TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources CYBERSECURITY ANALYTICS CYBERSECURITY OPERATIONS CYBER RISK ENDPOINT SECURITY News, news analysis, and commentary on the latest trends in cybersecurity technology. As Cybersecurity Firms Chase AI, VC Market Skyrockets Investments in cybersecurity startups took off in 2025, as venture capital firms focused not just on AI-native tech, but talent as well. Robert Lemos,Contributing Writer February 24, 2026 5 Min Read SOURCE: MOMENTUM CYBER The cybersecurity venture capital market experienced unprecedented activity in 2025, driven primarily by the rush to AI-native security solutions and a massive surge in mergers and acquisitions that reached record levels. In 2025, venture-capital firms invested $119 billion in cybersecurity businesses, with 400 M&A transactions accounting for the majority of funding and another 820 financing deals totaling nearly $21 billion, according to data from Momentum Cyber, a cybersecurity investment bank. The total value of M&A, financing, and IPO activity in 2025 nearly tripled that of deals in the previous year. While M&A set records for deal value, financing deals surpassed that volume, surging to 820 deals in 2025. AI security product firms closed the most deals (144), with startups focused on risk and compliance coming in a close second (137 deals), according to Momentum Cyber's "2025 Cybersecurity Almanac." Related:More Than 40% of South Africans Were Scammed in 2025 LOADING... The surge in investments stems from two trends: the almost exclusive focus of investment firms on AI-native cybersecurity solutions and the need to protect the dramatically expanding attack surfaces created by the growing use of AI agents in companies. Rarely did the venture-capital firm see a funded startup that was not positioned or marketed as an AI-native company, says Eric McAlpine, founder and CEO of Momentum Cyber. "Really, it's sort of AI-squared, if you will," he says. While focused on AI-native security solutions, companies are also "trying to protect and lock down all these agents that everybody is using, some of them without IT's permission or control, which is creating a headache for chief security officers." The momentum has continued into 2026, with January recording 38 M&A deals, the third-highest monthly count ever. This puts the market on pace for 477 transactions annually, according to McAlpine. LOADING... Other investment firms used similar terms to sum up the current market. Startups focused on creating native AI-security tools and on services to secure the AI supply chain and ecosystem are resulting in massive greenfield opportunities, says Zane Lackey, a general partner at Andreessen Horowitz. "AI isn’t just creating new products — it’s changing the shape of the attack surface and the operating model of security teams at the same time," he says. "That combination is creating a potentially once-in-a-career-level tailwind for founders. Customers have urgent, board-level problems, and the gap between 'good enough' and 'actually resilient' is widening." Security Services Scooped Up, AI Security Funded Related:Vulnerabilities Surge, But Messy Reporting Blurs Picture Investment dollars have followed two paths, depending on the source of the capital. Security companies bulked up with acquisitions, and they boosted their worth picking up elite teams . Companies looking for strategic investments to bolster their own cybersecurity product lines or services scooped up startups in the Security Services segment, which dominated M&A activity by volume. Global consultancy Infosys, for example, announced in April the acquisition of The Missing Link, an Australian cybersecurity services firm, while cybersecurity services firm Zscaler announced its acquisition of Red Canary in May. AI Security is the top cybersecurity segment in terms of funding deals for startup, closely followed by Risk & Compliance. Source: Momentum Cyber Strategic buyers were also prepared to shell out significant sums for the right firms. Two of the three largest deals to date were announced in 2025, with Google announcing it would buy cloud-security firm Wiz for $32 billion in March and Palo Alto Networks purchasing CyberArk for $25 billion in July. Cisco nabbed Splunk for $28 billion in 2023 to claim the spot for the second-largest deal. "Strategic buyers essentially stepped up and used their balance sheets, and they accounted for 92% of the disclosed M&A capital deployed," Momentum Cyber's McAlpine says. While more than half the deals did not have announced values, the company estimates the total value of the 400 M&A transactions topped $96 billion. Related:Retail, Services Industries Under Fire in Oceania Strategic acquirers also focused on snatching up talented teams. Measuring the cost of acquisitions per employees resulted in a list of the top-100 companies with the most valuable employees. Wiz claimed the top slot with an enterprise value per employee of $13.5 million for its 2,362 employees, while identity and access management firm Sgnl took second place, albeit with a much smaller team of 57, according to data collected by Momentum Cyber. AI Changes Economics and Businesses With enterprises looking for quick ways of adopting of AI, often despite known security shortcomings, startups that are focused on finding approaches to bolster security and protect corporate data are taking off. Venture capital firms are not looking at AI to provide specific features, but rather to change the economics of cybersecurity, says a16z's Lackey. "We invest when a company has a crisp thesis about a real security problem, a wedge into the market and a path to building something durable," he says. "That said, AI absolutely mattered in 2025 because it can change unit economics and outcomes like better detection, faster triage, less analyst burnout, or more coverage with the same team." In addition, the rapid expansion of AI has created a new market focused on defending the AI-enabled enterprise, he says. AI is speeding up the startup process, but also cyberattackers' operations, raising the stakes. As the technology industry has seen in the past, first the tech appears, and then companies secure the environments, says Or Shalom, an analyst with YL Ventures. Companies "need to somehow govern the use of AI and now secure the latest wave of AI agents," she says. "It's not just securing the prompts [into which] employees are inserting perhaps sensitive information, or that you are vulnerable to prompt injections... Securing AI agents is practically[-speaking] securing digital employees that are not security-minded." While the ability to secure AI remains elusive, the technology is a huge tailwind for the industry, and we are still in the early innings of the market transition, says a16z's Lackey. "The problems are real, budgets are rationalizing toward outcomes and builders who combine strong technical intuition with a deep understanding for operators can create generational companies," he says. "I'm optimistic for security founders, because there has never been a better time to build a company." Read more about: CISO Corner About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY ANALYTICS Middle East, North Africa Security Spending to Top $3B by Nate Nelson, Contributing Writer APR 17, 2025 CYBERSECURITY ANALYTICS Unlock Security Operations Success With Data Analysis by George V. Hulme, Contributing Writer JUL 08, 2025 CYBERSECURITY ANALYTICS Commentary Section Launches New, More Opinionated Era by Becky Bracken OCT 10, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Latest Articles in DR Technology CYBER RISK More Than Dashboards: AI Decisions Must Be Provable FEB 23, 2026 CYBER RISK Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges FEB 19, 2026 REMOTE WORKFORCE Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities FEB 13, 2026 ENDPOINT SECURITY Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense FEB 12, 2026 Read More DR Technology Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466. Home| Cookie Policy| Privacy| Terms of Use