Security, Funded by is a weekly intelligence briefing of the public and private economic activity in the cybersecurity market. This week’s issue is brought to you by Authentik, Turbot, and Palo Alto Networks.
I’ve got something a bit different in the opener this week that I’ve been working on for many months.
There's no single place to see cybersecurity funding trends, M&A activity, and market shifts in real time. If you want the full picture today, you're stitching together a dozen free and paid sources to try to make sense of it (ask me how I know 👀).
So I decided to build one!
Today I'm publicly launching Signal, the live cybersecurity market intelligence dashboard that powers this newsletter and visualizes the cybersecurity economy. Funding trends, M&A activity, deal flow by stage, geography, product categories, all of it, is explorable in real time now.
And it's free: signal.returnonsecurity.com
This is just the foundation, and I’m building more advanced analytics, deeper drill-downs, and custom views on top of what you can see today. I’m sure there will be a few bugs I haven’t found yet, but your feedback will be very helpful and will shape what I build next.
Just reply to this email and tell me what's missing, what's broken, and what you want to see next. 🫡
PARTNER
Own your Identity Stack with Authentik Security
Authentik is an open source identity provider that prioritizes security and flexibility.
With 1M+ installations around the world, including at leading teams like Cloudflare and federal agencies, Authentik provides workforce and customer identity for the modern enterprise.
Manage human and non-human identities in one place. Automate your IAM. Ditch your flaky SaaS IdP.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What security spend would you cut first if forced?
Last issue’s vibe check:
Given all of the AppSec excitement last week, where is the next likely place that frontier AI labs will attack the security stack?
🟨🟨🟨⬜️⬜️⬜️ Cloud security
🟩🟩🟩🟩🟩🟩 Threat intelligence
🟨🟨⬜️⬜️⬜️⬜️ Identity management/governance
⬜️⬜️⬜️⬜️⬜️⬜️ Risk dashboards/exec reporting
🟨🟨🟨🟨⬜️⬜️ Compliance / GRC
⬜️⬜️⬜️⬜️⬜️⬜️ Other
An interesting spread of results from last week’s vibe check. Threat intelligence seems like the most obvious next step, but compliance and GRC ranked second. Static and repeatable work is the absolute right place to point AI at.
I also love how “risk dashboard/exce reporting” got zero votes. To me, that’s really telling. It’s one thing to do some technical work with AI, but it’s a completely different thing to replace reporting that other teams and maybe even your boss rely on.
It reminds me of that famous IBM saying from 1979, "A computer can never be held accountable, therefore a computer must never make a management decision."
Some of the top comments from last week’s vibe check:
💬 “There's a huge incentive with both current events and generally to try to gain more intelligence, and GenAI provides a strong opportunity, if the data it generates is true (fake IoCs aren't helpful after all).”
💬 “Compliance and GRC are largely manual and subjective still. This could flip both of those switches, ensuring faster (near real-time?) collection at higher fidelity. This is low-hanging fruit.”
🔭 Zooming Out 🆕
Stories hidden in the numbers
Competitive Cluster: Two Security Operations startups raised a combined $75M this week, Cylake ($45M Seed) and Fig Security ($30M Series A), showing the AI-driven SecOps opportunity still does not have a clear winner.
Investor Velocity: Some major investors are slowing down and now making less than half of their typical deal flow compared to previous years. This isn't necessarily a setback or a bad thing, but it might indicate they’re making fewer, larger investments. The question is whether deal flow decreases as well. 🤔
💰 Market Summary
Private Markets
11 companies from 4 countries raised $200.6M across 10 unique product categories
Average deal size was $20.1M (median: $18.2M)
98% of funding went to product companies
1 company from 1 country was acquired across 1 unique product category
100% of M&A activity went to product companies
Public Markets
1 public cyber company [$CRWD ( ▲ 1.2% )] had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing the end of 2024 vs. 2025 with the start of 2025 vs. 2026.
The past few weeks have had lower dollar amounts on the funding front compared to the same time last year. I think this is about to explode with RSAC coming up in two weeks, however.
A very quiet week on the M&A front. Not really a pattern or issue here, just the calm before the RSAC storm.
PARTNER
Stop firefighting cloud alerts
With a 338% rise in cloud security alerts in 2024, remediation bogs teams down when most alerts are preventable. Turbot's prevention-first approach pairs with your CNAPP to block misconfigurations in build and at the cloud provider API, and it auto-remediates drift at runtime.
🧩 Funding By Product Category
$45.0M for Security Operations across 1 deal
$34.0M for AI Governance across 1 deal
$30.0M for Security Log Data Management (SLDM) across 1 deal
$26.0M for Threat and Risk Prioritization across 2 deals
$25.0M for Data Protection across 1 deal
$16.4M for Cybersecurity Education & Training across 1 deal
$16.0M for Application Security Posture Management (ASPM) across 1 deal
$4.7M for Managed Security Services Provider (MSSP) across 1 deal
$3.5M for Security and Compliance Automation across 1 deal
An undisclosed amount for Embedded Security across 1 deal
🏢 Funding By Company
Product Companies:
JetStream Security, a United States-based AI governance and security platform, raised a $34.0M Seed from Redpoint. (more)
Fig Security, an Israel-based data engineering management platform for security log data, raised a $30.0M Series A from Team8 and Ten Eleven Ventures. (more)
Evervault, an Ireland-based encryption as a service infrastructure platform for developers, raised a $25.0M Series B from Ribbit Capital. (more)
Reclaim Security, a United States-based threat and risk prioritization platform, raised a $20.0M Series A from Acrew Capital and a $6.0M Seed. (more)
Circadence, a United States-based cyber range platform for hands-on simulations for security professionals to defend against attack scenarios, raised a $16.4M Private Equity Round from Seneca Partners. (more)
ArmorCode, a United States-based application security posture management (ASPM) platform, raised a $16.0M Venture Round from Cheyenne Ventures. (more)
IntelliGRC, a United States-based security and compliance automation platform focused on the CMMC compliance framework, raised a $3.5M Seed from Kyle Hanslovan, Blu Ventures Investors. (more)
Emproof, a Germany-based embedded software security platform, raised an undisclosed Venture Round from Auriga Cyber Ventures. (more)
Service Companies:
Gyala, a United States-based managed security services provider (MSSP), raised a $4.7M Venture Round from Deep Ocean Capital. (more)
🌎 Funding By Country
$145.6M for the United States across 8 deals
$30.0M for Israel across 1 deal
$25.0M for Ireland across 1 deal
An undisclosed amount for Germany across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
SecureKey Technologies, a Canada-based digital identity verification and authentication platform, was acquired by Quantum eMotion for an undisclosed amount. SecureKey Technologies has not previously disclosed any funding events. (more)
Service Companies:
None
📚 Great Reads
Zero Day Clock - Sergej Epp has been tracking the collapse of time-to-exploit for vulnerabilities for over two decades, showing how the gap between vulnerability disclosure and first working exploit has collapsed exponentially.
*Secure Your AI-Generated Code - Vibecoding has changed how software is built and is introducing new risks. Discover how to secure AI-generated code without slowing teams.
CogSec 101 - Jamieson O'Reilly, through the lens of redteaming, talks about the growing importance of cognitive security (CogSec) in an AI and LLM-driven world, and how you can't trust what you see.
*A message from our partners
🧪 Labs
“Enterprise software is dead 😤”
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.