💰 Security, Funded #216 - Straight Outta [Cheltenham]

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of October 13, 2025.

Author

Mike Privette
October 20, 2025 • Reading Time: 16 minutes

Security, Funded by Return on Security, is a weekly analysis of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by Intruder, Nudge Security, and Palo Alto Networks.

Hey -

I hope you had a great weekend!

Last week, I got the chance to head out to the UK’s Cyber Valley (also known as Cheltenham) and be involved in a few of the Gloucestershire Tech Week events. One of which was giving a quick talk on the state of the cyber industry from an economic standpoint around the world, what the AI Security market is doing, and whether or not I thought the cyber industry would be impacted if there is an AI bubble.

I’m now of the opinion that more talks should be done in pubs

Shoutout to the Plexal team for the invite and for showing me around the town! Are you interested in me giving a talk at your company and/or local pub? The answer may surprise you!

This week had a TON of activitiy, so you might as well jump over to the blog version if you can.

QUICK ASK: Are you using this newsletter for any cool automations or data enrichment projects? I’d love to hear about what you’re building - Let me know!

PARTNER

Free 'Autoswagger' Tool Finds the API Flaws Attackers Hope You Miss

Remember the Optus breach? Millions of customer records stolen through an insecure API that may as well have had a “welcome” mat. Three years later, Intruder’s security team is finding the same vulnerabilities in some of the world’s biggest companies.

That’s why they built Autoswagger: a free, open-source tool that finds unauthenticated APIs leaking sensitive data before attackers do. Check out the real issues Intruder found with Autoswagger and get the tool to make sure you stay out of the headlines.

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

What's the real reason most orgs don't have AI governance yet?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
What level of AI governance oversight are your customers and third parties requesting
🟨🟨🟨⬜️⬜️⬜️ Actively demanding AI governance documentation
🟩🟩🟩🟩🟩🟩 Some ask about AI practices in RFPs
🟨🟨🟨⬜️⬜️⬜️ Occasional questions but not deal-breakers
🟨⬜️⬜️⬜️⬜️⬜️ Customers don't ask about our AI governance

Very interesting results from last week’s vibe check. The overwhelming majority of people who responds say they get questions about AI practices in RFPs (requests for proposal) or vendor diligence, but that’s largely it. The beating drum of regulation and compliance is typically much further ahead of real life practices in this industry, but AI governance may be one of the bigger disconnects. AI is already everywhere, and one cannot simply govern something that still really hard to understand and changing.

I imagine we’re all in the same place here on this one, with not being really sure on what “good” looks like. We’re all trying to see what will actually work and what’s actually useful while just trying to make everything else work. Just keep experimenting and learning!

Some of the top comments from last week’s vibe check:

💬 “They don't ask, but they probably should.” 👀 

💰 Market Summary

Private Markets

  • 21 companies from 7 countries raised $219.1M across 16 unique product categories

  • Average deal size was $13.7M (median: $6.6M)

  • 96% of funding went to product companies

  • 9 companies from 2 countries were acquired

  • 56% of M&A activity went to service companies

Public Markets

  • No public cyber companies had an earnings report

As of market close on October 17, 2025.

📸 YoY Snapshot

Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

Funding activity over the past 13 weeks totaled $2.5B across 161 deals (mean: $17.8M, median: $8.3M), an 11% decrease compared to the same period last year when $2.8B was invested across 123 deals. Either way, 2025 is already up about $2 billion from 2024.

M&A activity jumped right back up this week, pushing up the rolling average of 6 acquisitions a week. We are now just 10 acquisition short of matching the same volume as all of 2024.

PARTNER

The game has changed for AI governance

AI is now in every SaaS app, complicating data security

With embedded AI and MCPs, AI tools now have direct, backend access to your SaaS data at unprecedented scale. Traditional network-based controls simply can't keep up.

That's where Nudge Security comes in. Nudge discovers every AI app, user account, integration, OAuth grant, and more, in minutes. And, Nudge delivers guardrails to employees to secure identities and data. CTA: See how you can regain control

☎️ Earnings Reports

This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.

Earnings reports from last week: None

Earning reports to watch this coming week: None

🧩 Funding By Product Category

  • $50.0M for Security and Compliance Automation across 1 deal

  • $33.0M for Payment Security across 1 deal

  • $28.0M for Network Security across 1 deal

  • $26.0M for Remote Browser Isolation across 1 deal

  • $25.0M for AI Security across 1 deal

  • $20.0M for Identity Verification across 1 deal

  • $9.3M for Quantum Security across 1 deal

  • $9.3M for Managed Security Services Provider (MSSP) across 5 deals

  • $6.5M for Threat Intelligence across 1 deal

  • $6.1M for Data Protection across 2 deals

  • $3.3M for Identity Governance & Administration (IGA) across 1 deal

  • $1.7M for AI Governance across 1 deal

  • $928.6K for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal

  • An undisclosed amount for Distributed Ledger Technology (DLT) Security across 1 deal

