💰 Security, Funded #212 - It's the Great Consolidation, Charlie Brown

Hey -

I hope you had a great weekend!

I hope your weekend was almost as good as all the AI for Security companies that have been swiped up in the last few weeks. I had the opportunity to participate in a fireside chat with the Bay Area CISO Council last week, where I shared the current state of funding and M&A in the AI for Security and Security for AI spaces, and where I thought things were going.

The great consolidation is happening with over 10 acquisitions in the last two years for the pure players in this space. More money is now being invested in companies that are using AI as a piece of their stack to achieve better security outcomes, instead of being the entire value prop.

I don’t see “AI for Security” surviving as a standalone category or function in cyber over the medium or long term. AI is just the way now. There is no delineation, and it has become as normal and as expected as using the cloud. The only difference is that AI got folded into the new way of operating in about 18 months, as opposed to 7-10 years like the cloud.

I think this is a good and healthy maturation of this space, and we’re just getting started.

💡 _{Share the newsletter in one click}

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Last issue’s vibe check:
How do you really feel about SOC 2 audits?
🟨🟨⬜️⬜️⬜️⬜️ 🎯 Actually valuable
🟩🟩🟩🟩🟩🟩 📃 Compliance theater, but required
⬜️⬜️⬜️⬜️⬜️⬜️ 💰 Pure cost center
🟨⬜️⬜️⬜️⬜️⬜️ 🤷‍♀️ Depends on the auditor

Well, SOC 2 audits have survived the masses for yet another day. The overwhelming majority of people who voted realized that SOC2 2 audits are a necessary part of doing business, which, at times, even provides some Real Value ™️.

I think about it as an “eat your vegetables first” approach to building out a security program. Sometimes you have to eat the stuff you don’t like first, so you can get to the better parts (and maybe even dessert!). Whatever your feelings on SOC 2 audits, I’m a firm believer that you should Never Waste a Good Compliance Framework.

Some of the top comments from last week’s vibe check:

💬 “As a small vendor, forced us to actually check all boxes required. Made conversations with buyers much easier and reduced number of security questionnaires we had to fill in. This accelerated the sales cycle and made it easier for customers. It’s a “you must be this tall to ride” check.”

💬 “I think the fact that SOC 2 reviews the past year, rather than just doing an point-in-time evaluation makes it a better validation of your practices than something like ISO 27001.”

💰 Market Summary

📸 YoY Snapshot

Funding activity over the past 12 weeks totaled $5.7B across 152 deals (mean: $43.7M, median: $7.0), representing a 77% increase compared to the same period last year, when $3.2B was invested across 115 deals.

M&A activity was on a rip last week, with 75 acquisitions completed over the trailing 12 weeks (averaging 6.2 per week), a 34% increase from the 56 acquisitions during the same period in the previous year.

_{Partner With Us}

☎️ Earnings Reports

🧩 Funding By Product Category

• $80.0M for Fraud and Financial Crime Protection across 1 deal

• $80.0M for AI Model Security across 1 deal

• $65.0M for Endpoint Protection across 1 deal

• $65.0M for Security Analytics across 2 deals

• $30.0M for AI Adversary Simulation across 1 deal

• $30.0M for Security and Compliance Automation across 1 deal

• $16.6M for Data Privacy across 1 deal

• $14.5M for Identity and Access Management (IAM) across 4 deals

• $11.0M for Data Security Posture Management (DSPM) across 1 deal

• $10.0M for Threat Intelligence across 1 deal

• $3.0M for AI Governance across 1 deal

• $9.1K for Professional Services across 1 deal

• An undisclosed amount for Remote Browser Isolation across 1 deal

• An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal

🏢 Funding By Company

Product Companies:

• SEON, a Gibraltar-based fraud prevention and anti-money laundering (AML) platform, raised a $80.0M Series C from Sixth Street Growth. (more)

• Irregular, an Israel-based AI model security frontier lab, raised a $80.0M Series A from Redpoint and Sequoia Capital. (more)

• Remedio, an Israel-based endpoint security configuration management and remediation platform, raised a $65.0M Series A from Bessemer Venture Partners. (more)

• Vega Security, an Israel-based AI-driven threat detection and reporting platform, raised a $60.0M Series A from Accel and a $5.0M Seed. (more)

