- Return on Security
- Posts
- 💰 Security, Funded #220 - When AI Investment Turns People Divestment
💰 Security, Funded #220 - When AI Investment Turns People Divestment
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of November 10, 2025.
Mike Privette
November 17, 2025 • Reading Time: 12 minutes
Hey -
I hope you had a great weekend.
I’ve been having several conversations over the last few weeks with startup founders and practitioners about what is making companies “stand out” in the age where everyone now comes with AI Included ™️.
From my point of view and what I can see, it comes down to whether or not potential customers believe in the approach your company is taking over the technology itself.
Using AI in cyber (and all companies) is now a given, and it’s no longer a differentiation. It’s much less about what you’re doing at the product level with AI now that it’s no longer novel, and it’s much more about the “how” and the “why”.
To me, this is a departure from the standard we’ve seen prior to 2024-2025 in cyber. The companies that I see doing the best today are those that have created strong buy-in on their approach to answering existing problems, not just throwing AI at things for the sake of AI.
Let’s get this bread, family. 😤 👊
PARTNER
The CISO's Guide to AI Agents: Build Digital Teammates to Handle Repetitive Work
A guide by BlinkOps for building AI agents that handle repetitive time-sensitive work so your human teammates can focus on what matters.
Security agents can handle tier-1 investigations, enrichment, and response workflows autonomously—but where do you start? This guide gives CISOs a clear framework for building digital teammates: identifying high-impact use cases, training agents for your stack, and measuring ROI.
See how enterprise teams are reclaiming analyst time for strategic security work.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Anthropic published a report on catching threat actors using AI for 'mostly autonomous' attacks. How do you feel about it? |
Last issue’s vibe check:
What's something you wish AI agents could do for your security program?
🟨🟨⬜️⬜️⬜️⬜️ Write and update all your detection queries
🟩🟩🟩🟩🟩🟩 Perform third-party risk analysis
⬜️⬜️⬜️⬜️⬜️⬜️ Read and approve/deny all the risk acceptance requests
🟨🟨🟨🟨🟨⬜️ Handle all IAM and onboard/offboarding requests
🟨⬜️⬜️⬜️⬜️⬜️ Other (tell me)
Well, there you have it, folks. The people spoke, and they want the most tedious and boring parts of our industry to be AI Agent-itized. These are the activities that are full of friction for security and business people alike, often with minimal reward for the effort.
Who’s building at these intersections today, and who’s funding them? Reply back and let me know, so I can make it rain do some matchmaking.
Some of the top comments from last week’s vibe check:
💬 “A computer can never be held accountable; therefore, a computer must never make a management decision.” -- IBM Training Manual, 1979
💰 Market Summary
Private Markets
9 companies from 5 countries raised $205.6M across 9 unique product categories
Average deal size was $25.7M (median: $12.0M)
97% of funding went to product companies
1 company from 1 country was acquired across 1 unique product category
100% of M&A activity went to service companies
3 companies announced layoffs (new high score 😬)
Public Markets
1 public cyber company had an earnings report
As of market close on November 13, 2025.
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
A significant drop from the heavily weighted mega round the previous week, but still a strong week in funding overall, with a lot of variance across product categories.
A huge drop in transaction volume last week, and one of the lowest weeks of the year. That being said, as of last week, the total number of cyber M&A transactions for 2025 YTD has surpassed the total for 2024, and it’s not even Black Friday yet.
PARTNER
AI’s natural habitat is the browser. Does yours make AI safe?
Welcome to the next chapter of the modern enterprise workspace.
AI is all over the place, which means protection is a bunch of tools and a lot of gaps. Not good for business.
What if making AI safe for work was simple – because those protections were already built into everywhere AI lives?
The Island Enterprise Browser builds AI protection into the workspace itself.
So no matter how your people use AI – web apps, browser extensions, APIs, even desktop apps – you’re in complete control.
No new tools. No new policies.
Just AI that’s fundamentally safe for work.
☎️ Earnings Reports
This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.
Earnings reports from last week: $CYBR ( ▼ 1.34% )
CyberArk didn’t hold a public earnings call for the Q3 2025 report, but in reviewing the SEC filings, CyberArk showed up strong. CyberArk reported revenue of $342.84M with an operating loss of $50.08M and net loss of $50.44M, and it also hit a new ARR milestone of $68 Million, up 16% year-over-year.
