Security, Funded is a weekly intelligence briefing on the economic activity in the cybersecurity industry. This week’s issue is brought to you by Doppel and Endor Labs.
Ahh, yes, that insane chill week before RSAC. That calm before the storm. The time before, when everyone will be everywhere in San Francisco doing everything all at once.
My schedule will be jam-packed like everyone else, but if you want to say hello (and I hope you do!), here are a few of the places I’ll be next week:
Saturday/Sunday - BSidesSF
Sunday - Calm Before The Storm 2026
Wednesday - Cyber Product Managers & Builders Happy Hour (I’m cohosting this one)
And too many other places to name.
Hope to see many of you out there!
Also, thanks so much to everyone who shared The Signal and sent me feedback! The outpour of support has been incredible, and I’ve been steadily chipping away at the features you requested. You’ll also find that all the charts in this newsletter are live and interactive on The Signal.
If you get a chance to check out the platform, just reply to this email and tell me what's missing, what's broken, and what you want to see next. 🫡
PARTNER
Replacing Legacy DRP & SAT with Doppel
Modern social engineering attacks move faster and farther than legacy defenses.
They slip across email, SMS, voice, chat, social, and paid ads while teams drown in alerts and slow manual workflows.
Join the webinar on March 18th for a different approach: an AI-native, unified platform that correlates signals across surfaces, autonomously disrupts attacker campaigns, and trains people to act as the organization’s first line of defense.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What's the worst advice being given to security leaders right now?
Last issue’s vibe check:
What security spend would you cut first if forced?
🟩🟩🟩🟩🟩🟩 Threat intel subscriptions
🟨🟨🟨⬜️⬜️⬜️ MSSP/managed services
🟨🟨🟨🟨⬜️⬜️ Consultant/advisory spend
🟨🟨🟨🟨⬜️⬜️ Bug bounty program
⬜️⬜️⬜️⬜️⬜️⬜️ Other (tell me)
A very interesting split on the votes from last week’s vibe check. I’m not surprised about threat intelligence subscriptions catching flak. There are many threat intelligence companies and sources, often greatly overlapping, and the discernment of valuable information seems right up the alley of AI systems to sort through and even provide.
We also get to see a bit of casualty of the AI War here, with bug bounty programs being on the proverbial chopping block. With AI so accessible and the ease with which you can point it at any piece of software or infrastructure to find bugs, the offensive security world has seen an explosion of AI Slop vulnerabilities (sometimes not even real ones).
I think it was the Notorious A.G.I. who said it best when he said, “More AI, more problems.” ¯\_(ツ)_/¯
Some of the top comments from last week’s vibe check:
💬 “There's a huge incentive with both current events and generally to try to gain more intelligence, and GenAI provides a strong opportunity, if the data it generates is true (fake IoCs aren't helpful after all).”
💬 On MSSPs: “Removing American based services.” 👀
💬 On Bug Bounty Programs: “AI making noise > signal ratio untenable.”
🔭 Zooming Out 🆕
Stories hidden in the numbers
Category Deja Vu: Round 2 of AI-enhanced Security Operations has been the name of the game in 2026 so far. What makes this latest batch of startups different from the ones that tried this in 2024 and 2025, we do not yet know, but we have seen this movie before as an industry.
💰 Market Summary
Private Markets
13 companies from 3 countries raised $325.6M across 11 unique product categories
Average deal size was $32.6M (median: $25.0M)
100% of disclosed funding went to product companies
4 companies from 2 countries were acquired across 3 unique product categories
75% of M&A activity went to service companies
Public Markets
2 public cyber companies [$FTNT ( ▲ 1.26% ) and $S ( ▼ 1.58% )] had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing the end of 2024 vs. 2025 with the start of 2025 vs. 2026.
Things were ramping up much harder this time last year, but RSAC is earlier than usual this year, thanks to the upcoming Easter holidays.
M&A is picking back up, including the first acquisition of a cyber company from one of the foundation model companies (details below).
PARTNER
AI SAST: static analysis that thinks like a security engineer 🧠
Zero in on real security issues
Beyond just pattern matching, AI SAST detects complex logic flaws, like broken access control and insecure design, at Endor Labs. It understands how your code works and what matters to your organization, so you know what’s exploitable, what’s not, and how to fix it.
🧩 Funding By Product Category
$45.0M for Security Operations across 1 deal
🏢 Funding By Company
Product Companies:
Kai, a United States-based autonomous security operations and orchestration platform, raised a $1250.0M Series A from Evolution Equity Partners. (more)
Jazz, a United States-based data loss prevention platform, raised a $43.0M Series A from Glilot Capital Partners and Team8. (more)
Onyx Security, a United States-based AI application monitoring, governance, and security platform, raised a $40.0M Series A from Conviction VC. (more)
Qevlar AI, a France-based AI-agent-enabled security operations center support platform, raised a $30.0M Series A from Forgepoint Capital and Partech. (more)
Bold Security, a United States-based endpoint data exfiltration and insider threat protection platform, raised a $28.0M Series A from Bessemer Venture Partners, Picture Capital, and Red Dot Capital Partners. (more)
Scanner.dev, a United States-based security operations and data analytics platform, raised a $22.0M Series A from Sequoia Capital. (more)
Escape, a United States-based application security testing and monitoring platform, raised a $17.9M Series A from Balderton Capital. (more)
Cleafy, an Italy-based identity verification platform, raised a $13.9M Series B from eCAPITAL ENTREPRENEURIAL PARTNERS and United Ventures. (more)
Quantro Security, a United States-based automated threat and vulnerability remediation platform, raised a $5.5M Seed from Gradient. (more)
SCATR, a United States-based secure access service edge platform, raised a $307.0K Venture Round. (SEC Filing)
Dropzone AI, a United States-based AI-agent-enabled security operations platform, raised an undisclosed Corporate Round from Leidos Holdings. (more)
Spin.AI, a United States-based ransomware protection and data recovery platform across Saas collaboration suites, raised an undisclosed Venture Round from K1 Investment Management. (more)
Service Companies:
Assured Data Protection, a United States-based managed security services provider (MSSP), raised an undisclosed Debt Financing round from HSBC UK. (more)
🌎 Funding By Country
$281.7M for the United States across 11 deals
$30.0M for France across 1 deal
$13.9M for Italy across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Service Companies:
I7 Technologies, a United Kingdom-based managed IT and security services provider, was acquired by Connectus Group for an undisclosed amount. I7 Technologies has not previously disclosed any funding events. (more)
Leviathan Security Group, a United States-based professional services firm focused on cyber and risk management consulting, was acquired by K2 Integrity for an undisclosed amount. Leviathan Security Group has not previously disclosed any funding events. (more)
Pennant Networks Technology Consultants, a United States-based managed IT and security services provider for the life sciences industry, was acquired by EchoStor Technologies for an undisclosed amount. Pennant Networks Technology Consultants has not previously disclosed any funding events. (more)
📚 Great Reads
Dubai Brings Influencers to a Drone Fight - Not exactly cybersecurity related, but timely and relevant nonetheless, since cyber is as much about influence as operations. How the UAE decided to shake up the influence game.
The Monitoring the Situation App - Title says it all, but you can monitor ALL the situations here.
*A message from our partners
🧪 Labs
“I’m on call 24×7”
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.