Welcome back and Happy New Year!
I hope that you got the chance to add shareholder value relax and unwind over the holidays with friends and family. 🫡
This issue is a doozy, spanning multiple weeks through the end of December 2025. There’s more data in this issue, and the charts may span a longer timeframe than you're used to, so think of this as a catch-up issue.
Also, one more thing! If Return on Security has been helpful for you, no matter how long you’ve been reading, I would really value your input on this 2-minute survey:
PARTNER
Axonius - Asset Intelligence that Eliminates Security Guesswork
Actionable insights
Security teams say they’re prepared to act on alerts. The data says otherwise.
90% claim they're ready to tackle exposures, yet only 25% trust their data. When your view is incomplete, your response will be too. Prioritized response depends on the foundation your tools rely on: contextualized and trusted asset data.
The impact:
- Critical vulnerabilities linger
- Teams waste time reconciling conflicting or outdated data
- AI and automation fall short - because bad data leads to bad outcomes
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What metric should we finally stop tracking in 2026?
Last issue’s vibe check:
What cybersecurity trend peaks in 2026?
🟨⬜️⬜️⬜️⬜️⬜️ Platform consolidation
🟩🟩🟩🟩🟩🟩 AI agent hype cycle
🟨🟨⬜️⬜️⬜️⬜️ Exposure management replacing vuln management
🟨🟨🟨⬜️⬜️⬜️ GenAI governance platforms
⬜️⬜️⬜️⬜️⬜️⬜️ Other (tell me)
Who would have thought that the most talked-about technology of 2025 would be the one that people think will peak in 2026? Well, statistically speaking, most of you thought that, but it’s likely a surprise for many others.
While AI agents have been the talk of the town, anyone who has spent much time with AI applications realizes the “agent” dream is still quite far away for even the simplest enterprise use case. There is still a very long way to go, and much security to sort out along the way.
I do think 2026 will be the year of governance and posture management for AI agents, but we’re not at the top of this mountain yet, I fear.
Me when I realize that AI agents haven’t even begun to peak
Some of the top comments from last week’s vibe check:
💬 “People will begin to realize that GenAI governance platforms aren't any different from... wait for it... their existing governance platforms.”
👆 This one is going to sting for some folks!
💰 Market Summary
Private Markets
31 companies from 13 countries raised $940.8M across 25 unique product categories
Average deal size was $36.2M (median: $3.6M)
93% of funding went to product companies
8 companies from 4 countries were acquired for $7.8B across 5 unique product categories
62% of M&A activity went to service companies
Public Markets
No public cyber companies had an earnings report in the last few weeks of 2025
Most public cybersecurity companies ended 2025 in a worse position than when they started, including two notable companies, SailPoint and Netskope, which both went IPO.
As of market close on December 31, 2025.
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Nearly $1 billion in cybersecurity funding for the last few weeks of the year is pretty fitting for such a big year. I’ll have a lot more detail in the upcoming annual report on how the year shook out, but it was an epic one.
An active and high-profile end to the last few weeks of 2025 on the M&A front as well. It almost seemed as if companies didn’t “use it”, that they would “lose it.” 🤔
☎️ Earnings Reports
This analysis is personal research and opinions only. This is not financial or investing advice. Do your own due diligence before making investment decisions.
Earnings reports from last week: None
Earning reports to watch this coming week: None
🧩 Funding By Product Category
$400.0M for Data Security Posture Management (DSPM) across 1 deal
$130.9M for Security Operations across 2 deals
$117.7M for Internet of Things (IoT) Security across 2 deals
$81.0M for Security Awareness across 1 deal
$57.9M for Professional Services across 2 deals
$40.0M for Identity Governance & Administration (IGA) across 1 deal
$35.0M for Secure Infrastructure across 1 deal
$24.0M for Continuous Automated Red Teaming (CART) across 1 deal
$12.0M for Security and Compliance Automation across 1 deal
$9.0M for Threat and Risk Prioritization across 1 deal
$8.8M for Fraud and Financial Crime Protection across 1 deal
$3.6M for Data Protection across 2 deals
$3.4M for Continuous Threat Exposure Management (CTEM) across 2 deals
$2.6M for Mobile Device Security across 1 deal
$2.5M for AI Governance across 2 deals
$2.3M for Confidential Computing across 1 deal
$2.0M for Secure Networking across 1 deal
$2.0M for Managed Security Services Provider (MSSP) across 2 deals
$2.0M for Identity Threat Detection and Response (ITDR) across 1 deal
$1.4M for Cyber Risk Management across 1 deal
$1.1M for Operational Technology (OT) Security across 1 deal
$1.0M for Privileged Access Management (PAM) across 1 deal
$600.0K for Data Privacy across 1 deal
An undisclosed amount for Application Security Testing (AST) across 1 deal
An undisclosed amount for Cybersecurity Education & Training across 1 deal
🏢 Funding By Company
Product Companies:
Cyera, a United States-based data security posture management platform, raised $400.0M in Private Equity from Blackstone Group. (more)
Adaptive Security, a United States-based security awareness training platform for AI-enabled social engineering and deepfake attacks, raised a $81.0M Series B from Bain Capital Ventures. (more)
Act Security, an Israel-based identity governance for AI agents and applications, raised a $40.0M Series A from Notable Capital. (more)
Armadin Security, a United States-based automated red-teaming and AI threat hunting platform, raised a $24.0M Seed from Ballistic Ventures. (more)
Logpresso, a South Korea (Republic of Korea)-based security automation and event management platform, raised a $10.9M Series B from K2 Investment Partners, KB Investment, SANDSLab. (more)
Dux Security, a United States-based threat and risk prioritization platform based on exploitability analysis, raised a $9.0M Seed from Maple Capital, Redpoint, and TLV Partners. (more)
Verisoul, a United States-based fake user detection and protection platform, raised a $8.8M Series A from High Alpha. (more)
Gambit Cyber, a United States-based continuous threat exposure management platform, raised a $3.4M Seed from Expeditions. (more)
Soverli, a Switzerland-based mobile device security and digital sovereignty platform, raised a $2.6M Pre-Seed from Founderful. (more)
Ciphero AI, a United States-based AI application governance and safety platform, raised a $2.5M Pre-Seed from Chingona Ventures and Sovereign's Capital. (more)
Wodan AI, a Belgium-based confidential computing platform using homomorphic encryption for sensitive workloads, raised a $2.3M Pre-Seed from Adara Ventures, JME Ventures, and Swanlaab Venture Factory. (more)
Gardiyan, a Turkey-based managed security services provider, raised a $2.0M Seed from APY Ventures. (more)
Grayscale security, a China-based automated cybersecurity risk management platform, raised a $1.4M Series A from Tianjin Science and Technology Angel Investment and Tianjin Taiqiao.
