Security, Funded by Return on Security, is a weekly analysis of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by Palo Alto Networks, Cribl, and Hyperproof.
Hey -
POV - You’re me watching all the funding and M&A activity come in last week.
Imagine this guy, but with a beard
A lot of ground to cover from last week, so go ahead and hit the jump to the blog post version.
It’s Black Hat Europe here in London this week, and I’m looking forward to catching up with everyone. I’ll be at the AI Security Summit on Tuesday and bouncing around the conference the rest of the week. I’ll also be emceeing the Startup Spotlight Competition on Thursday and hope to see you there!
A quick programming note, but this issue and next week’s are the last two issues of 2025. 🤯 I can’t believe how fast the year has gone by, but I’m so very glad you’ve been a part of it.
2026 is already shaping up to be a big year for Return on Security, and I’m really excited for what’s coming next. If you’re a business looking to get in front of the top security leaders, investors, and founders in the world in 2026, let’s chat.
PARTNER
From Gates to Guardrails: A Practical Guide to Preventing Risk at Scale
Application security often struggles to prevent issues without slowing developers. A lack of context makes it hard to set targeted controls, so issues slip into production faster than teams can fix them – leaving teams with ever growing backlogs and applications persistently at risk.
This guide provides a practical, five-stage framework to enable teams to turn security gates into guardrails, allowing teams to accelerate secure development.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Three quarters in a row with $5B+ in cyber funding. Is this:
Last issue’s vibe check:
How has your security organization grown this year?
🟨🟨🟨⬜️⬜️⬜️ ⬇️ Gotten smaller
🟩🟩🟩🟩🟩🟩 ↔️ Stayed the same size
🟩🟩🟩🟩🟩🟩 ⬆️ Gotten bigger
I think last week’s vibe check results are a pretty good sign of the industry. I expected that most votes would have gone to teams staying the same size, but it’s tied with teams that have gotten bigger.
I suspect this is a tale of two worlds — one that has expanded by taking ownership of more security and IT responsibilities, and one that has been frozen in time, where CapEx (spending on tools and services) is favored over OpEx (full-time salaries and benefits).
Some of the top comments from last week’s vibe check:
💬 Leaning into the broader idea of risk management and speaking to availability as a core tenet (healthcare provider) positions infosec as a better partner than just “threat actors bad.”
💬 “Not through downsizing, but a hiring and pay freeze with increased attrition means our team has gotten a lot smaller. I'm doubtful either AI or outsourcing will be sufficient (or cost-effective) replacements for us, but that's why we simply stopped tracking sufficiency🫤”
💬 The team has stayed the same size, but the pressure of using AI for everything has effectively given us more work with less help.
💰 Market Summary
Private Markets
20 companies from 5 countries raised $2.7B across 17 unique product categories
Average deal size was $170.3M (median: $25.5M)
100% of disclosed funding went to product companies
8 companies from 3 countries were acquired across 2 unique product categories
88% of M&A activity went to service companies
1 company announced layoffs
Public Markets
3 public cyber companies had an earnings report
As of market close on December 4, 2025.
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
🎵 One of these [weeks] is not like the other. 🎵
Not only was last week the highest total for cybersecurity funding in 2025, but it also marked the third straight quarter in 2025 with over $5 billion in cybersecurity funding raised! 🤯
Not to be outdone, M&A activity surged 20% year-over-year, with 84 acquisitions over the past 13 weeks compared to 70 in the same period last year.
PARTNER
How To Turn Questions Into Queries With Cribl Copilot
See how Cribl Copilot helps you get the insights you need faster using natural language, guided query suggestions, and instant visualization recommendations.
Your time’s precious - so this webinar is on-demand with no form-fill required.
☎️ Earnings Reports
This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.
Earnings reports from last week: $CRWD ( ▲ 2.42% ), $OKTA ( 0.0% ), $S ( ▲ 0.07% )
$CRWD ( ▲ 2.42% ) - BULL
CrowdStrike came out swinging in its latest earnings call. Net new ARR grew 73% year-over-year to over $265 million, and delivered record operating income of $265M and $296M in free cash flow. This was despite absorbing $53M in incident-related costs from the July 2024 incident heard round the world. Safe to say, the world has moved on.
