Hope you had a great weekend!
The Mythos saga continued last week, but this time with a little more than the usual “cyber is so over” chorus we so often see on LinkedIn. While much of the AI and cyber communities saw the news of Mythos as game over, others began to scrutinize the findings, prompting several cyber firms and practitioners to release critiques and rebuttals of the launch and the subsequent handling of the model.
Was the Mythos launch and Project Glasswing incredible marketing for Anthropic? Yes. Was it also probably one of the better, safer ways for them to release a very powerful model? Also, yes.
Oh, and Anthropic released yet another model last week.
You right now
If we’ve learned anything in the AI market, it’s that this capability from one frontier lab company will quickly be surpassed by all the others, and also quickly used by attackers. Defenders are getting better, in general, I will say, we’ve just got to keep on swimming.
In other news, I launched an MCP for The Signal last week. It’s been a lot of fun to build (and break), and I’ve learned a ton while doing it.
PARTNER
Always-On Visibility For Security Teams That Can’t Afford Blind Spots
Stay continuously audit-ready, resilient, and ahead of emerging risk.
Today’s threats move faster than manual audits, so you need real-time visibility and automation to keep risk in check.
Drata connects to your tech stack to continuously monitor controls, map to frameworks like SOC 2 and ISO 27001, and surface live risk insights.
With Drata, you streamline evidence collection, reduce manual work, and protect your brand without slowing the business down.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
AI is already writing code, reviewing it, and triaging alerts. Where do you still insist on a human gate?
Last issue’s vibe check:
What's the best part of working in security right now?
🟩🟩🟩🟩🟩🟩 The problems are genuinely interesting
🟨⬜️⬜️⬜️⬜️⬜️ Security finally has executive attention
🟨⬜️⬜️⬜️⬜️⬜️ AI is actually helping more than hurting now
🟨🟨🟨⬜️⬜️⬜️ We can finally build things now, not just say "no."
🟨⬜️⬜️⬜️⬜️⬜️ Community and knowledge sharing are better than ever
One of the biggest draws of the cyber industry for me was the genuinely interesting problems it posed. They also never seem to go away, and simple problems are often replaced by more complex versions of the same. It’s good to see that people still feel the same way about the security industry, now that AI has entered the chat.
It’s also one of the most exciting times to be building right now, and the definition of what “building” means has expanded greatly. It can be as simple or complex as you like, but the best part is that it’s more accessible than ever to become a builder, and I think that will mostly create positive outcomes for the cyber industry.
Some of the top comments from last week’s vibe check:
💬 “This is what drew me to security 20+ years ago. Beneath the hype of what feels like too many vendors, security remains a field that requires a strong technical bench paired with sound strategy.”
🔭 Zooming Out
Stories hidden in the numbers
Standing Down - Cyber funding announcements have pulled back quite a bit as of late, in what appears to be more than seasonality. We're down nearly a third year-over-year with $3.5B across 157 deals versus $5.1B across 171 deals last year. At least, this is what companies are choosing to announce right now, as deals are often completed 3-6 months before being publicly announced. I suspect much of this has to do with how much AI is dominating the cyber headlines right now, and companies are waiting for some of the dust to settle before announcing a round. Stay cool and don’t panic, we’re not in another 2022 downturn situation here.
💰 Market Summary
Private Markets
8 deals from 7 companies across 4 countries raised $80.0M across 7 unique categories
Average disclosed deal size was $13.3M (median: $1.1M)
86% of funded companies were product companies
4 companies from 2 countries were acquired across 2 unique categories
M&A activity was evenly split between product and service companies
Public Markets
No public cyber companies had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
A quieter week than some of the others on the funding front. Funding is down ~3.6% YoY in dollars despite slightly more deals than in 2025, meaning capital is spreading across more, smaller rounds.
Taking the opposite view, M&A is still on a better track than last year at this time, up 12%+ so far this year.
PARTNER
Remediation your developers will actually use
Remediation your developers will actually use
Security picks the most critical vulnerability. The developer gets the ticket. It still feels like a research project to fix it, so it sits. Maze remediation agents think like your developers. They trace root cause, deliver fixes that fit your stack, and flag where one change resolves many CVEs at once. No more stuck tickets.
🧩 Funding By Product Category
$70.0M for Security Operations across 2 deals
$7.0M for AI Governance across 1 deal
$1.3M for Confidential Computing across 1 deal
$850.0K for Data Loss Prevention (DLP) across 1 deal
$615.0K for Professional Services across 1 deal
$250.0K for Security Awareness across 1 deal
An undisclosed amount for Brand Protection across 1 deal
🏢 Funding By Company
Product Companies:
Artemis Security, a United States-based threat intelligence and threat hunting platform for security operations teams, raised a $55.0M Series A from Felicis and an additional $15.0M Seed from Brightmind Partners and First Round Capital. (more)
Capsule Security, an Israel-based runtime monitoring and detection platform for AI agents, raised a $7.0M Seed from Forgepoint Capital International and LAMA Partners (fka FXP). (more)
Almure, a Japan-based confidential computing platform for AI agents, raised a $1.3M Seed from Dual Bridge Capital, Genesia Ventures, and NEX-T Tokai Innovation Fund. (more)
Cloud Storage Security, a United States-based cloud data loss prevention platform, raised an $850.0K Venture Round. (SEC Filing - may be incomplete)
Tartan App, a Canada-based security awareness and training platform for K-12 schools, raised a $250.0K Pre-Seed. (more)
WMC Global, a United States-based brand protection and phishing site takedown platform, raised an undisclosed Private Equity round from Trajectory Capital Partners.
Service Companies:
KnowSilo, a United States-based professional services firm focused on security operations and engineering for the public sector, raised a $615.0K Seed. (SEC Filing - may be incomplete)
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$71.5M for the United States across 5 deals
$7.0M for Israel across 1 deal
$1.3M for Japan across 1 deal
$250.0K for Canada across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Imagis, a United States-based managed security services provider (MSSP), was acquired by Nexus IT Consultants for an undisclosed amount. Imagis has not previously disclosed funding. (more)
Service Companies:
Innovate IT, a United Kingdom-based managed security services provider, was acquired by Cloudcomputing for an undisclosed amount. Innovate IT has not previously disclosed funding. (more)
📚 Great Reads
Governing the Ungovernable - Traditional risk management is failing in the AI era. Why AI governance requires a strategic shift from static checklists to real-time orchestration, and how this new framework becomes the blueprint for the future of all corporate governance.
AI Winters, Death of the Browser, and Why "This time is different." - The Latent Space AI Engineer Podcast talks to Marc Andreessen on AI agents, security, and why we're witnessing an "80-year overnight success" with AI.
*A message from our partners
🧪 Labs
We live in a world where anything is possible now!
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.