  • An undisclosed amount for Deepfake Detection across 1 deal

  • An undisclosed amount for Threat & Vulnerability Management (TVM) across 1 deal

🏢 Funding By Company

Product Companies:

  • CoreStack, a United States-based continuous security and compliance platform, raised a $50.0M Debt Financing from Post Road Group. (more)

  • Basis Theory, a United States-based payment data tokenization, vaulting, and automation platform, raised a $33.0M Series B from Costanoa Ventures. (more)

  • OneLayer, a United States-based mobile network security company for private cellular (LTE/5G) networks, raised a $28.0M Series A from Maor Investments. (more)

  • Conceal, a United States-based networking platform that allows for covert threat intelligence gathering and remote browser isolation, raised a $26.0M Series B from Two Bear Capital. (more)

  • Resistant AI, a Czechia-based platform to protect AI systems from adversarial machine learning attacks and advanced fraud, raised a $25.0M Series B from DTCP. (more)

  • Glide Identity, a United States-based authentication and identity verification platform, raised a $20.0M Series A from Crosspoint Capital Partners. (more)

  • LuxQuanta, a Spain-based quantum-safe encryption platfrm, raised a $9.3M Series A from Big Sur Ventures. (more)

  • HOOTL, a United States-based cyber risk intelligence platform, raised a $6.5M Series A from 5IR Funds. (more)

  • Matters.AI, a United States-based AI security engineer platform focused on sensitive data discovery and assisted-remediation, raised a $4.8M Seed from Endiya Partners and Kalaari Capital. (more)

  • Ploy, a United Kingdom-based just-in-time identity governance and administration platform, raised a $3.3M Seed from Osney Capital. (more)

  • NROC Security, a United States-based governance and monitoring platform for AI applications, raised a $1.7M Seed. (more)

  • Theodosian, a United Kingdom-based file-level encryption and access platform, raised a $1.3M Pre-Seed from Fuel Ventures. (more)

  • HyperBunker, a United Kingdom-based data back and vaulting platform for recovery from ransmoware incidents and outages, raised a $928.6K Seed from Fil Rouge Capital (FRC) and Sunfish Partners. (more)

  • AISLE, a United States-based automated vulnerability triage and remediation platform, raised an undisclosed Angel round from Aparna Chennapragada, Dwarkesh Patel, Ian Goodfellow, Jeff Dean, Olivier Pomel, and Thomas Wolf. (more)

  • Aurigin.ai, a Switzerland-based deepfake and AI-generated content detection platform, raised a undisclosed Grant.

  • Naoris Protcol, a New Caledonia-based distributed ledger technology (DLT) security protocol supporting decentralized identity and privacy of Web3, raised a undisclosed Funding Round from Michael Terpin. (more)

Service Companies:

🌎 Funding By Country

  • $172.4M for United States across 12 deals

  • $25.0M for Czechia across 1 deal

  • $12.3M for United Kingdom across 4 deals

  • $9.3M for Spain across 1 deal

  • $105.3K for Sweden across 1 deal

  • An undisclosed amount for Switzerland across 1 deal

  • An undisclosed amount for New Caledonia across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

  • Cybereason, a United States-based endpoint detection and response platform, was acquired by LevelBlue for an undisclosed amount. Cybereason had previously raised $970.6M in funding. (more)

  • TrustArc, a United States-based data privacy management and compliance platform, was acquired by Main Capital Partners for an undisclosed amount. TrustArc had previously raised $107.0M in funding. (more)

  • Verosint, a United States-based identity threat detection and response platform, was acquired by Imprivata for an undisclosed amount. Verosint had previously raised $12.0M in funding. (more)

  • Datable.io, a United States-based security and cloud data aggregation and analytics platform, was acquired by Panther for an undisclosed amount. Datable.io has not previously disclosed any funding events. (more)

Service Companies:

  • CYB3R, a United Kingdom-based managed security services provider (MSSP), was acquired by EarlyHealth Group for an undisclosed amount. CYB3R has not previously disclosed any funding events. (more)

  • Eden Data, a United States-based professional services firm focued on governance, risk, compliance consulting, was acquired by Riveron for an undisclosed amount. Eden Data has not previously disclosed any funding events. (more)

  • Fathom Cyber LLC, a United States-based professional services firm focused on cybersecurity education and Peak InfoSec, a United States-based professional services firm focused on cybersecurity compliance, merged together with Ascend Cyber.

  • Spirent Communications, a United Kingdom-based managed security services provider (MSSP), was acquired by Viavi Solutions for an undisclosed amount. Spirent Communications has not previously disclosed any funding events. (more)

📚 Great Reads

*A message from our partner

🧪 Labs

Relatable

Security ROI > Coffee ROI

Get value every week? Back the mission.

Or send your smart friends a referral.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using the Return on Security system.

  • Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.

  • Let us know if you spot any errors, and we’ll fix them.

Reply

or to participate.