Security, Funded by Return on Security, is a weekly analysis of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by BlinkOps, Alumni Ventures, and Teleport.
Hey -
We made it, folks! Welcome to the last issue of Security, Funded in 2025!
It was also great to run into and catch up with so many people at Black Hat Europe last week, and I can’t think of a better way to roll into the last issue of the year. Congrats to Geordie AI for winning the Startup Spotlight Competition and to VulnCheck for winning the people’s choice vote!
Although this is the last newsletter of the year, it doesn't mean I'll stop writing. It’s been a hell of a year in our industry, and now is when I start working on the flagship annual report set to come on in late January 2026. Be sure to also keep an eye out for my annual shareholder letter coming later this year, with an update on the state of the business for Return on Security.
Also, one last thing! If Return on Security has been helpful for you this year (no matter how long you’ve been reading), I would really value your input on this 2-minute survey:
This short survey will really help me stay grinding on the things that matter. 😤 👊
See you all in this format next year, and I hope you have an amazing end to your 2025!
PARTNER
Want 100+ Hours Back For Your SOC Team?
Agentify security operations in a Blink.
BlinkOps gives security teams what they actually need: faster response times, fewer manual tasks, and security analysts focused on high-impact work. Deploy in hours, see results in days.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What cybersecurity trend peaks in 2026?
Last issue’s vibe check:
Three quarters in a row with $5B+ in cyber funding. Is this:
🟨⬜️⬜️⬜️⬜️⬜️ Sustainable (AI wave is real)
🟩🟩🟩🟩🟩🟩 A bubble (it'll pop eventually)
🟨🟨⬜️⬜️⬜️⬜️ The new normal
⬜️⬜️⬜️⬜️⬜️⬜️ Irrelevant due to the attackers
Everyone is feeling AI bubble vibes these days, with a slight nod towards this being our “new normal.”
My personal take is that we are still somehow really early on in the AI race, even with the insane amount of technical progress that has taken place over the last three years. The more I zoom in on AI, the more it looks like we need to figure out, and the more scaffolding we need to make it successful.
When it comes to cyber, however, we have different economic levers. Most industries depend entirely on commercial viability and market demand, but not cyber. While AI hype creates speculation everywhere else, cybersecurity's structural differences and external attacker forces make it more uniquely bubble-resistant.
Some of the top comments from last week’s vibe check:
💬 “Prediction: the AI reckoning happens next year and RSAC 2027 is the first RSAC conference not dominated by talk of AI. What takes AI's place as the dominant funding attraction? Good question: exposure management? It's looking like Tenable, Rapid7, and Qualys might have a Symantec/McAfee moment in the near future.”
💰 Market Summary
Private Markets
15 companies from 6 countries raised $797.3M across 13 unique product categories
Average deal size was $66.4M (median: $9.3M)
100% of funding went to product companies
5 companies from 4 countries were acquired across 5 unique product categories
80% of M&A activity went to product companies
Public Markets
2 public cyber companies had an earnings report
As of market close on December 12, 2025.
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Last week’s funding was still a doozy, even if you don’t compare it to the week prior. The industry is in full Santa Rally mode. 🎅
M&A is still going strong, with many big companies continuing to make major moves this year. If 2025’s M&A could be categorized as a story, it would be one of slumbering giants of the industry waking up and bringing their friends in.
PARTNER
Return on Security Exclusive: You Could Be an Investor in High-Potential Startups Like: ConductorOne, Conveyor, RapidFort & Eclypsium
Return on Security and Alumni Ventures are teaming up to give readers early access to invest in high-potential cybersecurity startups. This is your chance to co-invest alongside top VC firms and shape the future of the security ecosystem. If you want a closer look at how these private market deals get done and join in, this is the simplest way to get plugged into the action.
You get:
- Curated deal flow in cybersecurity startups
- No cost, no commitment to join
- Invest only if a company excites you
Don’t miss your chance before access closes.
☎️ Earnings Reports
This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.
Earnings reports from last week: $NTSK ( ▼ 8.06% ), $SAIL ( ▼ 1.85% )
$NTSK ( ▼ 8.06% ) - BULL
Netskope's debut public quarterly report reveals the cloud security company winning 80%+ of competitive bake-offs while accelerating ARR growth to 34% ($745M) and revenue up 33% to $184M.
Even with those very strong results, it’s not always wise to go too hard on the street when it’s your first rodeo (he said while at his second rodeo). As a result, management deliberately nerfed guidance as a newly public company while ramping up hard on the sales side. The constraint isn't competitive positioning for Netskope, it's top-of-funnel awareness. Netskope has 1,000+ customers using its GenAI protection products, so it’s off to a good start.
All in all, this was about as good a first quarter as a newly public company that you could hope for.