An interesting story on the call was about platform consolidation and the growing number of customers signing flexible module deals through the “Falcon Flex” program, up more than 200% YoY (!). George Kurtz also announced a big strategic AWS partnership, unveiled yesterday, that puts their SIEM production directly in AWS Security Hub. CrowdStrike is an absolute beast at channel partnerships, so this will be yet another large product-led growth motion for them (and potentially disruptive to the existing SIEM market).
$OKTA ( 0.0% ) - HOLD
Okta had really solid execution this last quarter with 14% revenue growth to $665M, strong profitability with a 25% operating margin and 31% FCF margin, and increased customer interest in AI agent security products.
Okta dodged answering any specific questions around AI Agent security product revenue and customer traction, citing that it’s still early days. That’s not bad per se, but it would have been much better if they had given some indication. Okta’s biggest challenge right now is to prove it can monetize the AI agent opportunity.
Outside of this, investors were confused and a bit miffed at why Okta didn’t provide any forward-looking guidance. This isn’t something they have done in many quarters, and no investor likes uncertainty.
$S ( ▲ 0.07% ) - BEAR
SentinelOne had just an OK earnings call. While there were a few (comparatively) positive signs with results, such as hitting its first positive free cash flow quarter and a 7% operating margin with increased platform growth, there were some brown spots as well.
ARR growth was only 1%. Revenue growth dropped from 30%+ in the prior year to 23%, and indications suggest Q4 will be even worse. Framed in this light, the two most recent acquisitions of Observo and Prompt Security look more like a Hail Mary to fill growth gaps and claw back market share (which is a fair play). The hits kept coming as SentinelOne also announced the upcoming departure of CFO Barbara Larson. Analysts were skeptical and expressed concerns about the deceleration in growth.
And, as always, SentinelOne cannot help but be in the shadow of comparison to CrowdStrike at every earnings call.
Earning reports to watch this coming week: $NTSK ( ▲ 0.72% ), $SAIL ( ▼ 4.59% )
❌ Layoffs
Aqua Security, a United States-based cloud-native security platform, laid off an undisclosed number of employees (5-10% of its workforce) as part of a restructuring effort. (more)
🧩 Funding By Product Category
$1.8B for Network Security across 1 deal
$300.0M for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal
$160.0M for Web Application and API Protection (WAAP) across 1 deal
$130.0M for Security Operations across 2 deals
$105.0M for Application Security Testing (AST) across 1 deal
$100.0M for Embedded Security across 1 deal
$60.0M for Threat and Risk Prioritization across 1 deal
$34.5M for AI Governance across 3 deals
$28.0M for Deepfake Detection across 1 deal
$23.0M for Data Protection across 1 deal
$15.0M for Password Management across 1 deal
$9.2M for Threat Detection and Response (TDR) across 1 deal
$8.1M for Attack Surface Management (ASM) across 1 deal
$2.5M for Confidential Computing across 1 deal
An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal
An undisclosed amount for Identity Verification across 1 deal
An undisclosed amount for Physical Security across 1 deal
🏢 Funding By Company
Product Companies:
Check Point Software Technologies, a United States-based suite of network and email security tools, raised a $1.8B Post-IPO Debt from Public Offering. (more)
7AI, a United States-based platform focused on agentic AI-driven security operations tasks, raised a $130.0M Series A from Index Ventures. (more)
Antithesis, a United States-based application security testing platform, raised a $105.0M Series A from Jane Street Capital. (more)
Axiado Corporation Inc, a United States-based embedded hardware security platform, raised a $100.0M Series C from Maverick Silicon. (more)
Zafran Security, a United States-based threat and risk prioritization platform that uses your existing tool stack to show risks and mitigations, raised a $60.0M Series C from Menlo Ventures. (more)
Imper.AI, a United States-based deepfake and digital impersonation protection platform, raised a $28.0M Seed from Battery Ventures and Redpoint. (more)
