February 2026 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full February 2026 dataset — every named company, round, investor, and segment.
What February told us
February was an acquisition month. Nineteen cybersecurity vendors were acquired — nearly five times the four acquisitions of February last year — and the buyers were incumbents tightening their platforms. Check Point alone acquired three companies in the month: Cyata (identity), Cyclops (security ratings, a disclosed $85M), and Rotate (detection and response). Palo Alto Networks paid a disclosed $400M for Koi, the largest disclosed acquisition of the month, and Varonis added AllTrue.ai for $150M. Of the 19 deals, four carried disclosed values totaling $735M; the rest closed quietly.
If acquisitions were the volume story, governance was the funding story. GRC was the single most active segment of the month with 11 transactions, and the three largest funding rounds were all GRC plays at $75M each — FieldGuide (Series C, Goldman Sachs Alternatives), Bretton AI (Series B, Sapphire Ventures), and UpGuard (Series C). The clustering is not random: the compliance operating cost imposed by NIS2, DORA, and the EU AI Act keeps pulling capital toward automated control-mapping and continuous-assurance tooling. Total disclosed funding reached $1.02B across 42 rounds.
Beneath GRC, the segment spread stayed wide — Identity (9), Vulnerability (7), and Data and AppSec (6 each). Twenty-nine of the 42 rounds were Seed or Series A, with early-stage capital continuing to seed identity and AI-adjacent security in particular.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Acquisition | 19 |
| Seed | 14 |
| Series A | 15 |
| Series B | 4 |
| Series C | 5 |
| Series D+ | 1 |
| Top segments | Transactions |
|---|---|
| GRC | 11 |
| Identity | 9 |
| Vulnerability | 7 |
| Data | 6 |
| AppSec | 6 |
| Security Services | 3 |
Two deals worth your attention
Check Point's three acquisitions — Cyata, Cyclops, and Rotate. In one month Check Point bought an identity vendor (Cyata), a security-ratings platform (Cyclops, a disclosed $85M), and a detection-and-response vendor (Rotate). Three acquisitions across three segments in thirty days is a clear signal that the firewall-born incumbents are buying their way across the platform map rather than building it — and that mid-stage companies in identity, ratings, and detection are now acquisition targets as much as independent businesses.
FieldGuide — $75M Series C led by Goldman Sachs Alternatives. FieldGuide's audit-and-assurance automation platform took one of three $75M GRC rounds that led the month's funding. Goldman Sachs Alternatives leading a governance-tooling Series C — alongside comparable $75M raises for Bretton AI and UpGuard — marks GRC as the segment where growth capital was most willing to write large checks in February, even as the broader funding base stayed early-stage.
Companies we've covered before
Check Point has been one of the series' most consistent acquirers: Avanan (email security, 2021), Perimeter 81 (network security, 2023), Cyberint (threat intelligence, 2024), and Lakera (AI security, 2025) preceded February's three-deal month. The cadence has tightened — roughly one acquisition a year, then three in a single month — as the company races to assemble a full-stack platform.
Palo Alto Networks, February's largest acquirer with the $400M Koi deal, has followed a similar path: Expanse (2020), Cider Security (2022), Dig Security and Talon (2023), and Protect AI (2025). Koi extends a steady record of folding emerging capability into the platform — a pattern worth watching as the larger incumbents compete on breadth.
The other 59 transactions are in the data feed — including the 15 acquisitions that closed without a disclosed price. Get February's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,700 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
