- Return on Security
- Posts
- 💰 Security, Funded #217 - Running [Smart Beds] On-Prem
💰 Security, Funded #217 - Running [Smart Beds] On-Prem
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of October 20, 2025.
Mike Privette
October 27, 2025 • Reading Time: 13 minutes
Security, Funded by Return on Security, is a weekly analysis of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by Permiso, Intruder, and Cyberhaven.
Hey -
I hope you had a great weekend, and hello from Wales! 🏴
What a week it was, with the massive AWS outage and basically half the Internet being knocked offline! People the world over were sweating in their overheating smart beds that could no longer connect to their cloud-based control plane (a sentence that only made sense in the microcosm of the tech industry).
I don’t know about you, but I’m done trusting cloud platforms with my REM cycles. From now on, my smart bedding stack will run on-prem with a Kubernetes cluster spun up on my Synology NAS and local LLMs from Hugging Face running in offline mode. 🧠 💡 #DisasterRecovery #Business #FollowMeForMoreLifeTips
PARTNER
Seeing the Unseen: Mapping Human and AI Identities in the Cloud
Discover the Hidden Risks in Your Identity Landscape
Identity in the cloud has outgrown the human element. Builders, NHIs, and AI agents now hold the keys to your environment. Permiso Discover brings full visibility into every human, non-human, and AI identity across your complete environment, revealing who has access, what they can do, and where risk hides.
In an AI-driven world, identity is your new attack surface.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
After this week's AWS outage, how's your cloud trust level? |
Last issue’s vibe check:
What's the real reason most orgs don't have AI governance yet?
🟨🟨⬜️⬜️⬜️⬜️ Don't know where to start
🟨⬜️⬜️⬜️⬜️⬜️ Waiting for someone else to get burned first
🟨🟨🟨🟨⬜️⬜️ Too busy dealing with actual fires
🟩🟩🟩🟩🟩🟩 Too esoteric - don't actually understand the risks
This is a great representation of what’s been going on in the AI Governance world.
It’s not that the industry hasn’t exploded with recommendations, guidance, and frameworks for governing AI. It’s that the risks, as we understand them today, are either too conceptual or not really that big of an issue compared to other, more tangible risks.
It’s very hard to govern something that’s changing almost every week, so I predict we’ll be in this state as an industry for quite some time. However, in classic security fashion, some will never let progress get in the way of a good framework.
Some of the top comments from last week’s vibe check:
💬 “Technology teams are often out in front of compliance teams. The race to prove the ROI of AI doesn't want to wait for governance.”
💰 Market Summary
Private Markets
10 companies from 4 countries raised $432.4M across 6 unique product categories
Average deal size was $43.2M (median: $15.2M)
100% of funding went to product companies
9 companies from 2 countries were acquired for $2.0B
67% of M&A activity went to product companies
Public Markets
No public cyber companies had an earnings report
As of market close on October 24, 2025.
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Funding activity over the past 12 weeks totaled $2.4B across 144 deals (mean: $19.1M, median: $8.1M), a 18% decrease compared to the same period last year.
M&A activity over the last 13 weeks saw a 14% increase from the 70 acquisitions during the same period in the previous year.
PARTNER
As AI Enables Bad Actors, How Are 3,000+ Teams Responding?
Shadow IT, supply chains, and cloud sprawl are expanding attack surfaces - and AI is helping attackers exploit weaknesses faster. Built on insights from 3,000+ organizations, Intruder’s 2025 Exposure Management Index reveals how defenders are adapting.
High-severity vulns are up nearly 20% since 2024.
Small teams fix faster than larger ones - but the gap’s closing.
Software companies lead, fixing criticals in just 13 days.
Get the full analysis and see where defenders stand in 2025.
☎️ Earnings Reports
This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.
