Security, Funded is a weekly intelligence briefing on the economic activity in the cybersecurity industry. This week’s issue is brought to you by Varonis, Gartner, and Fig Security.
Hope you all had a great weekend!
It was a pretty crazy week last week in the cyber world. There was the usual excitement around yet another Anthropic model announcement, but this time it was about a model named “Mythos” so expertly good at cybersecurity, hacking, and finding vulnerabilities that it has been deemed “too dangerous” to release. This announcement comes on the heels of Anthropic leaking its own source code for Claude Code a week earlier, no less (*queue up the memes here*).
The Mythos release generated such excitement that the model was given only to top cybersecurity and tech companies, along with the top US banks, so they could get ahead of the patching that would be required. It even caused U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell (my boy JPow) to hold an emergency meeting with top bank CEOs, warning of the dangers posed by this model. Cybersecurity and software stocks more broadly aggressively sold off amid all this news (as I’ve discussed before, this is not a signal to follow too closely), along with the ongoing escalations and de-escalations with Iran (which is also seeing cyber attacks alongside kinetic ones). There is also growing skepticism in the community that Anthropic is doing a bit of clever marketing with this model, rather than being purely above board, but the jury is still out on that.
Why, even this newsletter was almost too dangerous to send! (trust me, bro)
I’ve long believed that cybersecurity is inexorably tied to the global economy, and if this week’s past events don’t convince you of that, I don’t know what will. All of this, IMO, further validates the need for cyber as an industry, and I expect continued growth in this year.
Outside of all that excitement, I wanted to give a shoutout to the team at Harmonic Security for putting on another stellar event in London called Building the UK Cyber Flywheel. It was the second iteration of the event, and it doubled in size while still maintaining very high-quality content. I was fortunate enough to attend both events.
The UK’s cybersecurity economy still has a long way to go, but it’s been really great to see just how much things have changed for the better in just the three years that I’ve lived here. I’m seeing/feeling the same across various parts of Europe as well, and there is a big drive to get the right elements for success lined up.
PARTNER
AI changed the risk model. Security has to catch up.
Your fastest path to safe and trustworthy AI
AI is moving faster than most security programs were built to handle. Varonis Atlas is a leading AI Security Platform that helps teams see what AI systems exist and how they behave, control AI activity with real‑time guardrails, and reduce AI‑driven risk across the entire lifecycle.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What's the best part of working in security right now?
Last issue’s vibe check:
What's the biggest gap in the security of AI agents right now?
🟨🟨🟨🟨⬜️⬜️ Stopping agents from being hijacked
🟩🟩🟩🟩🟩🟩 Controlling what agents can do
🟨🟨🟨🟨🟨⬜️ Knowing what agents did
🟨🟨🟨🟨⬜️⬜️ Trusting agent output
🟨🟨🟨⬜️⬜️⬜️ Revoking agent access when things go wrong
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave a comment)
Controlling what agents can do and knowing what they did were the biggest unsolved concerns for AI agent security, according to last week’s vibe check. If we’re to believe the hype of the Mythos “limited” release, it seems Anthropic isn’t that close to controlling what agents can do either. 👀
We’re still also concerned about the other items, but people are becoming more trusting of AI and agent output more generally. I suspect that if I had sent this poll 12-18 months ago, we would still be far more skeptical over agent output. It just shows how much sentiment has changed in our industry in a relatively short period of time.
Some of the top comments from last week’s vibe check:
💬 “Even Anthropic hasn't quite figured this one out yet, so what luck does everyone else have at this point... ”
🔭 Zooming Out
Stories hidden in the numbers
Deal Volume Down, Dollars Holding - Funding volume dropped 18% over 13 weeks, but average deal sizes are climbing (median $17.2M this week). Fewer companies are getting funded right now, and those that do are raising larger rounds. The bar for fundraising is rising as it always does in times of great competition. And I don’t know if you’ve noticed, but we’re in one of the most competitive times in this industry’s history right now. May the odds be ever in your favor. 🫡
💰 Market Summary
Private Markets
6 companies from 3 countries raised $75.9M across 5 unique categories
Average disclosed deal size was $19.0M (median: $17.2M)
83% of funded companies were product companies
3 companies from 2 countries were acquired across 2 unique categories
67% of acquired companies were service companies
Public Markets
No public cyber companies had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
Funding has hit the brakes a bit over these last 13 weeks, with deal volume down 18%. The year-to-date view still remains strong, however,
We're seeing slow but steady momentum in M&A. The market picked up 62 acquisitions in the last 12 weeks, a modest but consistent 7% climb from the 58 deals we tracked in the same period last year.
PARTNER
Master Identity Management: Safeguard, Empower, and Innovate at #GartnerSEC
Elevate your identity management strategy with insights from industry experts
Identity Management Day is right around the corner! Protecting your organization begins with strong identity and access controls. Join us at the Gartner Security & Risk Management Summit 2026, June 1 – 3, in National Harbor, MD, to explore how advanced identity management, zero-trust frameworks, and AI-powered authentication are reshaping security approaches.
Gain valuable guidance on identity governance, privileged access, and preventing identity-related threats. Don’t miss the Identity & Access Management spotlight track at #GartnerSEC — register by April 10 and save $450 on your attendance.
🧩 Funding By Product Category
$34.7M for Professional Services across 1 deal
$21.5M for Fraud and Financial Crime Protection across 1 deal
$13.0M for Application Security across 2 deals
$6.7M for AI Security across 1 deal
An undisclosed amount for Threat Intelligence across 1 deal
🏢 Funding By Company
Product Companies:
Variance, a United States-based agentic identity verification and anti-financial crime platform, raised a $21.5M Series A from Ten Eleven Ventures. (more)
Trent AI, a United Kingdom-based application security scanning for AI and agentic applications, raised a $13.0M Seed from LocalGlobe and Cambridge Innovation Capital. (more)
Aim Intelligence, a South Korea-based threat detection, red teaming, and security platform for AI models, raised a $6.7M Series A from Samsung Venture Investment. (more)
Mallory, a United States-based agentic threat intelligence and vulnerability management platform, raised an undisclosed Seed from Decibel Partners. (more)
Service Companies:
TAO Digital Solutions, a United States-based professional services firm focused on strategy and cybersecurity consulting, raised a $34.7M Funding Round. (SEC Filing - may be incomplete)
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$56.2M for the United States across 4 deals
$13.0M for the United Kingdom across 1 deal
$6.7M for South Korea across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
ParseIntel, a United States-based threat intelligence firm, was acquired by iCOUNTER for an undisclosed amount. ParseIntel has not previously disclosed funding. (more)
Service Companies:
CyberNINES, a United States-based professional services firm focusing on CMMC and NIST security assessments, was acquired by ControlCase for an undisclosed amount. CyberNINES has not previously disclosed funding. (more)
Security Centric, an Australia-based professional services firm focused on cyber risk assessments, was acquired by Virtual IT Group for an
📚 Great Reads
The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program - A briefing for security leaders on how AI-driven vulnerability discovery is reshaping the defender timeline, the operating model of vulnerability management, and the minimum actions required now.
*The 10-Minute SOC Resilience Check - Gain total clarity on whether your SOC is operational. Inside the guide: 3 diagnostic questions with real examples to expose broken detection and response flows.
Vulnpocalypse: AI, Open Source, and the Race to Remediate - My friend Chris Hughes writes about how frontier labs and startups are finding decades-old vulnerabilities in hours, and the capacity to remediate can't keep up, but attackers will.
*A message from our partners
🧪 Labs
Big if true 🤔
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.