Hope you had a great weekend and a great 4th of July celebration to all those who participated. Also, a big thank you to everyone for the well wishes on the newsletter's five-year anniversary last week!
Last week, I also made another big announcement about joining Bright Pixel Capital as a venture partner. I’m looking forward to seeing things from this new angle and pulling out the messy middle parts to bring to you all.
So why now? Well, I have, if nothing else, a never-ending drive to go as deep as possible on a topic from as many angles as I can. I do to give me a more well-rounded view and an appreciation for how systems work from all sides.
Cyber isn’t just about the latest vulnerabilities or breaches (or even AI for that matter 😱 jump scare). It’s not just about the high-profile acquisitions or mega funding rounds that might be larger than the GDP of some small nations. For me, it’s always been about how all of those pieces may seem disparate, but they are, in fact, far more connected than we all realize or care to admit. It’s those connections and threads I liked to pull on and highlight as a practitioner for so many years, and I plan to highlight the same kinds of things with this new purview.
A few people asked what this means for Return on Security, and my answer is nothing at all. Nothing is changing, and I will remain full steam ahead, covering the cybersecurity economy in the newsletter each week and building out the only platform that lets you navigate it in The Signal.
Also, if you’re a startup founder looking to raise, I know a guy 👀
(It’s me, I am the guy whom I am referring to from the aforementioned text).
PARTNER
Code Security You Trust
Legacy SCA and SAST scanners match patterns and bury engineers in noise. That's why we built Maze Code: AI agents that understand your code and dependencies.
AI agents investigate every finding with context from your code and cloud, close false positives, and catch business logic flaws other tools miss. Then they help you fix what's left, right in your IDE or coding agent.
Finally, inbox zero for your code and cloud vulnerabilities is possible.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Will AI eliminate more cybersecurity jobs than it creates?
Last issue’s vibe check:
Return on Security turns 5 this week! Five years from now, what does cyber actually look like?
🟨⬜️⬜️⬜️⬜️⬜️ Telepathically controlling the SOC
⬜️⬜️⬜️⬜️⬜️⬜️ Physical robots doing virtual incident response
🟩🟩🟩🟩🟩🟩 One CISO, infinite agents, zero sleep
🟨🟨⬜️⬜️⬜️⬜️ Everyone has personal physical firewalls
I guess no surprise here about the winner. It seems like every interaction is going the way of the agents. If I were building out a security team today, AI usage and agents would be a central theme, with leaner, more generalist teammates, and fewer but more key vendors/services.
A recent report from J.P. Morgan cited that non-human identities (NHIs) now outnumber human identities 144-to-1 in many enterprises.

Giphy
To me, that number is pretty insane. Not because I don’t believe, but because there is a point of diminishing returns with so many agents. I’ve found that more agents are not more effective, but the corporate inclination to do more work faster with more agents to show the “value” of AI initiatives will not be stopped.
Also, personal physical firewalls got more traction than I expected!
Some of the top comments from last week’s vibe check:
💬 Telepathy might be the only way the SOC will ever truly "work"
💬 Given the current political climate and the military conflicts around the world, we are clearly seeing a resurgence of concerns around physical security. So, not long before anyone with an opinion needs to have personal physical firewalls (i.e., armored cars and bulletproof vests) before leaving the house. Dystopian, shystopian.
🔭 Zooming Out
Important stories hidden in the numbers
Wall Street Didn't Get the Memo - Private cyber funding is down 24% from a year ago, on the lowest deal count in over three years. Meanwhile, the RoS Cyber Index is up 21.6% over the same year, and public markets are paying a 7.6x sales multiple. Public markets are demanding a premium for cyber exposure at exactly the moment private investors are pulling back. One of these two prices is wrong.
💰 Market Summary
Private Markets
7 companies from 3 countries raised $93.2M across 7 unique categories
Average disclosed deal size was $23.3M (median: $24.1M)
86% of funded companies were product companies
3 companies from 3 countries were acquired across 3 unique categories
67% of acquired companies were product companies
1 company announced layoffs
Public Markets
No public cyber companies had an earnings report last week

📸 YoY Snapshot
Rolling 13-week charts that compare funding and acquisitions week over week, year over year, comparing 2025 to 2026

$6.7B across 148 deals over the past quarter, down 34% from a year ago.

