States-based managed detection and response (MDR) platform, raised a $15.5M Seed from Race Capital. (more)
Knox, a United States-based security and compliance automation platform helping companies meet U.S. federal security requirements, raised a $6.5M Seed from Felicis. (more)
Pimloc, a United Kingdom-based platform that protects sensitive and personal data in videos, raised a $5.0M Seed from Amadeus Capital Partners and Edge VC. (more)
ShelterZoom, a United States-based secure file storage and sharing platform, raised a $4.9M Venture Round. (more)
DEFENDERBOX, a Germany-based continuous automated read teaming platform, raised a $837.7K Seed from NRW.BANK. (more)
GovernSafe, an Australia-based cloud security posture management platform, raised a $5.0K Grant from Cloudflare Worker's Launchpad. (more)
Quantum Resistant Cryptographic Solutions, a Canada-based quantum-resistant secure networking platform, raised a $5.0K Seed.
Bastazo, a United States-based AI-driven vulnerability prioritization platform for operational technology and critical infrastructure, raised an undisclosed Seed round from Cortado Ventures. (more)
Corsha, a United States-based API security platform focusing on zero-trust machine-to-machine communications, raised an undisclosed Venture Round from Booz Allen Ventures. (more)
Service Companies:
None

🌎 Funding By Country

$82.2M for the United States across 6 deals
$5.0M for the United Kingdom across 1 deal
$837.7K for Germany across 1 deal
$5.0K for Canada across 1 deal
$5.0K for Australia across 1 deal

🤝 Mergers & Acquisitions
Product Companies:
Antarex, a Singapore-based cyber threat intelligence platform, was acquired by LGMS for an undisclosed amount. Antarex has not previously disclosed any funding events. (more)
Axiomatics, a United States-based cloud and network identity and access management platform, was acquired by Leonardo for an undisclosed amount. Axiomatics had previously raised $6.5M in funding. (more)
Sourcepoint, a United States-based consent and preference management platform for website privacy preferences, was acquired by Didomi for an undisclosed amount. Sourcepoint had previously raised $17.0M in funding. (more)
Service Companies:
A-LIGN, a United States-based global cybersecurity and compliance solutions provider, was acquired by Hg for an undisclosed amount. A-LIGN had previously raised in $54.5M in funding. (more)
Abacode, a United States-based managed security services provider focused on governance, risk, and compliance, was acquired by Thrive for an undisclosed amount. Abacode has not previously disclosed any funding events. (more)

📚 Great Reads
How to Hack AI Agents and Applications - Joseph Thacker covers how to get up to speed, attack scenarios, mitigations, and an AI hacking methodology overview.
*[Webinar] Navigating M&A: What every security leader needs to know - Canva’s Kane Narraway and 1Password’s Dave Lewis and Wendy Nather share best practices for navigating M&A based on their collective experience of over 30+ M&As.
DOOM on Google Sheets - The win you needed. This project runs the classic DOOM game inside a Google Sheets document using Google Apps Script and JavaScript.
*A message from our partner

🧪 Labs
Don’t worry, folks, your job is still safe for a bit.
Oh my god, we are all going to die.
— sysadafterdark (@sysadafterdark)
11:43 PM • Jun 11, 2025

Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.

Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.

Reply