• Terra Security, a United States-based adversarial AI simulation and red teaming platform, raised a $30.0M Series A from Felicis. (more)

• RegScale, a United States-based continuous security and compliance company, raised a $30.0M Series B from Washington Harbour Partners. (more)

• Kertos, a Germany-based data privacy platform, raised a $16.6M Series A from Portage Ventures. (more)

• Ray Security, an Israel-based data security posture management and protection platform, raised a $11.0M Seed from Ibex Investors and Venture Guides. (more)

• Silent Push, a United States-based threat intelligence platform, raised a $10.0M Series B from StepStone Group, Ten Eleven Ventures, and Knollwood Investment Advisory. (more)

• Fabrix Security, an Israel-based agentic AI platform for automating identity and access management tasks, raised a $8.0M Seed from Jibe Ventures, Merlin Ventures, toDay.Ventures, and Norwest Venture Partners. (more)

• Scalekit, a United States-based authentication stack for AI agents and AI applications, raised $5.5M from Together Fund and Z47. (more)

• Eve Security, a United States-based AI application and agent monitoring and governance platform, raised a $3.0M Seed from LiveOak Ventures. (more)

• Alter, a United States-based agentic and AI application authorization gateway, raised a $500.0K Pre-Seed from Y Combinator.

• Riverbank, a United States-based AI agents for identity and access management workflows, raised a $500.0K Pre-Seed from Y Combinator.

• Island, a United States-based remote enterprise browser isolation platform, raised an undisclosed Secondary Market round. (more)

Service Companies:

• Ciberts, an India-based professional services firm focused on database security and compliance, raised a $9.0K Grant from the AI for Life Sciences Challenge.

• Cloud Carib, a Bahamas-based managed security services and sovereign cloud provider, raised an undisclosed Debt Financing from Partners for Growth. (more)

🌎 Funding By Country

• $229.0M for Israel across 6 deals

• $80.0M for Gibraltar across 1 deal

• $79.5M for the United States across 8 deals

• $16.6M for Germany across 1 deal

• $9.1K for India across 1 deal

• An undisclosed amount for the Bahamas across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

• Dodgeball, a United States-based fraud and financial crime protection platform, was acquired by Spreedly for an undisclosed amount. Dodgeball has not previously disclosed any funding events. (more)

• HyperComply, a Canada-based continuous security and compliance company, was acquired by SecurityScorecard for an undisclosed amount. HyperComply had previously raised $6.4M in funding. (more)

• eleven, a Germany-based email security platform, was acquired by Halon Security for an undisclosed amount. eleven has not previously disclosed any funding events. (more)

• Lakera AI, a Switzerland-based platform for protecting large language models (LLMs) from prompt injection attacks, was acquired by Check Point Software Technologies for an undisclosed amount. Lakera AI had previously raised $30.0M in funding. (more)

• LetsDefend, a United States-based cybersecurity education and training platform, was acquired by Hack The Box for an undisclosed amount. LetsDefend has not previously disclosed any funding events. (more)

• Pangea, a United States-based platform for discovering and protecting AI applications and workloads, was acquired by CrowdStrike for an undisclosed amount. Pangea had previously raised $51.0M in funding. (more)

• Valimail, a United States-based email authentication and security monitoring platform, was acquired by DigiCert for an undisclosed amount. Valimail had previously raised $84.0M in funding. (more)

• TinyMDM, a France-based mobile device management (MDM) platform for Android devices, was acquired by BID Equity for an undisclosed amount. TinyMDM has not previously disclosed any funding events. (more)

• OwnID, a United States-based passwordless authentication platform, was acquired by unico IDtech for an undisclosed amount. OwnID had previously raised $6.2M in funding. (more)

Service Companies:

• CyberNorth, a United Kingdom-based cybersecurity training and education company supporting North East England, was acquired by EchoStor Technologies for an undisclosed amount. CyberNorth has not previously disclosed any funding events. (more)

• Mosaic NetworX, a United States-based managed security services provider (MSSP), was acquired by Spectrotel for an undisclosed amount. Mosaic NetworX has not previously disclosed any funding events. (more)

📚 Great Reads

🧪 Labs