Earnings reports from last week: None
Earning reports to watch this coming week: None
🧩 Funding By Product Category
$280.0M for Software Supply Chain Security across 1 deal
$70.6M for Non-Human Identity (NHI) Security across 4 deals
$49.8M for AI Governance across 2 deals
$15.4M for Security Analytics across 1 deal
$11.6M for Fraud and Financial Crime Protection across 1 deal
$5.0M for Security Operations across 1 deal
🏢 Funding By Company
Product Companies:
Chainguard, a United States-based software supply chain company, raised a $280.0M Debt Financing from General Catalyst. (more)
nexos.ai, a Lithuania-based shadow AI discovery and governance platform, raised a $34.8M Series A from Evantic Capital and Index Ventures. (more)
Defakto Security, a United States-based non-human identity security platform, raised a $30.8M Series B from XYZ Venture Capital. (more)
Keycard, a Canada-based identity and access management platform for AI agents, raised a $30.0M Series A from Acrew Capital. (more)
Gravwell, a United States-based security data and analytics platform, raised a $15.4M Series A from Two Bear Capital. (more)
Darwin AI, a United States-based AI application governance and compliance platform for the federal sector, raised a $15.0M Series A from Insight Partners. (more)
AcoruAI, a Spain-based text message fraud and scam prevention platform, raised a $11.6M Series A from 33N Ventures. (more)
Keycard, a Canada-based identity and access management platform for AI agents, raised a $8.0M Seed from Andreessen Horowitz and boldstart Ventures. (more)
Bricklayer.ai, a United States-based AI-agent-enabled security operations platform, raised a $5.0M Seed from Tech Square Ventures. (more)
SlashID, a United States-based non-human identity governance platform, raised a $1.8M Venture Round. (more)
Service Companies:
None
🌎 Funding By Country
$348.0M for the United States across 6 deals
$38.0M for Canada across 2 deals
$34.8M for Lithuania across 1 deal
$11.6M for Spain across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Securiti, a United States-based multi-cloud data protection and privacy company, was acquired by Veeam Software for $1.7B. Securiti had previously raised $156.0M in funding. (more)
ThreatConnect, a United States-based cyber threat intelligence platform, was acquired by Dataminr for $290.0M. ThreatConnect had previously raised $22.0M in funding. (more)
FairNow, a United States-based AI application governance platform, was acquired by AuditBoard for an undisclosed amount. FairNow had previously raised $3.5M in funding. (more)
Breez, a United States-based identity threat detection and response platform, was acquired by JumpCloud for an undisclosed amount. Breez has not previously disclosed any funding events. (more)
CloudWize, a United States-based cloud security posture management platform, was acquired by DoiT for an undisclosed amount. CloudWize has not previously disclosed any funding events. (more)
VerifyID.ai, a United States-based identity verification and synthetic identity detection platform, was acquired by MTX Group for an undisclosed amount. VerifyID.ai has not previously disclosed any funding events. (more)
Service Companies:
EFEX, an Australia-based managed security services provider (MSSP), was acquired by Advent Partners for an undisclosed amount. EFEX has not previously disclosed any funding events. (more)
Sekuro, an Australia-based managed security services provider (MSSP), was acquired by Insight for an undisclosed amount. Sekuro has not previously disclosed any funding events. (more)
ICS, a United States-based managed security services provider (MSSP), was acquired by Redhawk Federal Solutions for an undisclosed amount. ICS has not previously disclosed any funding events. (more)
📚 Great Reads
The End of Cybersecurity- Jen Easterly, the former Director of the Cybersecurity and Infrastructure Security Agency, writes about how America's digital defenses are failing, about misaligned markets, and how AI could save it.
*Just When You Thought It Was Safe to Trust Legacy DLP - Legacy DLP (Data Loss Prevention) is chum in the water. Cyberhaven’s next-gen platform shows how to spot the real threats before they take a bite out of your data. Dive in for a demo and get the limited-edition Operation: Jaws collector’s game.
The Real (Economic) AI Apocalypse is Nigh - An analysis of the economic implications of AI and the potential bubble, including its effects on the economy and society.
*A message from our partner
🧪 Labs
A lot of y’all got caught slipping, but not this dude 😤 👊
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
Reply