April 2026 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full April 2026 dataset — every named company, round, investor, and segment.
What April told us
April 2026 was the month the cybersecurity M&A engine ran ahead of the funding engine. Nineteen acquisitions cleared in 30 days — more than six times the three acquisitions we logged in April of last year — while disclosed funding capital fell to $418M, the lowest April total since we began publishing this series in 2020. That gap is not a coincidence: capital is moving, but it is moving through balance sheets rather than term sheets, and almost all of it is moving quietly. Not a single one of April's 19 acquisitions came with a disclosed price tag.
Where money did flow into private companies, it flowed early. Twenty-one of the 25 disclosed rounds were Seed or Series A — a ratio that suggests venture investors are still seeding the next platform layer (AI-native SOC, agentic GRC, data-layer security) but are reluctant to write the $100M+ growth checks that defined late 2024 and 2025. The two notable exceptions, Cloudsmith and Linx, both raised into segments — software supply chain and identity — where the buyer landscape is well-understood and exit math is legible.
The segment mix reinforces the story. Governance, Risk & Compliance led the month with seven transactions, followed by Data security (six) and Identity (five). GRC's strength is a recurring theme in 2026 as the operating cost of meeting NIS2, DORA, and the EU AI Act drives demand for automated control-mapping and continuous-assurance tooling. Data security's prominence — including Databricks' twin acquisitions of Antimatter and SiftD on the same day — points to a structural shift: data-layer security is no longer a standalone category so much as a feature set the major data platforms intend to own.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Acquisition | 19 |
| Seed | 13 |
| Series A | 8 |
| Series B | 1 |
| Series C | 1 |
| Debt | 2 |
| Top segments | Transactions |
|---|---|
| GRC | 7 |
| Data | 6 |
| Identity | 5 |
| Detection / Response | 4 |
| AI/LLM | 3 |
| PenTesting | 3 |
Two deals worth your attention
Cloudsmith — $72M Series C led by TCV. Cloudsmith's package and artifact management platform is increasingly the chokepoint where software supply chain security is enforced. TCV's involvement, with Insight Partners participating, signals that growth-stage capital is still available for supply-chain plays with measurable enterprise adoption — even in an otherwise cautious month. This was the single largest cybersecurity funding event of April.
Databricks' dual acquisition of Antimatter and SiftD. On the same April day, Databricks acquired Antimatter (data security) and SiftD (security automation), both undisclosed. The pairing is strategic, not opportunistic: Databricks is signaling that data security and AI-pipeline security belong inside the lakehouse, not bolted on by a third party. Expect Snowflake, Microsoft Fabric, and Google's data platform to respond with comparable moves over the next two quarters.
Companies we've covered before
Cloudsmith first appeared in this series in March 2025, raising a $23M Series B then classified under AppSec. Thirteen months later, the company returns with a $72M Series C now classified under Supply Chain — a clean illustration of how a single vendor's positioning matures alongside the market's category language.
Antimatter first appeared in April 2022 with a $12M Series A in Data security. Four years later, the company exits to Databricks in the same Data segment — a tidy arc from early venture to strategic acquisition, with no segment drift in between.
The other 42 transactions are in the data feed — including the 19 acquisitions whose values never hit the press. Get April's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,700 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
