Quarterly Report, Q3 2025: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q3 2025 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q3 2025, our team tracked 120 transactions, including 95 funding rounds, 24 M&A events, and 1 IPO. Disclosed funding totaled $2.95B, a 37% increase over the $2.16B recorded in Q3 2024, while round count rose from 73 to 95. Year-to-date funding has reached $9.36B through three quarters, a 20% increase over the same period in 2024.
Early-stage activity continued to drive the majority of transaction volume — 66 of the 95 funding rounds were Seed or Series A. Capital concentration at the late end was selective, with six rounds clearing $100M: ID.me ($340M Series D+), Ontic ($230M Series C), Signal AI ($165M), Vanta Security ($150M Series D+), HeroDevs ($125M growth), and Noma ($100M Series B). Together these six rounds accounted for roughly a third of disclosed funding.
The quarter's M&A column was both heavier and more strategically focused than recent quarters. Twenty-four acquisitions included Mitsubishi Electric's $1B acquisition of Nozomi Networks, the largest disclosed M&A transaction of Q3 2025, alongside a clear cluster of AI-security acquisitions by CrowdStrike, SentinelOne, F5, Cato Networks, and Check Point. Netskope's August IPO marked the second cyber public-market debut of 2025.

Funding Overview
The 95 funding rounds tracked in Q3 2025 highlight a market in which early-stage formation has broadened materially while late-stage capital remains concentrated on a small set of high-traction vendors.
Six rounds exceeded $100M: ID.me ($340M), Ontic ($230M), Signal AI ($165M), Vanta Security ($150M), HeroDevs ($125M), and Noma ($100M). Below that band, growth-stage activity stayed steady across Exein ($81M Series C), Irregular ($80M), SEON ($80M Series C), Shift5 ($75M Series C), Safe Security ($70M Series C), and a long tail of $50M Series A and B rounds across automation, OSINT, AppSec, and AI/LLM-security categories.
What stands out in Q3 2025 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Governance, risk, and compliance, which led the segment mix with 16 transactions, anchored by Vanta Security's $150M Series D+ and a broad tail of early-stage GRC vendors building automation and continuous-control tooling
- AI and LLM security, which accounted for 11 transactions, with Noma's $100M Series B, Irregular's $80M round, and continued seed-stage formation reflecting buyer demand for guardrails, runtime defense, and model-security tooling
- Threat intelligence and OSINT, where Ontic's $230M Series C, Signal AI's $165M round, and IVIX's $60M Series B reinforce growing late-stage investment in intelligence platforms
- Identity and fraud, where ID.me's $340M Series D+, SEON's $80M Series C, and Vega's $65M Series A signal continued enterprise demand for identity verification and fraud-prevention tooling
This distribution reflects a market in which capital is increasingly aligned with categories tied to enterprise risk operations, AI-native defense, and intelligence-driven decision-making.

Market & Macro Signals
Several structural dynamics are visible in the Q3 2025 transaction record.
First, AI-security consolidation accelerated meaningfully. Five strategic acquisitions targeted dedicated AI-security tooling this quarter — CrowdStrike (Pangea Security, $260M), SentinelOne (Observo AI at $225M and Prompt Security at undisclosed), F5 (CalypsoAI, $180M), Cato Networks (Aim Security, undisclosed), and Check Point (Lakera, undisclosed). The pattern signals that incumbent platforms are absorbing AI-defense capabilities rather than building them organically.
Second, public-market re-entry continued. Netskope's August listing marked the second cyber IPO of 2025, following SailPoint's February return to public markets in Q1. The two transactions, both in the SASE/identity-adjacent layer, suggest that public investors are willing to underwrite cyber platform stories at scale.
Third, GRC led the segment mix at high velocity. Sixteen GRC transactions placed the segment at the top of the funding distribution, reflecting enterprise demand for continuous-control automation, audit tooling, and AI-policy governance as organizations operationalize machine identities and AI workflows.
Finally, undisclosed M&A continued at meaningful scale. Of the 24 acquisitions, 14 came without disclosed prices, including strategic moves by Concentric AI (Swift Security, Acante), Darktrace (Mira Security), LevelBlue (Trustwave), Aikido Security (Trag), DigiCert (Valimail), Harness (Qwiet AI), and SecurityScorecard (HyperComply). The breadth of activity signals continued platform-building across GRC, network security, AppSec, and email security.

M&A Activity & Strategic Movement
Q3 2025 recorded 24 M&A transactions, the highest count of any quarter so far this year, with strategic activity weighted toward AI-security consolidation and platform-coverage expansion. The most notable transaction was Mitsubishi Electric's acquisition of Nozomi Networks for approximately $1B, the quarter's largest disclosed M&A transaction and a meaningful entry by a non-cyber industrial conglomerate into the OT and ICS security category.
Additional activity across the quarter reinforces this direction:
- CrowdStrike acquired Onum ($290M) and Pangea Security ($260M), extending the Falcon platform across observability/data pipeline and AI-security guardrails
- SentinelOne acquired Observo AI ($225M) and Prompt Security (undisclosed), reinforcing AI-driven detection and response across data and prompt-layer defense
- F5 and Cato Networks each acquired AI-security capabilities — CalypsoAI ($180M) and Aim Security (undisclosed) respectively — extending network and SASE platforms into AI-defense
- Accenture acquired CyberCX ($649M), materially expanding its cybersecurity services footprint across APAC and Europe
- Diginex, Axonius, Varonis, and Okta completed targeted acquisitions (Findings at $305M, Cynerio at $180M, SlashNext at $150M, and Axiom at $100M respectively) across GRC, IoT security, email security, and identity
- Check Point, Cato Networks, Harness, DigiCert, SecurityScorecard, and SentinelOne completed additional AI-security and platform tuck-ins (Lakera, Aim Security, Qwiet AI, Valimail, HyperComply, and Prompt Security) without disclosed pricing
Across these transactions, the dominant pattern is clear: AI-security has become a contested strategic category, with incumbent endpoint, network, and SASE platforms each absorbing dedicated AI-defense capabilities through targeted M&A rather than internal development.
Strategic-services consolidation accelerated alongside platform M&A, with Accenture's CyberCX acquisition and LevelBlue's Trustwave acquisition reshaping the upper tier of cyber services delivery.

Looking Ahead
Q3 2025 sets a clear direction for the closing quarter: AI-security is now a contested M&A category, GRC and AI/LLM segments lead early-stage formation, and public markets remain open for cyber platform stories.
We expect the following dynamics to continue into Q4 2025:
- AI-security consolidation will continue as incumbent platforms absorb capabilities, with endpoint, network, SASE, and email vendors each likely to pursue further dedicated AI-defense acquisitions
- GRC and AI/LLM categories will remain the highest-velocity early-stage segments, as enterprise demand for continuous-control automation and AI-policy governance continues to widen
- Strategic acquirers will continue testing platform-coverage models, with services-tier consolidation and adjacent-platform expansion both likely to persist alongside dedicated capability tuck-ins
From a go-to-market perspective, the implications are clear. Vendors competing in AI-security and GRC categories should expect both continued growth-capital availability and active strategic acquirer attention, with platform fit and measurable enterprise outcomes serving as the primary differentiators. The interplay between AI-driven capability buildout, growth-capital concentration, and strategic platform consolidation will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.
The full Q3 2025 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q3 2025 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
