January 2025 Cyber Funding & M&A Brief

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

37 transactions
tracked across cybersecurity vendors in January 2025
$409M
in disclosed funding capital
29 funding rounds
— of which 19 were Seed or Series A
8 acquisitions — 1 with disclosed value ($150M Tenable–Vulcan Cyber)

Get the full January 2025 dataset — every named company, round, investor, and segment.

What January told us

January 2025 opened the year with the cyber funding market in cautious-restart mode. Disclosed capital landed at $409M — about a third below January 2024's $608M — across 37 transactions, with 19 of the 29 funding rounds (66%) clearing at Seed or Series A. The signal here is not weakness; it is selectivity. Capital is moving, but it is concentrating in earlier rounds where investors can still set the price, and growth-stage checks are rationed to companies with visible enterprise traction.

Identity led the segment mix with 7 transactions, followed by AppSec (5) and Fraud (4) — the same triad that has dominated the series for three years running. The notable thread inside Identity this month: most of the named rounds skewed toward non-human identity, agent identity, or workload identity (Orchid Security's $36M Seed, Token Security and Clutch each raising $20M Series A), reflecting the operational reality that the identity attack surface has shifted from humans to machines faster than the budget categorization has.

M&A came in soft on the surface — 8 deals, only one disclosed — but the disclosed one matters. Tenable's $150M acquisition of Vulcan Cyber consolidates a vulnerability prioritization layer onto a vulnerability scanner, the kind of tuck-in that signals the exposure management category is finishing its second wave of consolidation. Expect more of these in 2025; the standalone risk-scoring vendors that emerged in 2021–2022 are running out of independent runway.

Stage and segment breakdown

January 2025 Stage & Segment Breakdown
January 2025 Stage & Segment Breakdown
StageCount
Seed13
Series A6
Series B4
Series C1
Growth Funding5
Acquisition8
Top segmentsTransactions
Identity7
AppSec5
Fraud4
Detection/Response3
Vulnerability3
Training2

Two deals worth your attention

Oligo Security — $50M Series B led by Greenfield Partners. Oligo's eBPF-based application runtime detection sits at the intersection of AppSec and Detection/Response — two of the month's top segments. The round was the single largest funding event of January and reflects continued investor appetite for runtime-layer telemetry that doesn't require code instrumentation.

Tenable's $150M acquisition of Vulcan Cyber. Tenable folds Vulcan's risk-based vulnerability remediation orchestration into its exposure management platform — the only disclosed M&A value of the month and a clear marker that pure-play vulnerability prioritization vendors are being absorbed into the larger exposure platforms rather than carving out independent destinies.

Companies we've covered before

Vulcan Cyber first appeared in March 2021 with a $21M Series B in Vulnerability. Four years later, it exits to Tenable for $150M — a textbook consolidation arc, with no segment drift along the way.

Eclypsium first appeared in October 2020 with a $13M Series A in Firmware Security. The company returns in January 2025 with a $45M Series C, still in the same segment — one of the cleaner long-arc Firmware Security stories in the workbook.

The other 35 transactions are in the data feed — including the 8 acquisitions whose values never hit the press. Get January's details and more →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2025-02-05 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.