This week’s opener is coming to you live and direct from 30,000 feet on my way back from BSidesSF and the RSA Conference.
Thanks to everyone who came out to support the various events, and for all the kind words. It was great to meet many of you in real life for the first time and to catch up with so many others I only see a few times a year.
If I had to sum up what stood out at RSA for this year, using each letter of “RSA,” it would look something like this (you won’t believe the last one 🤯):
R = Agentic AI
S = Agentic AI
A = AI Agents 🤯
Wow, you don’t see that every day! AI is everywhere and nowhere at the same time. It’s been absorbed into the infrastructure, yet it’s the problem everyone keeps trying to solve for.
2026 is going to be a bumpier ride than normal for cyber startups. 🫡
PARTNER
Agentic AI That Turns Exposure Intelligence Into Action
Agentic engine for real preemptive risk reduction
Most “AI for security” stops at summaries and dashboards. Tenable Hexa AI goes further as an agentic engine inside Tenable One, orchestrating agents and humans to automate asset tagging, risk reprioritization, coverage, and reporting.
It turns exposure intelligence into coordinated action at machine speed, with human judgment still in control.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
AI Agents are so 2025. What's the next, next AI-driven security frontier that's getting funded next?
Last issue’s vibe check:
What's the best advice for security leaders right now?
🟨🟨🟨⬜️⬜️⬜️ Shrink your tool stack and deepen your expertise
🟩🟩🟩🟩🟩🟩 Focus on fewer things and do them well
🟨🟨🟨⬜️⬜️⬜️ Make friends with engineering and finance
🟨🟨🟨🟨⬜️⬜️ Automate the boring stuff, but no cosplaying as a vendor
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave a comment)
Audible gasp, Egads! Am I reading this data correctly? We, as security people, want to do fewer things now that we have our AI overlords available? What about the productivity gains, man?! Think of the tokens!
I think a few of these can be combined here with automating the boring stuff, while also focusing on fewer things, so your program can do them better.
Some of the top comments from last week’s vibe check:
💬 “Shrinking the tool stack lines up with what I thought was the allure of NGFW: consolidate multiple techs into one so your team had fewer things to master.”
🔭 Zooming Out
Stories hidden in the numbers
Post-Conference Slowdown: Funding dropped 91% week-over-week ($920M to $78.5M), which is the typical post-conference exhale. Companies will time new announcements in an attempt for maximum RSA visibility, but it’s the equivalent of yelling into the void. If you’re not the biggest funding round, largest acquisition, or you’re not in the RSA Innovation Sandbox, you’ll likely fall on over-stimulated eyes and ears. Timing can mean a lot in an industry like that.
💰 Market Summary
Private Markets
8 companies from 3 countries raised $78.5M across 7 unique categories
Average deal size was $19.6M (median: $13.8M)
62% of funded companies were product companies
8 companies from 3 countries were acquired across 7 unique categories
62% of acquired companies were product companies
Public Markets
No public cyber companies had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing the end of 2024 vs. 2025 with the start of 2025 vs. 2026.
See the chart live
While the numbers from last week look unusually low, the market is still writing checks at the same clip it was a year ago. Last week’s funding pushed the total for 2026 over $4 billion already.
See the chart live
M&A, on the other hand, got after it last week. The consolidations will continue until morale (AI SOC) improves!
PARTNER
Secure your data, master privacy & lead with confidence at #GartnerSEC
Build your cybersecurity playbook with Gartner experts
It’s (almost) World Backup Day. Remember: protecting your data starts with strong privacy controls. At Gartner Security & Risk Management Summit 2026, June 1 – 3, in National Harbor, MD, explore how modern privacy regulations and AI governance shape your data protection strategy. Get expert guidance on compliance, breach response, and privacy tools.
Discover the new Privacy track at #GartnerSEC and register before April 10 to save $450 on your spot.
🧩 Funding By Product Category
See the chart live
$50.0M for Insider Threat across 1 deal
$16.5M for Application Security Posture Management (ASPM) across 1 deal
$11.0M for Continuous Threat Exposure Management (CTEM) across 1 deal
$1.0M for Cybersecurity Education & Training across 1 deal
An undisclosed amount for Secure Networking across 1 deal
An undisclosed amount for Managed Security Services Provider (MSSP) across 2 deals
An undisclosed amount for Professional Services across 1 deal
🏢 Funding By Company
Product Companies:
Above Security, an Israel-based agent-driven insider threat platform, raised a $50.0M Series A from Ballistic Ventures, Merlin Ventures, and Norwest. (more)
BlueFlag Security, a United States-based software security and governance platform, raised a $16.5M Series A from Maverick Ventures and Ten Eleven Ventures. (more)
Onit Security, an Israel-based continuous threat exposure management platform, raised a $11.0M Seed from Hetz Ventures and Brightmind Partners. (more)
MetaCTF, a United States-based cybersecurity training platform, raised a $1.0M Seed. (SEC Filing)
zerothird (formerly Quantum Industries), an Austria-based post-quantum encryption network security platform, raised an undisclosed Seed from Verbund X Ventures. (more)
Service Companies:
Acture Solutions, a United States-based managed security services provider, raised an undisclosed Private Equity Round from Stonepeak. (more)
Nighthawk, a United States-based managed security services provider, raised an undisclosed Non-Equity Assistance round from Plug & Play
SyncData.ai, a United States-based professional services firm focused on financial crime prevention and security program maturity, raised an undisclosed Funding Round from Innovation Fund-McKinney Economic Development Corporation. (more)
🌎 Funding By Country
$61.0M for Israel across 2 deals
$17.5M for the United States across 5 deals
An undisclosed amount for Austria across 1 deal
🤝 Mergers & Acquisitions
See the chart live
Product Companies:
Kenzo Security, a United States-based AI-agent-enabled security operations platform, was acquired by Rapid7 for an undisclosed amount. Kenzo Security had previously raised $4.5M in funding. (more)
SiftD, a United States-based security orchestration and automated response platform, was acquired by Databricks for an undisclosed amount. SiftD has not previously disclosed any funding events. (more)
Service Companies:
Artilus, a United States-based managed security services provider, was acquired by Acture Solutions for an undisclosed amount. Artilus has not previously disclosed any funding events. (more)
Certinet Systems, a United States-based managed security services provider, was acquired by Convergence Networks for an undisclosed amount. Certinet Systems has not previously disclosed any funding events. (more)
Ultra Cyber, a United Kingdom-based professional services firm focused on battlefield and defense communications security, was acquired by Airbus Defence & Space for an undisclosed amount. Ultra Cyber has not previously disclosed any funding events. (more)
📚 Great Reads
Apple Is Way Behind in AI, but Still Crushing It - Its artificial-intelligence revenue is set to top $1 billion this year, reassuring investors wary of rivals’ sky-high spending.
*Seeing AI Isn’t the Same as Securing It - As AI adoption accelerates, many organizations mistake visibility for security. In this roundtable, Varonis leaders discuss where AI risk actually emerges.
The Delve Saga Gets Worse - An anonymous Substack accuses security and compliance automation startup Delve of “falsely” convincing “hundreds of customers they were compliant” with privacy and security regulations.
*A message from our partners
🧪 Labs
Now THIS is using 100% of your brain (to go to jail)
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.