Security, Funded by is a weekly intelligence briefing of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by runZero.
I finally shipped the 2025 State of the Cybersecurity Market report last week after far too many hours of writing! If you’re ever curious what the process looks like, it’s a bit like this:
Let me know what you think!
Also, two more things:
If you’re building cyber products or investing in those who do, and you’re attending the RSA Conference, sign up here for a happy hour I’m co-hosting with Sands Capital.
If you’re a cybersecurity brand looking to get in front of 16,000+ security leaders from around the world this year, reach out and let’s talk 🤝
PARTNER
Master KEV Prioritization with Evidence-Based Intelligence
Turn KEV analysis into actionable intelligence
The CISA KEV Catalog tells you what to patch, but not when, how urgently, or why it matters to your environment. 68% of KEV entries need additional context to prioritize effectively, yet most teams treat it like a static checklist.
runZero’s new KEVology report by former CISA KEV Section Chief Tod Beardsley reveals what KEV entries actually mean for risk. Plus, the free KEV Collider tool helps you prioritize based on evidence, not assumptions.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What AI security assumption from 2023 aged the worst?
Last issue’s vibe check:
How are we feeling about OpenClaw and Moltbook, fam?
🟨🟨🟨🟨🟨⬜️ Exciting, and I can't stop monitoring the situation
🟩🟩🟩🟩🟩🟩 Fun to play with, but never in a company
🟨🟨⬜️⬜️⬜️⬜️ Scared and I have to brief my execs/board on it
🟨🟨🟨⬜️⬜️⬜️ Crypto scams all the way down
🟨🟨🟨⬜️⬜️⬜️ OpenClaw? Is that a hippie Red Lobster?
What a time to be alive in the security industry! I can’t think of another time in my nearly 20-year career where tech advances and security threats have come so fast. Compound that with the fact that a much larger population of people than normal are ready to dive headfirst, YOLO mode, into letting these incredibly powerful technologies run their whole everything.
It’s also amazing to see all the various companies put out so much threat intelligence and open-source software to protect things like OpenClaw, because it’s already running in corporate environments, whether we like it or not. If you’re putting out open-source tools like these, let me know so I can share them!
Some of the top comments from last week’s vibe check:
💬 “Boil it and serve it with hushpuppies, but don't let it near the domain controllers!”
💰 Market Summary
Private Markets
9 companies from 5 countries raised $194.9M across 7 unique product categories
Average deal size was $27.8M (median: $31.0M)
84% of funding went to product companies
8 companies from 4 countries were acquired for $826.8M across 7 unique product categories
62% of M&A activity went to product companies
Public Markets
4 public cyber companies [$VRNS ( ▲ 13.07% ), $TENB ( ▲ 3.02% ), $QLYS ( ▼ 1.49% ), $FTNT ( ▲ 3.83% )] had an earnings report in the first few weeks of 2026, in another blood bath of a week, thanks to AI advancement fears
As of market close on February 2nd, 2026.
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing the end of 2024 vs. 2025 with the start of 2025 vs. 2026.
A slower, but still strong week for the first week of February has the industry inching ever closer to $2 billion in funding for 2026.
Not to be outdone, M&A activity is still moving in a fast and furious manner. The 37 deals YTD are up 12% from the same time period in 2025.
🔭 Zooming Out 🆕
Stories hidden in the numbers
Series A Dominance: Three of nine deals were Series A rounds, commanding $105M, or 54% of all capital deployed. At an average of $35M, these rounds were 2.6x the 13-week median deal size of $13.5M. Post-seed companies are graduating at premium valuations, suggesting a narrowing window to get into winners before they either get acquired or price out.
Serial Acquirer: Varonis is building through acquisition, like so many other large public cyber companies. This week's deal marks their 3rd cyber pickup in the past year.
Platform Consolidation Wave: Varonis added AI governance (AllTrue.ai, $150M). Zscaler absorbed browser isolation (SquareX). Semperis acquired IAM backup (MightyID). Each deal fills an adjacent capability gap. This is the "one vendor" thesis playing out in real time.
🧩 Funding By Product Category
$70.0M for Fraud and Financial Crime Protection across 1 deal
$42.0M for Software Supply Chain Security across 1 deal
$32.0M for Data Security Posture Management (DSPM) across 1 deal
$31.0M for Managed Security Services Provider (MSSP) across 2 deals
$12.0M for Autonomous Product Security Engineering (APSE) across 1 deal
$4.9M for Confidential Computing across 1 deal
$3.0M for Data Protection across 2 deals
🏢 Funding By Company
Product Companies:
TRM Labs, a United States-based anti-fraud platform for cryptocurrencies and Web3, raised a $70.0M Series C from Blockchain Capital. (more)
RAPIDFORT, a United States-based software supply chain security platform for container workloads, raised a $42.0M Series A from Blue Cloud Ventures and Forgepoint Capital. (more)
Orion Security, an Israel-based data security posture management (DSPM) platform, raised a $32.0M Series A from Norwest. (more)
Nullify, an Australia-based autonomous product security engineering (APSE) platform, raised a $12.0M Seed from SYN Ventures. (more)
enclaive, a Germany-based multi-cloud confidential computing platform, raised a $4.9M Seed from Amadeus APEX Technology Fund, Join Capital. (more)
Myota, a United States-based data backup and protection platform using encryption and data sharding, raised a $3.0M Venture Round. SEC Filing
DuoKey, a Switzerland-based cloud management and data encryption-as-a-service platform, raised an undisclosed Non-Equity Assistance from Innovaud and the International Institute for Management Development.
Service Companies:
RADICL Defense, a United States-based managed security services provider (MSSP) for small to medium businesses (SMB), raised a $31.0M Series A from Paladin Capital Group. (more)
CyberFOX, a United States-based managed security services provider, raised an undisclosed Venture Round from Level Equity Management. (more)
🌎 Funding By Country
$146.0M for the United States across 5 deals
$32.0M for Israel across 1 deal
$12.0M for Australia across 1 deal
$4.9M for Germany across 1 deal
An undisclosed amount for Switzerland across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
AllTrue.ai, a Canada-based AI governance and risk management platform, was acquired by Varonis Systems for $150.0M. AllTrue.ai has not previously disclosed any funding events. (more)
Atriarch, a United States-based decentralized identity-based encrypted communications platform, was acquired by CyberCatch for $1.8M. Atriarch has not previously disclosed any funding events. (more)
Service Companies:
Magna5, a United States-based managed services provider (MSP), was acquired by AEA Investors for an undisclosed amount. Magna5 has not previously disclosed any funding events. (more)
Maple Woods Enterprises, a United States-based professional services firm focused on cybersecurity assessments and threat monitoring, was acquired by Logicalis US for an undisclosed amount. Maple Woods Enterprises has not previously disclosed any funding events. (more)
📚 Great Reads
2025 State of the Cybersecurity Market - The cybersecurity market recovered in 2025, but not evenly. Inside: who won, who got acquired, and what 2026 holds for founders, buyers, and investors.
Prompt Injection Isn't a Vulnerability - It's not a vulnerability when it's by design. See below.
OpenClaw Shield - A security plugin for OpenClaw that prevents your AI agent from leaking secrets, exposing PII, or executing destructive commands.
*A message from our partners
🧪 Labs
Pre-idea, pre-team (it’s just Claude telling me what to do), pre-product, pre-revenue, raising $100M pre-seed at a 0% discount, $100B valuation, serious offers only, LGTM 🚀
I lol’ed at the number of people who didn’t realize this was satire
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.