September 2025 Cyber Funding & M&A Brief

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

51 transactions
tracked across cybersecurity vendors in September 2025
$1.34B
in disclosed funding capital
40 funding rounds
— of which 29 were Seed or Series A
11 acquisitions — 5 with disclosed values totaling $1.82B

Get the full September 2025 dataset — every named company, round, investor, and segment.

What September told us

September 2025 returned to full volume — 51 transactions, the highest count of the year so far — and to full breadth across both private funding and M&A. Disclosed capital landed at $1.34B across 40 funding rounds, a 162% year-over-year increase, with the seed-and-Series-A share back at 73%. After the August slowdown, the venture market reopened with conviction.

AI/LLM cleared its strongest month in this series with 7 transactions — the segment's first month leading the top-six table — including two strategic acquisitions in the same segment: CrowdStrike's $260M purchase of Pangea Security and F5's $180M acquisition of CalypsoAI. Combined, AI/LLM has now produced more M&A events in 2025 than any emergent segment we've previously tracked at the same age, which is the cleanest signal yet that AI security is being absorbed into the major cyber platforms rather than building a standalone tier.

M&A volume reached 11 acquisitions, five with disclosed values totaling $1.82B. Mitsubishi Electric's $1B acquisition of Nozomi pulls OT/ICS security inside an industrial conglomerate — a strategic motion distinct from the platform-vendor M&A pattern, and possibly the start of a wave of industrial-buyer interest in cyber assets. SentinelOne paid $225M for Observo AI in data security; Varonis paid $150M for SlashNext in email security. The consolidation engine is now running across multiple buyer archetypes simultaneously: hyperscalers (Google), platform vendors (Palo Alto, CrowdStrike, SentinelOne, Varonis), and industrial OEMs (Mitsubishi Electric).

Stage and segment breakdown

September 2025 Stage & Segment Breakdown
September 2025 Stage & Segment Breakdown
StageCount
Seed14
Series A15
Series B2
Series C2
Series D+1
Growth Funding6
Acquisition11
Top segmentsTransactions
AI/LLM7
Identity5
GRC5
Data4
Fraud4
Email3

Two deals worth your attention

Mitsubishi Electric's $1B acquisition of Nozomi Networks. Mitsubishi Electric acquired OT/ICS security platform Nozomi Networks for approximately $1B. Nozomi had been the leading independent in industrial cyber since 2018 and one of the most-funded vendors in the segment; the exit to an industrial conglomerate rather than a cyber platform is the structurally interesting feature of the deal. Expect Schneider, Siemens, Honeywell, and Yokogawa to consider similar moves over the next 18 months.

ID.me — $340M Series D+ led by Ribbit Capital. ID.me raised $340M led by Ribbit Capital. This is ID.me's third appearance in this series and pushes the identity verification platform past $570M in cumulative disclosed capital. The size of the round, combined with the company's federal contract footprint, sets it up as a candidate for either an IPO or strategic acquisition in 2026.

Companies we've covered before

Nozomi first appeared in August 2021 with a $100M Series D+ round in industrial security (then classified IoT). Four years later — and two appearances in between — it exits to Mitsubishi Electric for $1B, the largest disclosed OT/ICS exit we've tracked.

Observo AI first appeared in February 2025 with a $15M Seed in Data security. Seven months later, it exits to SentinelOne for $225M — one of the fastest seed-to-acquisition arcs in the entire workbook.

CalypsoAI first appeared in June 2023 with a $23M Series A in AI/LLM. Twenty-seven months later, it exits to F5 for $180M — among the cleanest standalone AI-security exit arcs in the series.

The other 49 transactions are in the data feed — including the 11 acquisitions whose values never hit the press. Get September's details and more →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2025-10-05 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.