January 2026 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full January 2026 dataset — every named company, round, investor, and segment.
What January told us
January opened the year with consolidation at the top of the stack. CrowdStrike acquired two companies in the same month — SGNL, an identity authorization platform, for a disclosed $740M, and Seraphic, an enterprise browser security vendor, for $420M — committing $1.16B of disclosed capital to fold identity governance and browser security into the Falcon platform. Acquiring across two adjacent control points in a single month is a deliberate platform move, not opportunism: it signals that the endpoint-born vendors now treat identity and the browser as the perimeter worth owning.
The funding side was top-heavy. January logged $1.30B in disclosed capital — more than three times the $409M of January last year — but the weight sat in a handful of large late-stage rounds rather than a broad base. Upwind raised $250M for cloud security with Bessemer leading, Claroty added $150M to its long-running OT/ICS trajectory, Torq took $140M into security automation, and Defense Unicorns raised $136M for defense-focused application security with Bain Capital leading. Fourteen of the month's 33 rounds were Seed or Series A; the dollars, though, concentrated in companies that have already proven a market.
Segment activity was broad rather than dominant — AppSec led with four transactions, GRC followed with three, and Cloud, Identity, Automation, and Supply Chain each registered two. Under the headline acquisitions, the picture is a platform layer maturing across several fronts at once.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Acquisition | 6 |
| Seed | 8 |
| Series A | 6 |
| Series B | 5 |
| Series C | 1 |
| Series D+ | 2 |
| Growth Funding | 1 |
| P/E Funding | 1 |
| Top segments | Transactions |
|---|---|
| AppSec | 4 |
| GRC | 3 |
| Cloud | 2 |
| Identity | 2 |
| Automation | 2 |
| Supply Chain | 2 |
Two deals worth your attention
CrowdStrike's dual acquisition of SGNL and Seraphic. In a single month CrowdStrike bought SGNL (identity authorization, $740M) and Seraphic (browser security, $420M) — $1.16B of disclosed M&A from one acquirer. The pairing extends Falcon past the endpoint into two of the fastest-moving control planes in security: who can access what, and where work actually happens. Expect the other platform vendors to be measured against the same two capabilities.
Upwind — $250M Series B led by Bessemer. Upwind's cloud security platform drew the largest funding round of the month, a $250M Series B that is larger than all of its prior rounds combined. The size of the raise — in a market where cloud security is increasingly contested by the platform incumbents — signals investor conviction that an independent cloud-native challenger can still reach escape velocity.
Companies we've covered before
SGNL first appeared in this series in October 2022 with a $12M seed round in identity, and again in February 2025 with a $30M Series A. Roughly three years from seed to a $740M exit, entirely within the identity segment — a clean illustration of how quickly an authorization-layer company can compound once the platform vendors decide the category is strategic.
Seraphic first appeared in January 2025 with a $29M Series A in browser security. Twelve months later it exits to CrowdStrike for $420M — one of the faster venture-to-acquisition arcs the series has tracked, and a sign of how quickly the enterprise-browser category is being absorbed into larger platforms.
Upwind has compounded steadily: a $28M seed in 2022, a $50M Series A in 2023, a $100M round in 2024, and now $250M in 2026 — each raise roughly doubling the last as its cloud security platform scaled.
The other 37 transactions are in the data feed — including the four acquisitions that closed without a disclosed price. Get January's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,700 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
