Hope you had a great weekend!
Been traveling around a good bit and standing on business (😤 👊) this last week, so keeping the intro short and sweet so we can get to the money. 🫡
PARTNER
51% of Security Teams Are Losing Critical Context
Turn security visibility into decisive action at scale
Most cybersecurity programs are rich in visibility, but struggle to act on it. Axonius partnered with the Ponemon Institute to find out what separates teams that actually move the needle.
Only 45% consolidate exposure data into a single source of truth. 37% are still stuck in manual workflows. The best teams have solved these problems. This report shows how.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Which cybersecurity category sees the biggest consolidation move before year-end?
Last issue’s vibe check:
Is AI having its "ransomware moment" with cyber insurance?
🟨⬜️⬜️⬜️⬜️⬜️ Already here - AI exclusions/riders in our last renewal
🟨🟨🟨⬜️⬜️⬜️ Coming soon - AI riders + validated controls by end of 2026
🟩🟩🟩🟩🟩🟩 Overblown - insurers will have to absorb AI risk into standard cyber coverage
🟨⬜️⬜️⬜️⬜️⬜️ You guys have cyber risk insurance?!
Wow, there aren’t many poll outcomes that I end up disagreeing with, but last week’s is an exception. I see no way out of a world where insurance coverage pays for when AI, either directly or indirectly, creates outages or data leakages that lead to fines.
In my experience working for one of the world’s largest insurance companies, I've seen how they know how to do one thing very well: make money and keep it.
Some of the top comments from last week’s vibe check:
💬 “It’s only a matter of time that insurance abdicates responsibility from the onslaught of losses that are yet to come.”
🔭 Zooming Out
Stories hidden in the numbers
The Best Offense is a Good Defense?: While Offensive Security continues to have a really strong year, another up-and-coming segment in the industry is the next iteration of security awareness training, dubbed “Human Risk Management.” The bet is that the current wave of threats businesses face (clearly) doesn’t match current security awareness demands, and the whole sector needs a fresh coat of paint, a bit more psychology, and some defensive AI for good measure. It’s a bold move, given that the majority of breaches still occur through compromised credentials and the exploitation of human-centered processes.
💰 Market Summary
Private Markets
16 companies from 5 countries raised $214.7M across 12 unique categories
Average disclosed deal size was $17.9M (median: $3.0M)
81% of funded companies were product companies
3 companies from 3 countries were acquired for $205.0M across 3 unique categories
67% of acquired companies were product companies
Public Markets
No companies had an earnings report last week
📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026.
While the chart bars made me ‘lol’ this week, outliers aside, this was one of the busiest funding weeks by volume.
M&A, on the other hand, backed off a bit. While there were still some big moves, including high-profile acquisitions, activity is up ~3% year-to-date compared with last year.
🧩 Funding By Product Category
$125.0M for Security Operations across 1 deal
$53.0M for Human Risk Management across 2 deals
$14.5M for Managed Security Services Provider (MSSP) across 2 deals
$11.0M for Application Security across 2 deals
$4.0M for AI Privacy Assurance across 1 deal
$2.9M for Application Security Testing (AST) across 1 deal
$2.5M for Professional Services across 1 deal
$1.8M for Data Protection across 2 deals
$25.0K for Internet of Things (IoT) Security across 1 deal
An undisclosed amount for Secure Access Service Edge (SASE) across 1 deal
An undisclosed amount for Smart Contract Security across 1 deal
An undisclosed amount for Red Teaming across 1 deal
🏢 Funding By Company
Product Companies:
ExaForce, a United States-based multi-modal AI agent security operations platform, raised a $125.0M Series B from AICONIC Ventures, HarbourVest Partners, Khosla Ventures, Mayfield Fund, Peak XV Partners, and Seligman Ventures. (more)
Frame Security, a United States-based human risk management and security simulation platform, raised a $50.0M Venture Round from Index Ventures, Picture Capital, and Team8. (more)
White Circle, a United States-based application vulnerability detection platform, raised an $11.0M Seed from Hummingbird Ventures. (more)
Secludy, a United States-based privacy assurance platform that prevents sensitive data exposure to AI applications, raised a $4.0M Seed from Impression Ventures. (more)
Cimento, a United States-based human risk management platform, raised a $3.0M Pre-Seed from Bowery Capital and Indie.vc. (more)
Hacktron AI, a United States-based autonomous vulnerability hunting and patching platform, raised a $2.9M Seed from Crane Venture Partners. (more)
Quantropi, a Canada-based quantum-resistant data encryption service, raised a $1.2M Venture Round. (SEC Filing - may be incomplete)
High Entropy Security, a United States-based quantum-resistant secure authentication and communications platform, raised a $500.0K Pre-Seed. (SEC Filing - may be incomplete)
CAMA Security, a United States-based embedded systems and IoT security platform, raised a $25.0K Grant from the South Carolina Research Authority. (more)
ExecLayer Inc., a United States-based runtime application security platform for AI applications, raised an undisclosed Pre-Seed.
Grego AI, a United States-based smart contract vulnerability detection and response platform, raised an undisclosed Seed from cyber•Fund. (more)
Yige Cloud Technology (formerly Eagle Cloud), a China-based secure access service edge platform, raised an undisclosed Series B from Monolith Management.
Zealot, a United States-based AI-agent red teaming platform for government and critical national infrastructure applications, raised an undisclosed Seed from Khosla Ventures.
Service Companies:
e4n, a United States-based managed security services provider, raised a $12.5M Venture Round.
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country
$209.0M for the United States across 12 deals
$2.5M for India across 1 deal
$2.0M for the United Arab Emirates across 1 deal
$1.2M for Canada across 1 deal
An undisclosed amount for China across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
LayerX Security, an Israel-based user-first browser security platform, was acquired by Akamai Technologies for $205.0M. LayerX Security had previously raised $51.6M in funding. (more)
Driftnet, a United States-based threat intelligence and attack surface management platform, was acquired by SecurityScorecard for an undisclosed amount. Driftnet has not previously disclosed funding. (more)
Service Companies:
2S Inovações Tecnológicas, a Brazil-based managed security services provider, was acquired by Black Box Network Services for an undisclosed amount. 2S Inovações Tecnológicas has not previously disclosed funding. (more)
📚 Great Reads
Spooky Skills - My friend Rami McCarthy writes about how Agent Skills represent a growing attack surface and has a cool interactive tool to go along with it.
The State of Security of Vibe-Coded Apps - As non-developers ship apps on Lovable, Base44, and Bolt.new, Escape’s research team scanned 5,600+ of them and found 2,000+ vulnerabilities, 400+ exposed secrets, and 175 PII leaks - take a look at what breaks when security isn't in the loop.*
Machine Speed: Mythos Special Edition - Sifting through the hype of Mythos, Glasswing, Daybreak, and GLM 5.1.
*A message from our partners
🧪 Labs
“AI crisps” doesn’t really have the right ring to it, but when in Bath ¯\_(ツ)_/¯