77 acquisitions over the past quarter, down 22% from a year ago.
PARTNER
Last Chance to Register for GRC Now | Get 8 Free CPEs
Join over 15K of your peers already registered for the July 8-9 GRC Now virtual event with Optro! Register and attend to explore the latest trends in GRC, cyber risk, practical strategies for AI governance, guidance for regulatory changes, and more.
✨ Bonus: You’ll earn up to 8 free CPE credits for attending.
🪦 Stop, Drop, Shut’em Down…
None 😮💨
❌ Layoffs
None 😮💨
🧩 Funding By Product Category

$68.6M for Managed Security Services Provider (MSSP) across 1 deal
$64.0M for Agentic Runtime Security across 1 deal
$7.8M for Passwordless Authentication across 1 deal
$3.6M for Managed Detection and Response (MDR) across 1 deal
$3.4M for Operational Technology (OT) Security across 1 deal
$3.3M for Threat Modeling across 1 deal
🏢 Funding By Company
» Interact with all the data in real-time on The Signal dashboard or via the MCP.
Product Companies:
Straiker, a United States-based platform for securing AI applications and agent deployments, raised a $64.0M Series A from Citi Ventures, Illuminate Financial, Marathon Management Partners, and Workday Ventures. (more)
Wultra, a Czechia-based passwordless authentication platform for the financial services industry, raised a $7.8M Series A from Seventure Partners. (more)
CYTUR, a South Korea-based maritime cybersecurity platform for ship lifecycle protection, raised a $3.4M Series A from Jones & Rocket Investments, STIC Ventures, and Sunbo Angel Partners. (more)
Dawnguard, a Netherlands-based secure infrastructure design and threat modeling platform , raised a $3.3M Pre-Seed from BNVT Capital, Curiosity VC, and eCAPITAL ENTREPRENEURIAL PARTNERS. (more)
Service Companies:
Eye Security, a Netherlands-based managed security services provider (MSSP), raised a $68.6M Series C from Sofina. (more)
Vigilant Sec, a United States-based managed detection and response (MDR) platform, raised a $3.6M Seed. (SEC Filing)
SEC filings may reflect partial or interim fundraising and can understate the final round numbers.
🌎 Funding By Country

$71.9M for the Netherlands across 2 deals
$67.6M for the United States across 2 deals
$7.8M for Czechia across 1 deal
$3.4M for South Korea across 1 deal
🤝 Mergers & Acquisitions

Product Companies:
Root was acquired by Aikido Security for an undisclosed amount. Root had previously raised $37.6M in funding. (more)
SAM Seamless Network, an Israel-based network security platform for IoT devices, was acquired by Qualcomm for an undisclosed amount. SAM Seamless Network had previously raised $35.5M in funding. (more)
Timus Networks, a United States-based secure remote access platform for MSPs, was acquired by CyberFOX for an undisclosed amount. Timus Networks had previously raised $1.0M in funding. (more)
Service Companies:
VigilAigent, a United States-based AI-powered managed detection and response (MDR) with agentic AI and human analysts, was acquired by Intrusion for an undisclosed amount. VigilAigent has not previously disclosed funding. (more)
🤘 IPO-h Yeah
None
📚 Great Reads
Quantum Security Is a One-Company Market - Quantum computing raised $3.9 billion in 2025. The security built to survive it raised 15 times less, and one company is 78% of every dollar ever invested. Washington just mandated the migration anyway.
The Agent Is Not the Scanner - Pratyaksha Beri shares notes on building better AI-assisted security workflows, and how different models are impacted by scanners and skills differently.
*Sponsored
🧪 Labs
No way, Jose
🫡 Signing Off
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
If you find this newsletter useful and know others who would, I'd really appreciate it if you'd forward it to them!
Mike P
P.S. Feel free to connect with me on LinkedIn.

