The cybersecurity venture capital market experienced unprecedented activity in 2025, driven primarily by the rush to AI-native security solutions and a massive surge in mergers and acquisitions that reached record levels.
In 2025, VC firms invested $119 billion in cybersecurity businesses, with 400 M&A transactions accounting for the majority of funding and another 820 financing deals totaling nearly $21 billion, according to data from Momentum Cyber, a cybersecurity investment bank. The total value of M&A, financing, and IPO activity in 2025 nearly tripled that of deals in the previous year.
While M&A set records for deal value, financing deals surpassed that volume, surging to 820 deals in 2025. Artificial intelligence (AI) security product firms closed the most deals (144), with startups focused on risk and compliance coming in a close second (137 deals), according to VC firm Momentum Cyber’s “2025 Cybersecurity Almanac.”
The surge in investments stems from two trends: the almost exclusive focus of investment firms on AI-native cybersecurity solutions and the need to protect the dramatically expanding attack surfaces created by the growing use of AI agents in companies. Rarely did Momentum Cyber see a funded startup that was not positioned or marketed as an AI-native company, says founder and CEO Eric McAlpine.
“Really, it’s sort of AI-squared, if you will,” he says. While focused on AI-native security solutions, companies are also “trying to protect and lock down all these agents that everybody is using, some of them without IT’s permission or control, which is creating a headache for chief security officers.”
The momentum has continued into 2026, with January recording 38 M&A deals, the third-highest monthly count ever. This puts the market on pace for 477 transactions annually, according to McAlpine.
Other investment firms used similar terms to sum up the current market. Startups focused on creating native AI-security tools and on services to secure the AI supply chain and ecosystem are resulting in massive greenfield opportunities, says Zane Lackey, a general partner at Andreessen Horowitz (a16z).
“AI isn’t just creating new products — it’s changing the shape of the attack surface and the operating model of security teams at the same time,” he says. “That combination is creating a potentially once-in-a-career-level tailwind for founders. Customers have urgent, board-level problems, and the gap between ‘good enough’ and ‘actually resilient’ is widening.”
Security Services Scooped Up, AI Security Funded
Investment dollars have followed two paths, depending on the source of the capital. Security companies bulked up with acquisitions, and they boosted their worth by picking up elite teams.
Companies looking for strategic investments to bolster their own cybersecurity product lines or services scooped up startups in the security services segment, which dominated M&A activity by volume. Global consultancy Infosys, for example, announced last April the acquisition of The Missing Link, an Australian cybersecurity services firm, while cybersecurity services firm Zscaler announced its acquisition of Red Canary the following month.
AI security is the top cybersecurity segment in terms of funding deals for startups, closely followed by risk and compliance. Source: Momentum Cyber
Strategic buyers were also prepared to shell out significant sums for the right firms. Two of the three largest deals to date were announced in 2025, with Google announcing it would buy cloud security firm Wiz for $32 billion in March and Palo Alto Networks purchasing CyberArk for $25 billion in July. Cisco nabbed Splunk for $28 billion in 2023 to claim the spot for the second-largest deal.
“Strategic buyers essentially stepped up and used their balance sheets, and they accounted for 92% of the disclosed M&A capital deployed,” Momentum Cyber’s McAlpine says. While more than half the deals did not have announced values, the company estimates the total value of the 400 M&A transactions topped $96 billion.
Strategic acquirers also focused on snatching up talented teams. Measuring the cost of acquisitions per employee resulted in a list of the top 100 companies with the most valuable employees. Wiz took the top slot with an enterprise value per employee of $13.5 million for its 2,362 employees, while identity and access management firm SGNL took second place, albeit with a much smaller team of 57, according to data collected by Momentum Cyber.
AI Changes Economics and Businesses
With enterprises looking for quick ways of adopting AI, often despite known security shortcomings, startups that are focused on finding approaches to bolster security and protect corporate data are taking off. Venture capital firms are not looking at AI to provide specific features but rather to change the economics of cybersecurity, says a16z’s Lackey.
“We invest when a company has a crisp thesis about a real security problem, a wedge into the market, and a path to building something durable,” he says. “That said, AI absolutely mattered in 2025 because it can change unit economics and outcomes like better detection, faster triage, less analyst burnout, or more coverage with the same team.”
In addition, the rapid expansion of AI has created a new market focused on defending the AI-enabled enterprise, he says. AI is speeding up the startup process, as well as cyberattackers’ operations, raising the stakes.
As the technology industry has seen in the past, first the tech appears, and then companies secure the environments, says Or Shalom, an analyst with YL Ventures.
Companies “need to somehow govern the use of AI and now secure the latest wave of AI agents,” she says. “It’s not just securing the prompts [into which] employees are inserting perhaps sensitive information or that you are vulnerable to prompt injections. … Securing AI agents is practically [speaking] securing digital employees that are not security-minded.”
While the ability to secure AI remains elusive, the technology is a huge tailwind for the industry, and we are still in the early innings of the market transition, says a16z’s Lackey.
“The problems are real, budgets are rationalizing toward outcomes and builders who combine strong technical intuition with a deep understanding for operators can create generational companies,” he says. “I’m optimistic for security founders because there has never been a better time to build a company.”
