Security, Funded by Return on Security, is a weekly analysis of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by Tonic Security and Nudge Security.
Hey -
I hope you had a great weekend! If you celebrated Thanksgiving in the US or abroad (like me), I hope you were able to relax and get a good head start on winter bulk season. 🐻
Sharing a regional holiday celebration with people from other regions and those who have never participated is an interesting thing to watch. They’re not sure if what they're doing is the right thing, they're worried about making mistakes or looking silly, and they’re looking to you (as the person who knows) for some guidance on what to do.
My favorite question of the day was, “Does anyone still identify as a ‘pilgrim’?” 🧑🍳 🤌
Taking part in a new holiday celebration or tradition is not all too different from entering the cybersecurity industry for the first time or trying to find your way around. There is no “right way” to do things in cyber(at least not for long). The only “wrong way” is to not do anything at all.
So just do it.
PARTNER
Accelerate Remediation with Tonic Security’s Context-Driven Exposure Management
Reduce risk, respond faster, and optimize efficiency with agentic vulnerability management
Tonic Security accelerates prioritization and remediation of vulnerabilities and threats with a context-driven Unified Exposure Management platform. Powered by Agentic AI and a security Data Fabric, Tonic extracts actionable context from unstructured tribal knowledge and threat intel, empowering security teams with superior visibility, dramatic reduction in false positives, and highly efficient remediation.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
How has your security organization grown this year?
Last issue’s vibe check:
For what reason would you be more likely to pick one cybersecurity platform over another?
🟨⬜️⬜️⬜️⬜️⬜️ Because it's the cheapest
⬜️⬜️⬜️⬜️⬜️⬜️ Because it uses the latest in AI tech
🟨⬜️⬜️⬜️⬜️⬜️ Because it solves compliance requirements
🟩🟩🟩🟩🟩🟩 Because you are bought into the problem-solution approach
As it turns out, solving real customer problems is what drives cybersecurity product selection. Who knew?!
I feel like this is an especially important reminder, as every company now uses AI in cyber. You may have even seen a few “AI Security for X” market maps or lists floating around, featuring any company under the sun that claims they’re doing the AI version of [insert traditional security function]. To me, most of these maps and lists are dead on arrival and end up being more of a marketing play for whoever put out the original list.
Using AI in cyber (and all companies) is now a given, and it’s no longer a differentiation. It’s much less about what you’re doing at the product level with AI, and much more about how and why (problem-solution approach). To me, this is a departure from the standard we’ve seen prior to 2024-2025 in cyber. The companies that I see doing the best today are those that have built strong buy-in on their approach to answering existing problems.
In my opinion, it comes down to whether potential customers believe in the approach rather than the technology itself.
Some of the top comments from last week’s vibe check:
💬 “Real risk reduction starts with understanding what it is we are trying to do here. If you can't answer the "office space Bobs," then you're wasting or not optimizing investments.”
💬 “Consolidation, simplification, and cost efficiency.”
💰 Market Summary
Private Markets
10 companies from 4 countries raised $172.0M across 10 unique product categories
Average deal size was $17.2M (median: $16.8M)
100% of funding went to product companies
3 companies from 3 countries were acquired across 3 unique product categories
67% of M&A activity went to service companies
Public Markets
1 public cyber company had an earnings report
As of market close on November 28, 2025.
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Funding accelerated 45% year-over-year, with $3.6B raised across 184 deals over the past 12 weeks compared to $2.5B across 151 deals in the same period last year.
M&A activity continued with 83 acquisitions over the past 12 weeks, up 15% from 72 last year.
PARTNER
Welcome to the era of the Workforce Edge
Your most hidden and fastest-growing attack surface
Every day, your employees make decisions about what SaaS and AI tools to adopt and what data to share. This is the Workforce Edge—and it’s your fastest-growing attack surface.
Data from Nudge Security shows:
2x the number of SaaS apps to employees in most orgs
90% of apps are introduced outside of IT
Each employee averages 70 OAuth grants, many of which enable data-sharing
Nudge Security provides visibility and control at the Workforce Edge.
