- Return on Security
- Posts
- 💰 Security, Funded #208 - Summer Siesta Season
💰 Security, Funded #208 - Summer Siesta Season
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of August 18, 2025.
Mike Privette
August 25, 2025 • Reading Time: 10 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Redsift and Nudge Security.
Hey -
Hope you had a great weekend, or a fin de semana as they say in Spain 🇪🇸 , where this week’s opener was written.
Summer is coming to a close around the world in the next few weeks, and you can tell everyone took some time off if you’ve been following along the past few weeks. The industry is experiencing its seasonal slowdown (until after Burning Man at least), but that’s not stopping the cyber industry from making significant moves.
Let’s get this bread jamón, familia. 🐷
PARTNER
AI is supercharging phishing. DMARC is your best defense.
Red Sift
Attackers are using LLMs to cut phishing attack costs by over 95%. DMARC provides the first line of defense against domain spoofing, stopping attackers from sending phishing emails that appear to come from your brand.
When Bitcoin.com deployed Red Sift OnDMARC, the security team blocked malicious spoofing emails within weeks—protecting both users and non-users from targeted phishing attempts.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Which compliance requirement makes the least actual security sense? |
Last issue’s vibe check:
How's your team handling the AI tool explosion?
🟨🟨🟨🟨🟨⬜️ 🚫 Banned until further notice
🟩🟩🟩🟩🟩🟩 📝 Death by approval process
🟨🟨🟨⬜️⬜️⬜️ 🤠 Wild west - anything goes
🟨🟨🟨⬜️⬜️⬜️ 🤖 Let AI review the AI usage
Wow, I’m actually surprised that banning AI outright is 1) still so popular, and 2) even effective in the slightest! This sounds more like a “best effort” control, rather than a hard denial of all AI services.
Considering how many new AI services keep popping up and how all these existing platforms now have AI inside of them in some shape or form, I don’t know how security teams keep up with the approvals or the blocking.
Some of the top comments from last week’s vibe check:
💬 “Now if only we were blocking them during the approval process...”
💰 Market Summary
Private Markets
7 companies from 4 countries raised $60.1M across 6 unique product categories
Average deal size was $10.0M (median: $2.4M)
100% of funding went to product companies
4 companies from 3 countries were acquired for $1.3M
75% of M&A activity went to product companies
Public Markets
1 public cyber company had an earnings report
1 cyber company filed an S-1 to go public
As of markets close on August 22, 2025.
📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Funding activity over the past 12 weeks totaled $6.9B across 153 deals (mean: $52.4M, median: $9.5M), representing a 136% increase compared to the same period last year. This week saw continued activity with $60.1M raised, down 13% from last week's $69.0M.
M&A activity remained strong with 90 acquisitions completed over the trailing 12 weeks (averaging 7.5 per week). This is a 67% increase from the 54 acquisitions during the same period in the previous year.
PARTNER
The Game Has Changed for AI Governance
AI is now in every SaaS app, complicating data security
With embedded AI and MCPs, AI tools now have direct, backend access to your SaaS data at unprecedented scale. Traditional network-based controls simply can't keep up.
That's where Nudge Security comes in. Nudge discovers every AI app, user account, integration, OAuth grant, and more, in minutes. And, Nudge delivers guardrails to employees to secure identities and data.
☎️ Earnings Reports
🧩 Funding By Product Category
$50.0M for Security Orchestration and Automated Response (SOAR) across 1 deal
$4.0M for Fraud and Financial Crime Protection across 1 deal
$3.7M for Application Security across 2 deals
$1.4M for AI Governance across 1 deal
$1.0M for Security Analytics across 1 deal
An undisclosed amount for Data Access Governance across 1 deal
🏢 Funding By Company
Product Companies:
Seemplicity, an Israel-based Automatic Security Remediation Solution, raised a $50.0M Series B from Sienna Venture Capital. (more)
Innerworks, a United Kingdom-based fraud and financial crime protection platform, raised a $4.0M Seed from AlbionVC. (more)
Archestra.AI, a United Kingdom-based application security platform for deploying AI agents and Model Context Protocol (MCP) servers, raised a $3.4M Pre-Seed from Concept Ventures. (more)
Swept AI, a United States-based AI governance and security testing platform, raised a $1.4M Pre-Seed from M25. (more)
Huntbase, a United Kingdom-based security analytics and incident investigation platform, raised a $1.0M Pre-Seed from Osney Capital and Halceon. (more) 1
AppSecAI, a United States-based application security platform, raised a $360.0K Seed from Antler. (more)
1Security, a Poland-based data access governance platform for Microsoft 365 implementations, raised an undisclosed Venture Round from Digital Ocean Ventures Starter. (more)
Service Companies:
None
🌎 Funding By Country
$50.0M for Israel across 1 deal
$8.4M for the United Kingdom across 3 deals
$1.8M for the United States across 2 deals
An undisclosed amount for Poland across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
CloudCodes, a Canada-based cloud access security broker (CASB), was acquired by Scope Technologies for $1.3M. CloudCodes has not previously disclosed any funding events. (more)
Pocket Universe, a United States-based browser extension protecting against malicious distributed ledger technology attacks and cryptocurrency fraud, was acquired by Kerberus Cyber Security, Inc. for an undisclosed amount. Pocket Universe has not previously disclosed any funding events. (more)
Trag, an Armenia-based automated static code analysis and software migration platform, was acquired by Aikido Security for an undisclosed amount. Trag had previously raised $100.0K in funding. (more)
Service Companies:
Caesar Creek Software, a United States-based professional services firm focused on offensive security and vulnerability analysis, was acquired by Cryptic Vector for an undisclosed amount. Caesar Creek Software has not previously disclosed any funding events. (more)
🤘 IPO-h Yeah
📚 Great Reads
AI Agents Need Data Integrity - Bruce Schneier makes the case for why AI Agents (whatever that may be) need data integrity in a world where AI agents don’t just answer our questions but act on our behalf.
Palo Alto Networks Acquiring CyberArk: Offense or Defense? - Frank Wang gives his take on what the CyberArk acquisition from Palo Alto means.
*A message from our partner
🧪 Labs
Somebody’s gotta stay dialed in around here!
wait… if you’re circling back and i’m touching base, who the hell is monitoring the situation??
— mau (@rllydu)
4:49 PM • Jul 2, 2025
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
1 Disclosure: I’m an LP at Osney Capital.
Reply