Niobium Microsystems, a United States-based fully homomorphic encryption (FHE) data protection platform, raised a $23.0M Seed from Blockchange Ventures. (more)
Lumia Security, a United States-based agentic and AI application discovery and governance platform, raised a $18.0M Seed from Team8. (more)
Multifactor, a United States-based password management platform, raised a $15.0M Seed from Nexus Venture Partners. (more)
Cognna, a Saudi Arabia-based threat detection and response (TDR) platform, raised a $9.2M Series A from BNVT Capital and Impact46. (more)
Helmet Security, a United States-based governance and monitoring platform for AI agents and autonomous workflows, raised a $9.0M Seed from SYN Ventures and WhiteRabbit Ventures. (more)
Saporo, a Switzerland-based attack surface management (ASM) platform, raised a $8.1M Series A from TIIN Capital. (more)
Alinia AI, a Spain-based generative AI governance, safety, and compliance platform, raised a $7.5M Seed from Mouro Capital. (more)
Mirror Security, an Ireland-based confidential computing platform for AI applications and data, raised a $2.5M Pre-Seed from Atlantic Bridge and Sure Valley Ventures. (more)
AnChain.AI, a United States-based security operations platform for Web3 digital assets, raised an undisclosed Series B from Amino Capital, Emmanuel Vallod. (more)
PopID, a United States-based biometric identity verification platform, raised an undisclosed Corporate Round from NEC Corporation. (more)
Service Companies:
Electrosoft, a United States-based managed security services provider (MSSP) to U.S. Federal and Defense agencies, raised an undisclosed Corporate Round from DigitalNet.ai. (more)
🌎 Funding By Country
$2.7B for the United States across 16 deals
$9.2M for Saudi Arabia across 1 deal
$8.1M for Switzerland across 1 deal
$7.5M for Spain across 1 deal
$2.5M for Ireland across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Veza, a United States-based data protection platform focused on identity and authorization, was acquired by ServiceNow for an undisclosed amount. Veza had previously raised $233.0M in funding. (more)
Service Companies:
AMR CyberSecurity, a United Kingdom-based professional services firm focused on penetration testing and incident response, was acquired by Infinum for an undisclosed amount. AMR CyberSecurity has not previously disclosed any funding events. (more)
Aristi, a United Kingdom-based professional services firm focused on penetration testing services, was acquired by Limerston Capital for an undisclosed amount. Aristi has not previously disclosed any funding events. (more)
Cystemic Security, a United States-based professional services firm focused on security and data analytics consulting, was acquired by Woven Solutions for an undisclosed amount. Cystemic Security has not previously disclosed any funding events. (more)
Invictus International Consulting, a United States-based professional services firm focused on cybersecurity operations for national defense, was acquired by Red River for an undisclosed amount. Invictus International Consulting has not previously disclosed any funding events. (more)
Netservices, a United States-based professional services firm focused on IT and security consulting for the U.S. Armed Forces, was acquired by Synergy ECP for an undisclosed amount. Netservices has not previously disclosed any funding events. (more)
PLEX Solutions, a United States-based professional services firm focused on penetration testing and security operations, was acquired by Markon for an undisclosed amount. PLEX Solutions has not previously disclosed any funding events. (more)
Redshift, a South Africa-based professional services firm focused on application security and penetration testing, was acquired by Integrity360 for an undisclosed amount. Redshift has not previously disclosed any funding events. (more)
📚 Great Reads
RAPTOR - An Autonomous offensive/defensive security research framework, based on Claude Code by Gadi Evron, Daniel Cuthbert, Thomas Dullien, and Michael Bargury.
*Guide to AI Risk Management Frameworks - Are you deploying AI safely and smartly? Learn how to pick the right framework, spot risks early, and build a secure, compliant AI strategy that scales.
AI Eats the World - Benedict Evans gives his annual address on the state of software and AI.
*A message from our partners
🧪 Labs
This is what the holidays are really about
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.