Bastazo, a United States-based AI-driven vulnerability prioritization platform for operational technology and critical infrastructure, raised a $1.1M Grant from BIRD Foundation. (more)
Grizzle Technology, a Turkey-based privileged access management platform, raised a $1.0M Corporate Round from Dof Robotics.
CYTRIO, a United States-based data privacy compliance and rights management platform, raised a $600.0K Venture Round.
Cyra, an India-based cybersecurity education and live training platform, raised an undisclosed Seed.
ValiantSec, a China-based application security testing platform, raised an undisclosed Venture Round from China Internet Investment Fund, Fortune Venture Capital, and Junxi Capital.
Service Companies:
DSShield, a Saudi Arabia-based professional services firm focused on operational technology security and physical security services, raised a $54.1M Private Equity from Merak Capital. (more)
Nordic LEVEL, a Sweden-based professional services firm focused on cyber and physical risk management services, raised a $3.8M Debt Financing.
QUANTUM DEFEN5E, a Canada-based quantum-resistant data protection and network security platform, raised a $2.6M Seed.
Woodway Assurance, a Canada-based platform for making sensitive data available for AI/ML use cases in a privacy-preserving manner, raised a $1.0M Seed from Aventure Capital. (more)
Diling Technology, a China-based trust and safety platform for AI training and application data and generated outputs, raised an undisclosed Series A from Cowin Venture, Planck Venture, and South China Venture Capital. (more)
Outpost24, a Sweden-based continuous threat exposure management (CTEM) platform, raised an undisclosed Private Equity from Vitruvian Partners. (more)
🌎 Funding By Country
Chart data is from December 8th to December 31st, 2025.
$544.4M for the United States across 12 deals
$195.0M for Israel across 3 deals
$117.7M for Italy across 2 deals
$54.1M for Saudi Arabia across 1 deal
$10.9M for South Korea (Republic of Korea) across 1 deal
$3.8M for Sweden across 2 deals
$3.6M for Canada across 2 deals
$3.0M for Turkey across 2 deals
$2.6M for Switzerland across 1 deal
$2.3M for Belgium across 1 deal
$2.0M for the United Kingdom across 1 deal
$1.4M for China across 3 deals
An undisclosed amount for India across 1 deal
🤝 Mergers & Acquisitions
Chart data is from December 8th to December 31st, 2025.
Product Companies:
Armis, a United States-based agentless IoT security platform, was acquired by ServiceNow for $7.8B. Armis had previously raised $1.2B in funding. (more)
HYAS, a Canada-based threat intelligence and protective DNS platform, was acquired by Silent Push for an undisclosed amount. HYAS had previously raised $16.0M in funding. (more)
Phronesis Security, an Australia-based professional services firm focused on security assessments and compliance, was acquired by Bastion Security Group for an undisclosed amount. Phronesis Security has not previously disclosed any funding events. (more)
Service Companies:
CloudScale365, a United States-based managed services provider (MSP), was acquired by Broadwing Capital for an undisclosed amount. CloudScale365 has not previously disclosed any funding events. (more)
Cresco Cybersecurity, a Belgium-based professional services firm focused on security assessments, training, and risk reduction, was acquired by Integrity360 for an undisclosed amount. Cresco Cybersecurity has not previously disclosed any funding events. (more)
nuview, a United States-based managed security services provider, was acquired by RFE Investment Partners for an undisclosed amount. nuview has not previously disclosed any funding events. (more)
Sheffield Scientific, a United States-based professional services firm focused on security for critical national infrastructure, was acquired by Total Resource Management for an undisclosed amount. Sheffield Scientific has not previously disclosed any funding events. (more)
📚 Great Reads
The 2025 Return on Security Year-End Letter - Reflecting on 2025 with the Return on Security community, examining key changes, personal growth, and what lies ahead for cybersecurity in 2026.
*Modern PAM Doesn’t Need Vaults – Static credentials and standing access don’t scale. Teleport issues short-lived, just-in-time access backed by real, verifiable identity – not rotated passwords or vaults.
2025 Cybersecurity Macroeconomic Retrospective - My friend Chris Hughes and I sat down to look back on 2025 and how the cybersecurity industry fared from a macroeconomic standpoint. We discuss IPOs, the rise in funding, and, of course, AI.
*A message from our partners
🧪 Labs
How I hope the emails found you over the holiday break.
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.