Additionally, CyberArk shareholders approved the company’s acquisition by Palo Alto Networks (whose report earnings next week).
Earning reports to watch this coming week: $PANW ( ▼ 1.47% )
❌ Layoffs
Axonius, a United States-based attack surface management platform, laid off 100 employees, or 10% of its workforce, due to an acquisition earlier in the year and restructuring. (more)
Bitdefender, a Romania-based endpoint protection company, laid off 125 employees, or 7% of its workforce, as part of a restructuring effort. (more)
Deepwatch, a United States-based managed detection and response (MDR) company, laid off 70 employees, or 25% of its workforce, due to restructuring and investing more in AI at the company (which is the first mention I’ve seen of AI directly impacting a cyber company). (more)
🧩 Funding By Product Category
$75.0M for Attack Surface Management (ASM) across 1 deal
$75.0M for Continuous Automated Red Teaming (CART) across 1 deal
$18.0M for Human Risk Management across 2 deals
$12.0M for Smart Contract Security across 1 deal
$12.0M for AI Governance across 1 deal
$6.5M for Managed Security Services Provider (MSSP) across 1 deal
$5.1M for Security Orchestration and Automated Response (SOAR) across 1 deal
$2.0M for Fraud and Financial Crime Protection across 1 deal
An undisclosed amount for Connected and Autonomous Vehicle Security (CAVS) across 1 deal
🏢 Funding By Company
Product Companies:
Sweet Security, an Israel-based cloud runtime attack surface management (ASM) platform, raised a $75.0M Series B from Evolution Equity Partners. (more)
Tenzai, an Israel-based automated red teaming platform, raised a $75.0M Seed from Battery Ventures, Greylock, and Lux Capital. (more)
Humanix, a Canada-based human risk management platform, raised $18.0M Series A from Acrew Capital and an undisclosed Seed round from boldstart Ventures. (more)
LISA, a United States-based smart contract security platform, raised a $12.0M Seed from ByteTrade Lab. (more)
Liminal, a United States-based generative AI governance platform, raised a $12.0M Venture Round. (more)
AiStrike, a United States-based AI-assisted security automation platform, raised a $5.1M Venture Round. (more)
Falkin, a United Kingdom-based anti-fraud platform for mobile messaging channels, raised a $2.0M Pre-Seed from Triple Point Ventures.
MotionSafe, a United States-based connected vehicle security platform, raised an undisclosed Private Equity Round from ONE Bow River. (more)
Service Companies:
Japan Cyber Defense, a Japan-based managed security services provider focused on securing Japanese critical national infrastructure and government services, raised a $6.5M Seed from Incubate Fund, MPower Partners, and DBJ Capital. (more)
🌎 Funding By Country
$150.0M for Israel across 2 deals
$29.1M for the United States across 4 deals
$18.0M for Canada across 2 deals
$6.5M for Japan across 1 deal
$2.0M for the United Kingdom across 1 deal
🤝 Mergers & Acquisitions
Some pictures say way less than 1,000 words 🤔
Product Companies:
None
Service Companies:
EVA Information Security, an Israel-based professional services firm focused on offensive security services, was acquired by Pentera for an undisclosed amount. EVA Information Security has not previously disclosed any funding events.
📚 Great Reads
The AI Security Absorption Has Begun - Three years of funding data reveal AI Security represents just 9% of cybersecurity deals and 3% of funding. We're not witnessing a revolution. We're watching absorption into existing security categories, just as cloud security was before it.
*10,000 CVEs, 0 Investigation… Until Now. Maze Is Officially GA - Your vuln scanners surface thousands of findings. Only a fraction can actually be exploited. With Maze now GA, their AI agents investigate every vulnerability in context of your environment, so teams finally know what’s real with technical proof, and what’s just noise.
On Hiring for a Customer Facing CISO Role - A really good, short, and practical list of Do's and Don'ts when hiring a customer-facing CISO role.
*A message from our partners
🧪 Labs
This is the AI-generated future we deserve, not the one we need
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
Reply