☎️ Earnings Reports
This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.
Earnings reports from last week: $ZS ( ▼ 3.27% )
$ZS ( ▼ 3.27% ) - BULL
Zscaler crushed expectations with 26% ARR growth to $3.2B combined with an astounding 52% free cash flow margin. Revenue hit $788M (up 26% YoY, 10% QoQ), and all three of the main product pillars, AI Security, “Zero Trust Everywhere”, and Data Security, all accelerated strongly.
Zscaler also got really aggressive and creative with customer financing this last quarter, allowing existing customers to buy a block of modules, but allowing them to be hot-swapped as needed. This speaks to the architecture of Zscaler, in that it can land and expand very easily. Add to this the fact that Zscaler dips into the IT and Security budget spending with consolidating SD-WAN and legacy firewalls, and they’ve got a lot of flexibility to maneuver and grow.
Analysts were excited, but wanted more specifics on ARR and Red Canary. When specifically questioned about Red Canary’s progress and growth after the acquisition, Zscaler said the business was strong but that it would not include any Red Canary-specific financial numbers going forward.
To me, this is a company who is executing strongly on operational fundamentals in a way that not all companies can, and that is another way to drive stock performance excellence (as it has).
Earning reports to watch this coming week: $CRWD ( ▼ 0.99% ), $OKTA ( ▲ 0.39% ), $S ( ▼ 0.8% )
🧩 Funding By Product Category
$30.0M for Breach & Attack Simulation (BAS) across 1 deal
$30.0M for Threat Modeling across 1 deal
$20.0M for Identity and Access Management (IAM) across 1 deal
$17.6M for Network Security across 1 deal
$17.0M for AI Governance across 1 deal
$16.5M for Software Supply Chain Security across 1 deal
$15.0M for Secure Networking across 1 deal
$12.9M for Security Operations across 1 deal
$10.0M for Cloud Security across 1 deal
$3.0M for Open-Source Intelligence (OSINT) across 1 deal
🏢 Funding By Company
Product Companies:
Clover Security, an Israel-based AI-assisted security design review platform, raised a $30.0M Series A from Notable Capital and Team8. (more)
SpecterOps, a United States-based breach and attack path management platform, raised a $30.0M Venture Round. (more)
Opti, a United States-based AI agent-driven identity and access management platform, raised a $20.0M Seed from YL Ventures, Mayfield Fund, and Hetz Ventures. (more)
vijil, a United States-based governance and safety platform for AI agents, raised a $17.0M Venture Round from Brightmind Partners. (more)
CodeNotary, a United States-based software supply chain security platform, raised a $16.5M Funding Round. (more)
NetFoundry, a United States-based secure networking platform, raised a $15.0M Series A from Cisco Investments. (more)
Augmentt, a Canada-based Microsoft 365 security and management platform for MSPs, raised a $12.9M Series A from Camber Partners. (more)
Blast Security, a United States-based cloud security platform focused on preventative guardrails, raised a $10.0M Seed from 10D and MizMaa Ventures. (more)
Social Links, a United States-based open-source intelligence data processing platform, raised a $3.0M Seed from Yellow Rocks!. (more)
Service Companies:
None
🌎 Funding By Country
$111.5M for the United States across 7 deals
$30.0M for Israel across 1 deal
$17.6M for Sweden across 1 deal
$12.9M for Canada across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Service Companies:
Monti Stampa Furrer & Partners, a Switzerland-based professional services firm focused on OT/ICS security, was acquired by Allurity for an undisclosed amount. Monti Stampa Furrer & Partners has not previously disclosed any funding events. (more)
📚 Great Reads
We Need More Security Generalists - My friend Frank Wang talks about how the security industry needs more people who can understand context, ask the right questions, and troubleshoot across layers.
Prompt Injection Visually Explained - Jason Haddix put together one of the clearest graphics I've seen on breaking down what the AI prompt injection vulnerability class is.
*A message from our partners
🧪 Labs
It’s always good to remember what you’re thankful for during the holiday season 🙏
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.