$SAIL ( ▼ 1.85% ) - HOLD
SailPoint had a good quarter and hit a major milestone in Q3, surpassing $1 billion in ARR (up 28% YoY) while delivering $282M revenue (+20% YoY). This was mostly driven by strong cross-selling with non-employee risk management, machine identity, and data security modules. This motion collectively doubled ARR and drove 114% net revenue retention (best-in-class).
Still, the analysts were a bit underwhelmed. What sounded strong on paper was only about 1% beat on the ARR guidance. This immediately led to comparison challenges on CyberArk and Okta. Had the beat been stronger, the tone would have been much different. The next 6-12 months will be really important to watch for SailPoint.
Earning reports to watch this coming week: None until 2026
🧩 Funding By Product Category
$700.0M for Identity and Access Management (IAM) across 1 deal
$31.5M for API Security across 2 deals
$20.0M for Cyber Risk Management across 1 deal
$13.0M for Deepfake Detection across 1 deal
$11.6M for Certificate Lifecycle Management across 1 deal
$7.0M for Threat Intelligence across 1 deal
$6.5M for Blockchain Security across 1 deal
$3.8M for Multi-Factor Authentication (MFA) across 1 deal
$2.0M for Security Analytics across 1 deal
$1.8M for IT Asset Management (ITAM) across 1 deal
$50.0K for Threat and Risk Prioritization across 2 deals
An undisclosed amount for Security Operations across 1 deal
An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal
🏢 Funding By Company
Product Companies:
Saviynt, a United States-based intelligent identity and access governance solution for cloud applications, raised a $700.0M Series B from Kohlberg Kravis Roberts. (more)
Prime Security, a United States-based security review automation and risk management platform, raised a $20.0M Series A from Scale Venture Partners. (more)
Resemble AI, a United States-based deepfake detection and AI verification platform, raised a $13.0M Venture Round from Berkeley Frontier Fund. (more)
Equixly API Security, an Italy-based API security platform, raised a $11.6M Series A from 33N Ventures. (more)
Zynap, a Spain-based threat intelligence platform, raised a $7.0M Seed from K Fund and Kibo Ventures. (more)
TestMachine, a United States-based Web3 and Blockchain security platform, raised a $6.5M Venture Round from Blockchange Ventures, Decasonic, Delphi Ventures, and New Form Capital. (more)
Cyphlens, a United States-based mobile-based multi-factor authentication platform using visual cryptography, raised a $3.8M Seed from Cambrian Ventures. (more)
Realm.Security, a United States-based security and cloud data aggregation and analytics platform, raised a $2.0M Venture Round from Presidio Ventures. (more)
XFA, a United States-based privacy-focused IT asset management and security platform, raised a $1.8M Seed from Curiosity VC and ScaleFund. (more)
ThreatCaptain, a United States-based threat and risk prioritization platform for MSSPs, raised a $50.0K Grant from South Carolina Research Authority. (more)
CYBRET AI, a Sweden-based agentic AI security operations workflow platform, raised an undisclosed Seed from FR8, Inception Fund, Skyfall Ventures, Visionaries Club, and Wave Ventures.
Point Wild, a United States-based threat and risk prioritization platform, raised an undisclosed Venture Round from WndrCo.
Service Companies:
PKI Solutions, a United States-based managed security services provider (MSSP) focusing on managing identity and encryption systems, raised an undisclosed Venture Round from Arthur Ventures. (more)
🌎 Funding By Country
$747.1M for the United States across 10 deals
$19.9M for Australia across 1 deal
$11.6M for Italy across 1 deal
$11.6M for France across 1 deal
$7.0M for Spain across 1 deal
An undisclosed amount for Sweden across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Infinipoint, an Israel-based zero-trust security company for workstations and mobile devices, was acquired by Outpost24 for an undisclosed amount. Infinipoint had previously raised $14.0M in funding. (more)
Junglemap AB, a Sweden-based security awareness training platform, was acquired by MetaCompliance for an undisclosed amount. Junglemap AB has not previously disclosed any funding events. (more)
Service Companies:
📚 Great Reads
The Opportunity Cost of Data Privacy - A deep dive into the true cost of data privacy, and it isn't what we pay to protect it. It's what we've lost by building an entire digital economy on surveillance.
*Unified Identity Security for Cloud & Infrastructure - Identity risk hides in cloud roles, tokens, and code your SIEM never connects. Teleport unifies identity data across Okta, AWS, GitHub, and infra so you can spot hidden access and cut investigations from hours to minutes.
Polymorphic AI malware exists — but it’s not what you think - Understanding AI malware and how to separate real operational risk from vendor hype.
*A message from our partners
🧪 Labs
Don’t be this kind of company this year
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.