Quarterly Report, Q3 2025: Cyber Security Vendor M&A and Funding News

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

120 transactions
tracked across cybersecurity vendors in Q3 2025
$2.95B
in disclosed funding capital across 95 funding rounds
66 Seed or Series A rounds
— 69% of funding activity
24 M&A events
, 10 with disclosed prices totaling $3.34B
1 IPO
this quarter

Get the full Q3 2025 dataset — every named company, round, investor, segment, and acquisition.

Highlights and Analysis

In Q3 2025, our team tracked 120 transactions, including 95 funding rounds, 24 M&A events, and 1 IPO. Disclosed funding totaled $2.95B, a 37% increase over the $2.16B recorded in Q3 2024, while round count rose from 73 to 95. Year-to-date funding has reached $9.36B through three quarters, a 20% increase over the same period in 2024.

Early-stage activity continued to drive the majority of transaction volume — 66 of the 95 funding rounds were Seed or Series A. Capital concentration at the late end was selective, with six rounds clearing $100M: ID.me ($340M Series D+), Ontic ($230M Series C), Signal AI ($165M), Vanta Security ($150M Series D+), HeroDevs ($125M growth), and Noma ($100M Series B). Together these six rounds accounted for roughly a third of disclosed funding.

The quarter's M&A column was both heavier and more strategically focused than recent quarters. Twenty-four acquisitions included Mitsubishi Electric's $1B acquisition of Nozomi Networks, the largest disclosed M&A transaction of Q3 2025, alongside a clear cluster of AI-security acquisitions by CrowdStrike, SentinelOne, F5, Cato Networks, and Check Point. Netskope's August IPO marked the second cyber public-market debut of 2025.

Total Funding by Month
Total Funding by Month

Funding Overview

The 95 funding rounds tracked in Q3 2025 highlight a market in which early-stage formation has broadened materially while late-stage capital remains concentrated on a small set of high-traction vendors.

Six rounds exceeded $100M: ID.me ($340M), Ontic ($230M), Signal AI ($165M), Vanta Security ($150M), HeroDevs ($125M), and Noma ($100M). Below that band, growth-stage activity stayed steady across Exein ($81M Series C), Irregular ($80M), SEON ($80M Series C), Shift5 ($75M Series C), Safe Security ($70M Series C), and a long tail of $50M Series A and B rounds across automation, OSINT, AppSec, and AI/LLM-security categories.

What stands out in Q3 2025 is where that capital is clustering. A meaningful portion of investment is concentrating around:

This distribution reflects a market in which capital is increasingly aligned with categories tied to enterprise risk operations, AI-native defense, and intelligence-driven decision-making.

Total Funding by Quarter
Total Funding by Quarter

Market & Macro Signals

Several structural dynamics are visible in the Q3 2025 transaction record.

First, AI-security consolidation accelerated meaningfully. Five strategic acquisitions targeted dedicated AI-security tooling this quarter — CrowdStrike (Pangea Security, $260M), SentinelOne (Observo AI at $225M and Prompt Security at undisclosed), F5 (CalypsoAI, $180M), Cato Networks (Aim Security, undisclosed), and Check Point (Lakera, undisclosed). The pattern signals that incumbent platforms are absorbing AI-defense capabilities rather than building them organically.

Second, public-market re-entry continued. Netskope's August listing marked the second cyber IPO of 2025, following SailPoint's February return to public markets in Q1. The two transactions, both in the SASE/identity-adjacent layer, suggest that public investors are willing to underwrite cyber platform stories at scale.

Third, GRC led the segment mix at high velocity. Sixteen GRC transactions placed the segment at the top of the funding distribution, reflecting enterprise demand for continuous-control automation, audit tooling, and AI-policy governance as organizations operationalize machine identities and AI workflows.

Finally, undisclosed M&A continued at meaningful scale. Of the 24 acquisitions, 14 came without disclosed prices, including strategic moves by Concentric AI (Swift Security, Acante), Darktrace (Mira Security), LevelBlue (Trustwave), Aikido Security (Trag), DigiCert (Valimail), Harness (Qwiet AI), and SecurityScorecard (HyperComply). The breadth of activity signals continued platform-building across GRC, network security, AppSec, and email security.

Q3 2025 Funding Volume by Category
Q3 2025 Funding Volume by Category

M&A Activity & Strategic Movement

Q3 2025 recorded 24 M&A transactions, the highest count of any quarter so far this year, with strategic activity weighted toward AI-security consolidation and platform-coverage expansion. The most notable transaction was Mitsubishi Electric's acquisition of Nozomi Networks for approximately $1B, the quarter's largest disclosed M&A transaction and a meaningful entry by a non-cyber industrial conglomerate into the OT and ICS security category.

Additional activity across the quarter reinforces this direction:

Across these transactions, the dominant pattern is clear: AI-security has become a contested strategic category, with incumbent endpoint, network, and SASE platforms each absorbing dedicated AI-defense capabilities through targeted M&A rather than internal development.

Strategic-services consolidation accelerated alongside platform M&A, with Accenture's CyberCX acquisition and LevelBlue's Trustwave acquisition reshaping the upper tier of cyber services delivery.

Q3 2025 Top Funded Rounds
Q3 2025 Top Funded Rounds

Looking Ahead

Q3 2025 sets a clear direction for the closing quarter: AI-security is now a contested M&A category, GRC and AI/LLM segments lead early-stage formation, and public markets remain open for cyber platform stories.

We expect the following dynamics to continue into Q4 2025:

From a go-to-market perspective, the implications are clear. Vendors competing in AI-security and GRC categories should expect both continued growth-capital availability and active strategic acquirer attention, with platform fit and measurable enterprise outcomes serving as the primary differentiators. The interplay between AI-driven capability buildout, growth-capital concentration, and strategic platform consolidation will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.

The full Q3 2025 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q3 2025 dataset →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2025-10-10 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.